Trojaner-Board - MalwareC lässt sich nciht aus der Registry löschen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - MalwareC lässt sich nciht aus der Registry löschen (https://www.trojaner-board.de/152237-malwarec-laesst-nciht-registry-loeschen.html)

MalwareC lässt sich nciht aus der Registry löschen

Hallo und Guten Morgen an Euch!

Vorab:

Betriebssystem: Windows 8 64bit
Virenscanner: AVAST

Ich habe ein Problem und habe mich massiv aufgeregt, nachdem ich wie ich dachte, ein "seriöses" Programm installierte, welches ein sehr bekanntes Unternehmen als Partner hat.

Das Programm war der Eltima SWF&FLV Player, welche Adobe als Partner hat.

Nun während der Installation schlug Avast merhmals an, da dieses Programm offenbar Toolbar/Search usw. installierte. Das Programm hab ich dann gelöscht und außerdem das andere per Systemsteuerung und Uninstall. Das war kein Problem.

Dann habe ich Avast durchlaufen lassen, keine Virenfunde. Hijackthis, keine seltsamen Programme. PC läuft schnell und ohne irgendwelchen Macken.

Dann habe ich Spybot Search&Destroy durchlaufen lassen. Dieser zeigte mir neben den obligatorischen Verfolger Cookies auch einen MalwareC Eintrag. Es ist ein Uninstall Eintrag.

Folgendes habe ich gemacht:

Da der Eintrag trotz Fix per Spybot noch da war, habe ich in der regedit nachgeschaut. Doch der ist dort nicht zu finden gewesen.

Die Adresse:

Code:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Ich habe zwar den Pfad gefunden, nicht aber den Zahlenordner im Ordner "Uninstall".

Meine Frage, wie kann ich diesen Eintrag aufspüren und endgültig löschen?

Probleme macht mein PC keine. Weder Geschwindigkeitseinbußen, noch irgendwelche anderen Dinge.

Eines muss ich noch erwähnen. AVAST hatte in letzter Zeit öfter "Fehlalarme". Es schlug an, nachdem ich dem Browserverlauf per East-Tec löschte. Als ich diese Dateien dann per VirusTotal scannte, war Avast der einzigste von 50, der was gefunden hatte.

Ich hoffe jemand kann mir helfen. :)

Vielen Dank im Vorraus!!!

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo, Danke für Deine Antwort! :)

Ich habe meinen Namen rausgenommen aus dem ScanLogs, da der bei einigen Dateinpfaden /Users war, deswegen die xxx an der Stelle. Nur den Namen NIX weiter!

Hier die Logs:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)

Ran by xxx (administrator) on RK on 09-04-2014 14:22:00

Running from C:\Users\xxx\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(East-Tec) C:\Program Files (x86)\east-tec Eraser\etSCHService.exe

(East-Tec) C:\Program Files (x86)\east-tec Eraser\etUpdateService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

() C:\Program Files\Plantronics\GameCom780\GameCom780.exe

(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe

() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

(East-Tec) C:\Program Files (x86)\east-tec Eraser\etSCHAgent.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe

(The OpenVPN Project) C:\Program Files\CyberGhost 5\Data\OpenVPN\openvpn.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)

HKLM\...\Run: [GamecomSound] - C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-03-22] ()

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)

HKLM-x32\...\Run: [Corel Photo Downloader] - C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [532808 2008-08-08] (Corel, Inc.)

HKLM-x32\...\Run: [Corel File Shell Monitor] - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2008-08-08] ()

HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-02] (AVAST Software)

HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)

HKLM-x32\...\Run: [East-Tec east-tec Eraser Scheduler Agent] - C:\Program Files (x86)\east-tec Eraser\etSCHAgent.exe [2056808 2013-11-07] (East-Tec)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-2063673603-3414738109-2467670472-1002\...\Run: [CyberGhost] - C:\Program Files\CyberGhost 5\CyberGhost.exe [358000 2014-01-16] (CyberGhost S.R.L.)
 

==================== Internet (Whitelisted) ====================
 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:51217;https=127.0.0.1:51217

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.amaizingsearches.info/?pid=1811&r=2014/04/08&hid=14292020199927712144&lg=EN&cc=RO&unqvl=51

SearchScopes: HKLM - DefaultScope {D04A03A6-DF03-4563-A58A-540F95DAA472} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS

SearchScopes: HKLM - {D04A03A6-DF03-4563-A58A-540F95DAA472} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS

SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=1811&r=2014/04/08&hid=14292020199927712144&lg=EN&cc=RO&unqvl=51

SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=1811&r=2014/04/08&hid=14292020199927712144&lg=EN&cc=RO&unqvl=51

SearchScopes: HKLM-x32 - {D04A03A6-DF03-4563-A58A-540F95DAA472} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS

SearchScopes: HKCU - DefaultScope {D04A03A6-DF03-4563-A58A-540F95DAA472} URL = 

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 95.169.183.219 89.41.60.38 37.221.175.198

Tcpip\..\Interfaces\{3202A45F-D2B8-4D09-816E-6866133DF2C0}: [NameServer]89.41.60.38,95.169.183.219

Tcpip\..\Interfaces\{94C31E32-0C95-4217-98E3-37B96B140963}: [NameServer]89.41.60.38,95.169.183.219
 

FireFox:

========

FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default

FF SearchEngineOrder.1: WebSearch

FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");

FF Homepage: hxxp://www.google.com

FF Keyword.URL: hxxp://websearch.amaizingsearches.info/?pid=1811&r=2014/04/08&hid=14292020199927712144&lg=EN&cc=RO&unqvl=51&l=1&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: NoScript - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-14]

FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-14]

FF Extension: Greasemonkey - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-06-15]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-14]
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR Extension: (SNT) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aojhnnjblmapnmgjghgobkneikiehijg [2014-04-08]

CHR Extension: (YoutubeAdblocker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedamjokbfmadpbehnhfbamfmeocfgao [2014-04-08]

CHR Extension: (Safeweb) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhehgkgnpnlceaapjchnanicmapgndj [2014-04-08]

CHR Extension: (Browse Save Win) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2014-04-08]
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-02] (AVAST Software)

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)

R2 QSetSchedulerService; C:\Program Files (x86)\east-tec Eraser\etSCHService.exe [2424936 2013-11-07] (East-Tec)

R2 QSetUpdateService; C:\Program Files (x86)\east-tec Eraser\etUpdateService.exe [2271336 2013-11-07] (East-Tec)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-02] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-02] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-02] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-02] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-02] (AVAST Software)

R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-02] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-02] ()

S2 hidedir; C:\Windows\SysWOW64\drivers\hidedir.sys [8704 2007-02-12] ()

R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

R3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)

R3 vdisk; C:\Windows\System32\drivers\vdisk.sys [81056 2010-05-19] ()

S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\SYSPREP\OA30\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-09 14:22 - 2014-04-09 14:22 - 00015073 _____ () C:\Users\xxx\Desktop\FRST.txt

2014-04-09 14:21 - 2014-04-09 14:22 - 00000000 ____D () C:\FRST

2014-04-09 14:20 - 2014-04-09 14:20 - 02157056 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe

2014-04-08 23:40 - 2014-04-09 00:00 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Eltima Software

2014-04-08 23:40 - 2014-04-08 23:43 - 00000000 ____D () C:\ProgramData\SNT

2014-04-08 23:40 - 2014-04-08 23:40 - 00000000 ____D () C:\ProgramData\Eltima Software

2014-04-08 23:40 - 2014-04-08 23:40 - 00000000 ____D () C:\Program Files (x86)\SNT

2014-04-08 23:39 - 2014-04-09 00:23 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker

2014-04-08 23:39 - 2014-04-08 23:59 - 00000000 ____D () C:\ProgramData\dad8f7a411806aea

2014-04-08 23:39 - 2014-04-08 23:43 - 00000000 ____D () C:\ProgramData\sAfeweb

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\xxx\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\xxx\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Program Files (x86)\sAfeweb

2014-04-08 23:38 - 2014-04-08 23:40 - 00000000 ____D () C:\ProgramData\InstallMate

2014-04-08 18:38 - 2014-04-08 18:39 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-04-08 18:38 - 2014-04-08 18:38 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\PDAppFlex

2014-04-08 18:06 - 2014-04-08 18:06 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-02 02:52 - 2014-04-02 02:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-03-27 23:56 - 2014-03-27 23:56 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ____D () C:\Users\xxx\AppData\Local\Skype

2014-03-19 16:15 - 2014-03-19 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

2014-04-09 14:22 - 2014-04-09 14:22 - 00015073 _____ () C:\Users\xxx\Desktop\FRST.txt

2014-04-09 14:22 - 2014-04-09 14:21 - 00000000 ____D () C:\FRST

2014-04-09 14:20 - 2014-04-09 14:20 - 02157056 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe

2014-04-09 14:20 - 2013-06-14 12:11 - 01620534 _____ () C:\Windows\WindowsUpdate.log

2014-04-09 14:00 - 2014-01-31 19:10 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-09 04:26 - 2014-01-31 19:10 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-09 04:03 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-04-09 03:43 - 2012-07-26 12:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat

2014-04-09 03:43 - 2012-07-26 12:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat

2014-04-09 03:43 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-09 03:36 - 2013-06-14 17:12 - 07110656 ___SH () C:\Users\xxx\Desktop\Thumbs.db

2014-04-09 03:36 - 2013-04-18 05:02 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-04-09 03:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-09 01:51 - 2013-06-24 16:43 - 00010874 _____ () C:\Users\xxx\Desktop\Neues Textdokument.txt

2014-04-09 00:23 - 2014-04-08 23:39 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker

2014-04-09 00:12 - 2013-11-11 15:25 - 00000145 _____ () C:\Windows\etGlobalInfo.txt

2014-04-09 00:12 - 2013-11-11 15:21 - 00002942 _____ () C:\Windows\System32\Tasks\{2B3E483C-6661-4E04-8FF4-C7FCE7D864BE}

2014-04-09 00:12 - 2013-11-11 15:21 - 00002928 _____ () C:\Windows\System32\Tasks\{2B3E483C-6661-4E04-8FF4-C7FCE7D864AE}

2014-04-09 00:09 - 2013-06-14 17:12 - 00000000 ____D () C:\Users\xxx\Desktop\BlaBla

2014-04-09 00:00 - 2014-04-08 23:40 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Eltima Software

2014-04-08 23:59 - 2014-04-08 23:39 - 00000000 ____D () C:\ProgramData\dad8f7a411806aea

2014-04-08 23:43 - 2014-04-08 23:40 - 00000000 ____D () C:\ProgramData\SNT

2014-04-08 23:43 - 2014-04-08 23:39 - 00000000 ____D () C:\ProgramData\sAfeweb

2014-04-08 23:43 - 2013-04-18 04:56 - 00118028 _____ () C:\Windows\PFRO.log

2014-04-08 23:43 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-04-08 23:41 - 2013-06-14 12:35 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Skype

2014-04-08 23:40 - 2014-04-08 23:40 - 00000000 ____D () C:\ProgramData\Eltima Software

2014-04-08 23:40 - 2014-04-08 23:40 - 00000000 ____D () C:\Program Files (x86)\SNT

2014-04-08 23:40 - 2014-04-08 23:38 - 00000000 ____D () C:\ProgramData\InstallMate

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\xxx\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\xxx\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Program Files (x86)\sAfeweb

2014-04-08 23:39 - 2014-01-31 19:10 - 00000000 ____D () C:\Users\xxx\AppData\Local\Google

2014-04-08 23:30 - 2013-06-14 18:21 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\vlc

2014-04-08 22:50 - 2013-06-14 16:05 - 00000000 ____D () C:\Users\xxx\Documents\Vegas Movie Studio HD Platinum 10.0 Projekte

2014-04-08 19:01 - 2013-06-14 12:12 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Adobe

2014-04-08 19:01 - 2013-04-18 05:09 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-08 19:00 - 2013-04-18 05:09 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-04-08 18:39 - 2014-04-08 18:38 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-04-08 18:38 - 2014-04-08 18:38 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\PDAppFlex

2014-04-08 18:38 - 2013-06-14 14:47 - 00000000 ____D () C:\Users\xxx\AppData\Local\Adobe

2014-04-08 18:06 - 2014-04-08 18:06 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-04 18:41 - 2013-11-14 15:42 - 00000000 ____D () C:\Program Files (x86)\east-tec InvisibleSecrets

2014-04-02 02:52 - 2014-04-02 02:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-04-02 02:52 - 2014-01-01 18:07 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-04-02 02:52 - 2013-06-14 12:27 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-04-02 02:52 - 2013-06-14 12:27 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-04-02 02:22 - 2013-11-14 17:06 - 00003308 _____ () C:\Windows\System32\Tasks\{995C167A-3E0F-4C93-9F4E-25AFC941B571}

2014-04-01 13:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-03-30 14:21 - 2014-01-31 19:10 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-30 14:21 - 2014-01-31 19:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-28 16:41 - 2014-02-24 16:57 - 00004941 _____ () C:\Users\xxx\Desktop\Nachrichten.txt

2014-03-27 23:56 - 2014-03-27 23:56 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ____D () C:\Users\xxx\AppData\Local\Skype

2014-03-27 23:56 - 2013-06-14 12:35 - 00000000 ____D () C:\ProgramData\Skype

2014-03-26 03:26 - 2013-06-14 12:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-03-19 16:15 - 2014-03-19 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-11 17:58 - 2013-06-14 16:45 - 00000000 ____D () C:\Users\xxx\AppData\Local\Corel
 

Some content of TEMP:

====================

C:\Users\xxx\AppData\Local\Temp\swf_flv_player_orig.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-07 16:06
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition Logfile

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014

Ran by xxx at 2014-04-09 14:22:21

Running from C:\Users\xxx\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 

==================== Installed Programs ======================
 

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)

avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2016 - Avast Software)

Brother P-touch Address Book 1.1 (HKLM-x32\...\{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.2201 - Brother Industries, Ltd.)

Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2300 - Brother Industries, Ltd.)

Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{42EDF895-158C-484E-A7F2-42B90759F281}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)

CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )

Canon SELPHY CP810 (HKLM\...\Canon SELPHY CP810) (Version:  - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )

CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version:  - Canon Inc.)

Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0000 - Corel Corporation)

CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)

CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

east-tec Eraser Version 11.0 (HKLM-x32\...\east-tec Eraser 2014_is1) (Version: 11.0.6.100 - East-Tec)

east-tec InvisibleSecrets 4 (HKLM-x32\...\east-tec InvisibleSecrets 4) (Version: 4.8 - East-Tec)

east-tec SafeBit 2 (HKLM-x32\...\east-tec SafeBit 2) (Version:  - )

EPSON Easy Photo Print (HKLM-x32\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)

EPSON File Manager (HKLM-x32\...\{46CBBDF8-55B5-40DB-B459-7B848394309C}) (Version: 1.3.1.0 - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )

EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )

EPSON Stylus SX200_SX400_TX200_TX400 Handbuch (HKLM-x32\...\EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch) (Version:  - )

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)

Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)

LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden

LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden

LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden

LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden

LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden

LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden

LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden

LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden

LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden

LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Corporation (Version: 11.0.50727.0 - Microsoft Corporation) Hidden

Microsoft Corporation (x32 Version: 11.0.50727.0 - Microsoft Corporation) Hidden

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)

NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden

NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden

OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)

Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Plantronics® GameCom 780 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.00.0001 - Plantronics)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)

Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

TubeHunter Ultra 4.31 (HKLM-x32\...\{AAA4C7D4-9EB0-41EC-A3C9-63C120C43508}_is1) (Version:  - Neoretix Laboratory)

Unreal Tournament 3 (HKCU\...\InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games)

Unreal Tournament 3 (x32 Version: 1.00.0000 - Epic Games) Hidden

Vegas Movie Studio HD Platinum 10.0 (HKLM-x32\...\{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}) (Version: 10.0.179 - Sony)

VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)

Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 

==================== Restore Points  =========================
 

21-03-2014 13:46:08 Geplanter Prüfpunkt

30-03-2014 12:59:59 Geplanter Prüfpunkt

02-04-2014 00:51:42 avast! antivirus system restore point

08-04-2014 16:06:35 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
 

==================== Hosts content: ==========================
 

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0EC6EE42-23E0-4D9E-9B69-518B74192DAF} - System32\Tasks\{2B3E483C-6661-4E04-8FF4-C7FCE7D864BE} => C:\Program Files (x86)\east-tec Eraser\etUpdateMonitor.exe [2013-11-07] (East-Tec)

Task: {10BE7141-EC7B-48D7-8573-29A74F74B4E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {1C86AA53-334C-4464-B19B-2D15C4462264} - System32\Tasks\{9ACD4179-9466-4AA8-920C-1B3FFB3FBF2F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2D4C4BE0-3C81-42AC-9C19-ECB538FBDD85} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: {34216201-A2B0-470E-9CBC-47E69E299461} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {3D84CE69-B70C-4741-A7E7-CA5C115E5EB0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {5CDCA0A2-179D-462B-A42B-BB92DE5F20FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)

Task: {6C6ABE3E-5A13-4D23-9861-FE0773B3AC25} - System32\Tasks\{995C167A-3E0F-4C93-9F4E-25AFC941B571} => C:\Program Files (x86)\east-tec Eraser\RestartMan.exe [2014-02-04] (East-Tec)

Task: {949D17C5-8DF0-454F-A43E-C47F1D7F70CD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-02] (AVAST Software)

Task: {A295CDB8-B202-411F-ADB3-5E69BEC50797} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {C2AD03B6-9635-40BB-8E99-FF273BD758C6} - System32\Tasks\{70CB2012-40B4-4674-9899-1C6844300A0C} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.5.0.158&amp;LastError=12002

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {F607C632-C778-42B5-9748-428823B9FFD3} - System32\Tasks\{2B3E483C-6661-4E04-8FF4-C7FCE7D864AE} => C:\Program Files (x86)\east-tec Eraser\etEraser.exe [2014-02-04] (East-Tec)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-06-14 13:30 - 2010-04-05 21:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

2013-06-14 15:04 - 2013-03-22 10:56 - 00776480 ____N () C:\Program Files\Plantronics\GameCom780\GameCom780.exe

2013-12-21 00:58 - 2014-01-06 13:14 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll

2008-08-08 17:30 - 2008-08-08 17:30 - 00016712 ____R () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

2014-04-08 23:41 - 2014-04-08 23:41 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040802\algo.dll

2013-06-14 16:55 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2013-06-14 16:55 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2013-06-14 16:55 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2013-06-14 16:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2013-06-14 16:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2013-04-18 05:01 - 2012-07-18 20:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

2013-06-14 15:04 - 2013-03-22 10:56 - 00149792 ____N () C:\Program Files\Plantronics\GameCom780\VmixPLGC.dll

2013-10-24 22:32 - 2013-10-24 22:32 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll

2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll

2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll

2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll

2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

2013-12-21 00:58 - 2013-08-22 16:10 - 00161992 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\liblzo2-2.dll

2013-12-21 00:58 - 2013-08-22 16:10 - 00107720 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\libpkcs11-helper-1.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\TEMP:1B4D9DFB

AlternateDataStreams: C:\ProgramData\TEMP:AC64BB05

AlternateDataStreams: C:\ProgramData\TEMP:E04BDBD2
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/26/2014 03:26:32 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000000000

ID des fehlerhaften Prozesses: 0x8c8

Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0

Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1

Pfad des fehlerhaften Moduls: svchost.exe_stisvc2

Berichtskennung: svchost.exe_stisvc3

Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5
 

Error: (02/19/2014 05:56:41 PM) (Source: Application Hang) (User: )

Description: Programm explorer.exe, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: f14
 

Startzeit: 01cf2d8b17d1a485
 

Endzeit: 2117
 

Anwendungspfad: C:\Windows\explorer.exe
 

Berichts-ID: 66aca45a-997e-11e3-be9a-08606eda5abe
 

Vollständiger Name des fehlerhaften Pakets: 
 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
 

Error: (02/19/2014 05:56:07 PM) (Source: Application Hang) (User: )

Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1c10
 

Startzeit: 01cf2d72a86b9082
 

Endzeit: 3650
 

Anwendungspfad: C:\Windows\Explorer.EXE
 

Berichts-ID: 3e66dd3a-997e-11e3-be9a-08606eda5abe
 

Vollständiger Name des fehlerhaften Pakets: 
 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
 

Error: (02/06/2014 00:03:36 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: icq.exe, Version: 8.2.6901.0, Zeitstempel: 0x52bd6bee

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x07009c37

ID des fehlerhaften Prozesses: 0x1820

Startzeit der fehlerhaften Anwendung: 0xicq.exe0

Pfad der fehlerhaften Anwendung: icq.exe1

Pfad des fehlerhaften Moduls: icq.exe2

Berichtskennung: icq.exe3

Vollständiger Name des fehlerhaften Pakets: icq.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: icq.exe5
 

Error: (02/06/2014 00:03:23 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: icq.exe, Version: 8.2.6901.0, Zeitstempel: 0x52bd6bee

Name des fehlerhaften Moduls: ieframe.dll, Version: 10.0.9200.16750, Zeitstempel: 0x5269ca9c

Ausnahmecode: 0xc0000005

Fehleroffset: 0x000624c5

ID des fehlerhaften Prozesses: 0xff8

Startzeit der fehlerhaften Anwendung: 0xicq.exe0

Pfad der fehlerhaften Anwendung: icq.exe1

Pfad des fehlerhaften Moduls: icq.exe2

Berichtskennung: icq.exe3

Vollständiger Name des fehlerhaften Pakets: icq.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: icq.exe5
 

Error: (01/26/2014 03:16:55 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: icq.exe, Version: 8.2.6901.0, Zeitstempel: 0x52bd6bee

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x09010c9f

ID des fehlerhaften Prozesses: 0x10f4

Startzeit der fehlerhaften Anwendung: 0xicq.exe0

Pfad der fehlerhaften Anwendung: icq.exe1

Pfad des fehlerhaften Moduls: icq.exe2

Berichtskennung: icq.exe3

Vollständiger Name des fehlerhaften Pakets: icq.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: icq.exe5
 

Error: (01/26/2014 00:18:39 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: icq_69rfrset.exe, Version: 8.2.6901.0, Zeitstempel: 0x52bd6d1b

Name des fehlerhaften Moduls: icq_69rfrset.exe, Version: 8.2.6901.0, Zeitstempel: 0x52bd6d1b

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00043af0

ID des fehlerhaften Prozesses: 0xbc4

Startzeit der fehlerhaften Anwendung: 0xicq_69rfrset.exe0

Pfad der fehlerhaften Anwendung: icq_69rfrset.exe1

Pfad des fehlerhaften Moduls: icq_69rfrset.exe2

Berichtskennung: icq_69rfrset.exe3

Vollständiger Name des fehlerhaften Pakets: icq_69rfrset.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: icq_69rfrset.exe5
 

Error: (01/16/2014 03:05:50 AM) (Source: Application Hang) (User: )

Description: Programm FlashPlayerPlugin_11_9_900_170.exe, Version 11.9.900.170 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 26d4
 

Startzeit: 01cf1253e53cfecc
 

Endzeit: 9
 

Anwendungspfad: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
 

Berichts-ID: 553dbe90-7e4a-11e3-be95-08606eda5abe
 

Vollständiger Name des fehlerhaften Pakets: 
 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
 

Error: (01/05/2014 04:06:02 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: icq.exe, Version: 8.2.6901.0, Zeitstempel: 0x52bd6bee

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x05f6a6f8

ID des fehlerhaften Prozesses: 0x968

Startzeit der fehlerhaften Anwendung: 0xicq.exe0

Pfad der fehlerhaften Anwendung: icq.exe1

Pfad des fehlerhaften Moduls: icq.exe2

Berichtskennung: icq.exe3

Vollständiger Name des fehlerhaften Pakets: icq.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: icq.exe5
 

Error: (01/05/2014 03:32:38 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: icq.exe, Version: 8.2.6901.0, Zeitstempel: 0x52bd6bee

Name des fehlerhaften Moduls: ieframe.dll, Version: 10.0.9200.16750, Zeitstempel: 0x5269ca9c

Ausnahmecode: 0xc0000005

Fehleroffset: 0x000624c5

ID des fehlerhaften Prozesses: 0xdac

Startzeit der fehlerhaften Anwendung: 0xicq.exe0

Pfad der fehlerhaften Anwendung: icq.exe1

Pfad des fehlerhaften Moduls: icq.exe2

Berichtskennung: icq.exe3

Vollständiger Name des fehlerhaften Pakets: icq.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: icq.exe5
 
 

System errors:

=============

Error: (04/09/2014 03:36:56 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "hidedir" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (04/09/2014 03:36:56 AM) (Source: Application Popup) (User: )

Description: \??\C:\Windows\SysWow64\drivers\hidedir.sys
 

Error: (04/09/2014 03:36:51 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)

Description: 0xc000014d0
 

Error: (04/09/2014 00:23:38 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "hidedir" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (04/09/2014 00:23:38 AM) (Source: Application Popup) (User: )

Description: \??\C:\Windows\SysWow64\drivers\hidedir.sys
 

Error: (04/09/2014 00:23:33 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)

Description: 0xc000014d0
 

Error: (04/08/2014 11:43:42 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "hidedir" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (04/08/2014 11:43:42 PM) (Source: Application Popup) (User: )

Description: \??\C:\Windows\SysWow64\drivers\hidedir.sys
 

Error: (04/08/2014 11:43:36 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)

Description: 0xc000014d0
 

Error: (04/08/2014 10:42:02 PM) (Source: Service Control Manager) (User: )

Description: Dienst "CyberGhost VPN 5 Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
 

Microsoft Office Sessions:

=========================

Error: (03/26/2014 03:26:32 AM) (Source: Application Error)(User: )

Description: svchost.exe_stisvc6.2.9200.16420505a9a4eunknown0.0.0.000000000c000000500000000000000008c801cf489260a7929cC:\Windows\system32\svchost.exeunknowna941b4ef-b485-11e3-be9e-08606eda5abe
 

Error: (02/19/2014 05:56:41 PM) (Source: Application Hang)(User: )

Description: explorer.exe6.2.9200.16628f1401cf2d8b17d1a4852117C:\Windows\explorer.exe66aca45a-997e-11e3-be9a-08606eda5abe
 

Error: (02/19/2014 05:56:07 PM) (Source: Application Hang)(User: )

Description: Explorer.EXE6.2.9200.166281c1001cf2d72a86b90823650C:\Windows\Explorer.EXE3e66dd3a-997e-11e3-be9a-08606eda5abe
 

Error: (02/06/2014 00:03:36 AM) (Source: Application Error)(User: )

Description: icq.exe8.2.6901.052bd6beeunknown0.0.0.000000000c000000507009c37182001cf22be198f9dc5C:\Users\xxx\AppData\Roaming\ICQM\icq.exeunknown5c315055-8eb1-11e3-be97-08606eda5abe
 

Error: (02/06/2014 00:03:23 AM) (Source: Application Error)(User: )

Description: icq.exe8.2.6901.052bd6beeieframe.dll10.0.9200.167505269ca9cc0000005000624c5ff801cf22bdcb847e3dC:\Users\xxx\AppData\Roaming\ICQM\icq.exeC:\Windows\SYSTEM32\ieframe.dll53f406a1-8eb1-11e3-be97-08606eda5abe
 

Error: (01/26/2014 03:16:55 PM) (Source: Application Error)(User: )

Description: icq.exe8.2.6901.052bd6beeunknown0.0.0.000000000c000000509010c9f10f401cf1a98dc20ad45C:\Users\xxx\AppData\Roaming\ICQM\icq.exeunknown2045f327-868c-11e3-be95-08606eda5abe
 

Error: (01/26/2014 00:18:39 AM) (Source: Application Error)(User: )

Description: icq_69rfrset.exe8.2.6901.052bd6d1bicq_69rfrset.exe8.2.6901.052bd6d1bc000000500043af0bc401cf1a1b608bcc55C:\Users\xxx\Desktop\icq_69rfrset.exeC:\Users\xxx\Desktop\icq_69rfrset.exea38c79fe-860e-11e3-be95-08606eda5abe
 

Error: (01/16/2014 03:05:50 AM) (Source: Application Hang)(User: )

Description: FlashPlayerPlugin_11_9_900_170.exe11.9.900.17026d401cf1253e53cfecc9C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe553dbe90-7e4a-11e3-be95-08606eda5abe
 

Error: (01/05/2014 04:06:02 PM) (Source: Application Error)(User: )

Description: icq.exe8.2.6901.052bd6beeunknown0.0.0.000000000c000000505f6a6f896801cf0a1f3d2942b0C:\Users\xxx\AppData\Roaming\ICQM\icq.exeunknown81ed5b8f-7612-11e3-be95-08606eda5abe
 

Error: (01/05/2014 03:32:38 PM) (Source: Application Error)(User: )

Description: icq.exe8.2.6901.052bd6beeieframe.dll10.0.9200.167505269ca9cc0000005000624c5dac01cf0a1a932668faC:\Users\xxx\AppData\Roaming\ICQM\icq.exeC:\Windows\SYSTEM32\ieframe.dlld75a25f5-760d-11e3-be95-08606eda5abe
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 15%

Total physical RAM: 8139.29 MB

Available physical RAM: 6855.79 MB

Total Pagefile: 9355.29 MB

Available Pagefile: 7951.29 MB

Total Virtual: 8192 MB

Available Virtual: 8191.76 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:111.41 GB) (Free:68.29 GB) NTFS

Drive d: () (Fixed) (Total:1862.89 GB) (Free:1852.44 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 1 (Size: 112 GB) (Disk ID: 442F4CB9)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:51217;https=127.0.0.1:51217

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo schrauber, ein weiteres Danke! :)

Hier die Logs (Mein Name wie zuvor durch xxx ersetzt):

Fixlog.txt:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by xxx at 2014-04-10 13:58:06 Run:1

Running from C:\Users\xxx\Desktop

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:51217;https=127.0.0.1:51217

*****************
 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
 

==== End of Fixlog ====

mbam.txt:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 10.04.2014

Suchlauf-Zeit: 14:11:32

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.1.1004

Malware Datenbank: v2014.04.10.04

Rootkit Datenbank: v2014.03.27.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Chameleon: Deaktiviert
 

Betriebssystem: Windows 8

CPU: x64

Dateisystem: NTFS

Benutzer: xxx
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 289225

Verstrichene Zeit: 7 Min, 7 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Shuriken: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 1

PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://websearch.amaizingsearches.info/?pid=1811&r=2014/04/08&hid=14292020199927712144&lg=EN&cc=RO&unqvl=51, Gut: (hxxp://www.google.com), Schlecht: (hxxp://websearch.amaizingsearches.info/?pid=1811&r=2014/04/08&hid=14292020199927712144&lg=EN&cc=RO&unqvl=51),Ersetzt,[8e7203fdd62a8f71d29d7f9373917888]
 

Ordner: 2

PUP.Optional.Multiplug, C:\Program Files (x86)\YoutubeAdblocker, In Quarantäne, [bd4305fbe41cc33dd0beb1a938ca20e0], 

PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker, In Quarantäne, [51aff30df40cec14b9efc6966b97916f], 
 

Dateien: 2

PUP.Optional.AmaizingSearches.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://websearch.amaizingsearches.info/?pid=1811&r=2014/04/08&hid=14292020199927712144&lg=EN&cc=RO&unqvl=51&l=1&q=");), Ersetzt,[1de3fe02ca360df36df077cf8183a858]

PUP.Optional.AmaizingSearches.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://websearch.amaizingsearches.info/?pid=1811&r=2014/04/08&hid=14292020199927712144&lg=EN&cc=RO&unqvl=51&l=1&q=");), Ersetzt,[629eb8489868956b663d1b2c0103926e]
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

AdwCleaner[S0].txt:

Code:

# AdwCleaner v3.023 - Bericht erstellt am 10/04/2014 um 14:21:51

# Aktualisiert 01/04/2014 von Xplode

# Betriebssystem : Windows 8  (64 bits)

# Benutzername : xxx - xxx

# Gestartet von : C:\Users\xxx\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\SNT

Ordner Gelöscht : C:\Program Files (x86)\SNT

Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\torch

Ordner Gelöscht : C:\Users\xxx\AppData\Local\torch
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16537
 
 

-\\ Mozilla Firefox v28.0 (de)
 

[ Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.amaizingsearches.info/?pid=1811&r=2014/04/08&hid=14292020199927712144&lg=EN&cc=RO&unqvl=51&l=1&q=");

Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");

Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");

Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");

Zeile gelöscht : user_pref("extensions.9VzotjY.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sum[...]

Zeile gelöscht : user_pref("extensions.XrJ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorob[...]

Zeile gelöscht : user_pref("extensions.xR04fZqyiUqZ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf([...]

Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.amaizingsearches.info/?pid=1811&r=2014/04/08&hid=14292020199927712144&lg=EN&cc=RO&unqvl=51&l=1&q=");
 

*************************
 

AdwCleaner[R0].txt - [3605 octets] - [10/04/2014 14:19:51]

AdwCleaner[S0].txt - [3526 octets] - [10/04/2014 14:21:51]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3586 octets] ##########

JRT.txt:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8 x64

Ran by xxx on 10.04.2014 at 14:30:14,12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted the following from C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\is4yaikm.default\prefs.js
 

user_pref("extensions.xR04fZqyiUqZ.url", "hxxp://proxy5-jpi.info/sync2/?q=hfZ9ofV9CShEAen0rjYFrihTB6lKDzt4okmxtNtVh7n0rjnEqda5rTwHpjwHtMFHhd9Fqda9rdYGrjnGqdnMDMlGojUMAe4Uojw4p

Emptied folder: C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\is4yaikm.default\minidumps [42 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 10.04.2014 at 14:34:39,37

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Log:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)

Ran by xxx (administrator) on RK on 10-04-2014 14:38:03

Running from C:\Users\xxx\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(East-Tec) C:\Program Files (x86)\east-tec Eraser\etSCHService.exe

(East-Tec) C:\Program Files (x86)\east-tec Eraser\etUpdateService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe

(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

() C:\Program Files\Plantronics\GameCom780\GameCom780.exe

(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe

() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

(East-Tec) C:\Program Files (x86)\east-tec Eraser\etSCHAgent.exe

(Microsoft Corporation) C:\Windows\system32\msiexec.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)

HKLM\...\Run: [GamecomSound] - C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-03-22] ()

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)

HKLM-x32\...\Run: [Corel Photo Downloader] - C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [532808 2008-08-08] (Corel, Inc.)

HKLM-x32\...\Run: [Corel File Shell Monitor] - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2008-08-08] ()

HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-02] (AVAST Software)

HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)

HKLM-x32\...\Run: [East-Tec east-tec Eraser Scheduler Agent] - C:\Program Files (x86)\east-tec Eraser\etSCHAgent.exe [2056808 2013-11-07] (East-Tec)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-2063673603-3414738109-2467670472-1002\...\Run: [CyberGhost] - C:\Program Files\CyberGhost 5\CyberGhost.exe [358000 2014-01-16] (CyberGhost S.R.L.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com

SearchScopes: HKLM - DefaultScope {D04A03A6-DF03-4563-A58A-540F95DAA472} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS

SearchScopes: HKLM - {D04A03A6-DF03-4563-A58A-540F95DAA472} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS

SearchScopes: HKLM-x32 - {D04A03A6-DF03-4563-A58A-540F95DAA472} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default

FF Homepage: hxxp://www.google.com

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: NoScript - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-14]

FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-14]

FF Extension: Greasemonkey - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-06-15]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-14]
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR Extension: (SNT) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aojhnnjblmapnmgjghgobkneikiehijg [2014-04-08]

CHR Extension: (YoutubeAdblocker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedamjokbfmadpbehnhfbamfmeocfgao [2014-04-08]

CHR Extension: (Safeweb) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhehgkgnpnlceaapjchnanicmapgndj [2014-04-08]

CHR Extension: (Browse Save Win) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2014-04-08]
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-02] (AVAST Software)

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)

S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)

R2 QSetSchedulerService; C:\Program Files (x86)\east-tec Eraser\etSCHService.exe [2424936 2013-11-07] (East-Tec)

R2 QSetUpdateService; C:\Program Files (x86)\east-tec Eraser\etUpdateService.exe [2271336 2013-11-07] (East-Tec)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-02] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-02] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-02] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-02] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-02] (AVAST Software)

R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-02] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-02] ()

S2 hidedir; C:\Windows\SysWOW64\drivers\hidedir.sys [8704 2007-02-12] ()

R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

R3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)

R3 vdisk; C:\Windows\System32\drivers\vdisk.sys [81056 2010-05-19] ()

S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\SYSPREP\OA30\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-10 14:38 - 2014-04-10 14:38 - 00013427 _____ () C:\Users\xxx\Desktop\FRST.txt
 

2014-04-10 14:34 - 2014-04-10 14:34 - 00001052 _____ () C:\Users\xxx\Desktop\JRT.txt

2014-04-10 14:30 - 2014-04-10 14:30 - 00000000 ____D () C:\Windows\ERUNT

2014-04-10 14:27 - 2014-04-10 14:27 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe

2014-04-10 14:26 - 2014-04-10 14:23 - 00003674 _____ () C:\Users\xxx\Desktop\AdwCleaner[S0].txt

2014-04-10 14:25 - 2014-04-10 14:20 - 00003605 _____ () C:\Users\xxx\Desktop\AdwCleaner[R0].txt

2014-04-10 14:19 - 2014-04-10 14:21 - 00000000 ____D () C:\AdwCleaner

2014-04-10 14:18 - 2014-04-10 14:18 - 01426178 _____ () C:\Users\xxx\Desktop\adwcleaner.exe

2014-04-10 14:15 - 2014-04-10 14:15 - 00002350 _____ () C:\Users\xxx\Desktop\mbam.txt
 

2014-04-10 14:01 - 2014-04-10 14:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-10 14:00 - 2014-04-10 14:00 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-10 14:00 - 2014-04-10 14:00 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-10 14:00 - 2014-04-10 14:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-10 14:00 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-10 14:00 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-10 14:00 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-10 13:55 - 2014-04-10 14:12 - 00000000 ____D () C:\Users\Raphael\Desktop\Neuer Ordner (2)

2014-04-09 14:21 - 2014-04-10 14:38 - 00000000 ____D () C:\FRST

2014-04-09 14:20 - 2014-04-09 14:20 - 02157056 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe

2014-04-08 23:40 - 2014-04-09 00:00 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Eltima Software

2014-04-08 23:40 - 2014-04-08 23:40 - 00000000 ____D () C:\ProgramData\Eltima Software

2014-04-08 23:39 - 2014-04-08 23:59 - 00000000 ____D () C:\ProgramData\dad8f7a411806aea

2014-04-08 23:39 - 2014-04-08 23:43 - 00000000 ____D () C:\ProgramData\sAfeweb

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\xxx\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Program Files (x86)\sAfeweb

2014-04-08 23:38 - 2014-04-08 23:40 - 00000000 ____D () C:\ProgramData\InstallMate

2014-04-08 18:38 - 2014-04-08 18:39 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-04-08 18:38 - 2014-04-08 18:38 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\PDAppFlex

2014-04-08 18:06 - 2014-04-08 18:06 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-02 02:52 - 2014-04-02 02:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-03-27 23:56 - 2014-03-27 23:56 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ____D () C:\Users\xxx\AppData\Local\Skype

2014-03-19 16:15 - 2014-03-19 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

2014-04-10 14:38 - 2014-04-10 14:38 - 00013427 _____ () C:\Users\xxx\Desktop\FRST.txt
 

2014-04-10 14:38 - 2014-04-09 14:21 - 00000000 ____D () C:\FRST

2014-04-10 14:36 - 2014-01-31 19:10 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-10 14:36 - 2013-04-18 05:02 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-04-10 14:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-10 14:35 - 2013-06-14 12:11 - 01741445 _____ () C:\Windows\WindowsUpdate.log

2014-04-10 14:34 - 2014-04-10 14:34 - 00001052 _____ () C:\Users\xxx\Desktop\JRT.txt
 

2014-04-10 14:30 - 2014-04-10 14:30 - 00000000 ____D () C:\Windows\ERUNT

2014-04-10 14:27 - 2014-04-10 14:27 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe

2014-04-10 14:27 - 2012-07-26 12:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat

2014-04-10 14:27 - 2012-07-26 12:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat

2014-04-10 14:27 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-10 14:26 - 2014-01-31 19:10 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-10 14:23 - 2014-04-10 14:26 - 00003674 _____ () C:\Users\Raphael\Desktop\AdwCleaner[S0].txt

2014-04-10 14:21 - 2014-04-10 14:19 - 00000000 ____D () C:\AdwCleaner

2014-04-10 14:20 - 2014-04-10 14:25 - 00003605 _____ () C:\Users\xxx\Desktop\AdwCleaner[R0].txt

2014-04-10 14:18 - 2014-04-10 14:18 - 01426178 _____ () C:\Users\xxx\Desktop\adwcleaner.exe

2014-04-10 14:15 - 2014-04-10 14:15 - 00002350 _____ () C:\Users\xxx\Desktop\mbam.txt
 

2014-04-10 14:13 - 2014-04-10 14:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-10 14:12 - 2014-04-10 13:55 - 00000000 ____D () C:\Users\xxx\Desktop\Neuer Ordner (2)

2014-04-10 14:10 - 2013-06-24 16:43 - 00011151 _____ () C:\Users\xxx\Desktop\Neues Textdokument.txt

2014-04-10 14:00 - 2014-04-10 14:00 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-10 14:00 - 2014-04-10 14:00 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-10 14:00 - 2014-04-10 14:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-10 14:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-04-09 23:28 - 2013-06-14 12:35 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Skype

2014-04-09 22:49 - 2013-06-14 14:47 - 00000000 ____D () C:\Users\xxx\AppData\Local\Adobe

2014-04-09 14:20 - 2014-04-09 14:20 - 02157056 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe

2014-04-09 03:36 - 2013-06-14 17:12 - 07110656 ___SH () C:\Users\xxx\Desktop\Thumbs.db

2014-04-09 00:12 - 2013-11-11 15:25 - 00000145 _____ () C:\Windows\etGlobalInfo.txt

2014-04-09 00:12 - 2013-11-11 15:21 - 00002942 _____ () C:\Windows\System32\Tasks\{2B3E483C-6661-4E04-8FF4-C7FCE7D864BE}

2014-04-09 00:12 - 2013-11-11 15:21 - 00002928 _____ () C:\Windows\System32\Tasks\{2B3E483C-6661-4E04-8FF4-C7FCE7D864AE}

2014-04-09 00:09 - 2013-06-14 17:12 - 00000000 ____D () C:\Users\xxx\Desktop\BlaBla
 

2014-04-09 00:00 - 2014-04-08 23:40 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Eltima Software

2014-04-08 23:59 - 2014-04-08 23:39 - 00000000 ____D () C:\ProgramData\dad8f7a411806aea

2014-04-08 23:43 - 2014-04-08 23:39 - 00000000 ____D () C:\ProgramData\sAfeweb

2014-04-08 23:43 - 2013-04-18 04:56 - 00118028 _____ () C:\Windows\PFRO.log

2014-04-08 23:43 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-04-08 23:40 - 2014-04-08 23:40 - 00000000 ____D () C:\ProgramData\Eltima Software

2014-04-08 23:40 - 2014-04-08 23:38 - 00000000 ____D () C:\ProgramData\InstallMate

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\xxx\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Program Files (x86)\sAfeweb

2014-04-08 23:39 - 2014-01-31 19:10 - 00000000 ____D () C:\Users\xxx\AppData\Local\Google

2014-04-08 23:30 - 2013-06-14 18:21 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\vlc

2014-04-08 22:50 - 2013-06-14 16:05 - 00000000 ____D () C:\Users\xxx\Documents\Vegas Movie Studio HD Platinum 10.0 Projekte

2014-04-08 19:01 - 2013-06-14 12:12 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Adobe

2014-04-08 19:01 - 2013-04-18 05:09 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-08 19:00 - 2013-04-18 05:09 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-04-08 18:39 - 2014-04-08 18:38 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-04-08 18:38 - 2014-04-08 18:38 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\PDAppFlex

2014-04-08 18:06 - 2014-04-08 18:06 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-04 18:41 - 2013-11-14 15:42 - 00000000 ____D () C:\Program Files (x86)\east-tec InvisibleSecrets

2014-04-03 09:51 - 2014-04-10 14:00 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-10 14:00 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-10 14:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-02 02:52 - 2014-04-02 02:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-04-02 02:52 - 2014-01-01 18:07 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-04-02 02:52 - 2013-06-14 12:27 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-04-02 02:52 - 2013-06-14 12:27 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-04-02 02:22 - 2013-11-14 17:06 - 00003308 _____ () C:\Windows\System32\Tasks\{995C167A-3E0F-4C93-9F4E-25AFC941B571}

2014-04-01 13:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-03-30 14:21 - 2014-01-31 19:10 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-30 14:21 - 2014-01-31 19:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-28 16:41 - 2014-02-24 16:57 - 00004941 _____ () C:\Users\xxx\Desktop\Nachrichten.txt

2014-03-27 23:56 - 2014-03-27 23:56 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ____D () C:\Users\xxx\AppData\Local\Skype

2014-03-27 23:56 - 2013-06-14 12:35 - 00000000 ____D () C:\ProgramData\Skype

2014-03-26 03:26 - 2013-06-14 12:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-03-19 16:15 - 2014-03-19 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-11 17:58 - 2013-06-14 16:45 - 00000000 ____D () C:\Users\xxx\AppData\Local\Corel
 

Some content of TEMP:

====================

C:\Users\xxx\AppData\Local\Temp\Quarantine.exe

C:\Users\xxx\AppData\Local\Temp\swf_flv_player_orig.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-07 16:06
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hey schrauber, vielen Dank! :)

ESET Log:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=84c69ae7e8a37b4884091da62022ba35

# engine=17847

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-04-11 12:33:27

# local_time=2014-04-11 02:33:27 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.2.9200 NT 

# compatibility_mode=774 16777213 85 76 0 0 0 0

# compatibility_mode=5893 16776574 100 94 17761897 42387995 0 0

# scanned=218646

# found=0

# cleaned=0

# scan_time=1855

Security Check Log:

Code:

 Results of screen317's Security Check version 0.99.81  

   x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 
 ``````````````Antivirus/Firewall Check:`````````````` 

Windows Defender   

avast! Antivirus   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Java 7 Update 51  

 Adobe Flash Player         13.0.0.182  

 Adobe Reader XI  

 Mozilla Firefox (28.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Spybot Teatimer.exe is disabled! 

 NVIDIA Corporation PhysX Common AvastSvc.exe -?- 

 AVAST Software Avast AvastUI.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

FRST Log:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 29 days old and could be outdated)

Ran by xxx (administrator) on RK on 11-04-2014 14:42:01

Running from C:\Users\xxx\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(East-Tec) C:\Program Files (x86)\east-tec Eraser\etSCHService.exe

(East-Tec) C:\Program Files (x86)\east-tec Eraser\etUpdateService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

() C:\Program Files\Plantronics\GameCom780\GameCom780.exe

(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe

() C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

(East-Tec) C:\Program Files (x86)\east-tec Eraser\etSCHAgent.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)

HKLM\...\Run: [GamecomSound] - C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-03-22] ()

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)

HKLM-x32\...\Run: [Corel Photo Downloader] - C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [532808 2008-08-08] (Corel, Inc.)

HKLM-x32\...\Run: [Corel File Shell Monitor] - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16712 2008-08-08] ()

HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-02] (AVAST Software)

HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)

HKLM-x32\...\Run: [East-Tec east-tec Eraser Scheduler Agent] - C:\Program Files (x86)\east-tec Eraser\etSCHAgent.exe [2056808 2013-11-07] (East-Tec)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-2063673603-3414738109-2467670472-1002\...\Run: [CyberGhost] - C:\Program Files\CyberGhost 5\CyberGhost.exe [358000 2014-01-16] (CyberGhost S.R.L.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com

SearchScopes: HKLM - DefaultScope {D04A03A6-DF03-4563-A58A-540F95DAA472} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS

SearchScopes: HKLM - {D04A03A6-DF03-4563-A58A-540F95DAA472} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS

SearchScopes: HKLM-x32 - {D04A03A6-DF03-4563-A58A-540F95DAA472} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default

FF Homepage: hxxp://www.google.com

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: NoScript - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-14]

FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-14]

FF Extension: Greasemonkey - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\is4yaikm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-06-15]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-14]
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR Extension: (SNT) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aojhnnjblmapnmgjghgobkneikiehijg [2014-04-08]

CHR Extension: (YoutubeAdblocker) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedamjokbfmadpbehnhfbamfmeocfgao [2014-04-08]

CHR Extension: (Safeweb) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhehgkgnpnlceaapjchnanicmapgndj [2014-04-08]

CHR Extension: (Browse Save Win) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2014-04-08]
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-02] (AVAST Software)

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)

R2 QSetSchedulerService; C:\Program Files (x86)\east-tec Eraser\etSCHService.exe [2424936 2013-11-07] (East-Tec)

R2 QSetUpdateService; C:\Program Files (x86)\east-tec Eraser\etUpdateService.exe [2271336 2013-11-07] (East-Tec)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-02] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-02] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-02] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-02] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-02] (AVAST Software)

R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-02] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-02] ()

S2 hidedir; C:\Windows\SysWOW64\drivers\hidedir.sys [8704 2007-02-12] ()

R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

R3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)

R3 vdisk; C:\Windows\System32\drivers\vdisk.sys [81056 2010-05-19] ()

S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\SYSPREP\OA30\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-11 14:42 - 2014-04-11 14:42 - 00013618 _____ () C:\Users\xxx\Desktop\FRST.txt
 

2014-04-11 14:39 - 2014-04-11 14:39 - 00987448 _____ () C:\Users\xxx\Desktop\SecurityCheck.exe

2014-04-11 13:57 - 2014-04-11 13:57 - 02347384 _____ (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe

2014-04-11 01:17 - 2014-04-11 01:17 - 00001107 _____ () C:\Users\UpdatusUser\Desktop\SWF Opener.lnk

2014-04-11 01:17 - 2014-04-11 01:17 - 00001107 _____ () C:\Users\xxx\Desktop\SWF Opener.lnk

2014-04-11 01:17 - 2014-04-11 01:17 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnH Solutions

2014-04-11 01:17 - 2014-04-11 01:17 - 00000000 ____D () C:\Program Files (x86)\UnH Solutions

2014-04-10 14:30 - 2014-04-10 14:30 - 00000000 ____D () C:\Windows\ERUNT

2014-04-10 14:27 - 2014-04-10 14:27 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe

2014-04-10 14:19 - 2014-04-10 14:21 - 00000000 ____D () C:\AdwCleaner

2014-04-10 14:18 - 2014-04-10 14:18 - 01426178 _____ () C:\Users\xxx\Desktop\adwcleaner.exe

2014-04-10 14:01 - 2014-04-10 14:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-10 14:00 - 2014-04-10 14:00 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-10 14:00 - 2014-04-10 14:00 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-10 14:00 - 2014-04-10 14:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-10 14:00 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-10 14:00 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-10 14:00 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-10 13:55 - 2014-04-11 13:58 - 00000000 ____D () C:\Users\xxx\Desktop\Neuer Ordner (2)

2014-04-09 14:21 - 2014-04-11 14:42 - 00000000 ____D () C:\FRST

2014-04-09 14:20 - 2014-04-09 14:20 - 02157056 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe

2014-04-08 23:40 - 2014-04-09 00:00 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Eltima Software

2014-04-08 23:40 - 2014-04-08 23:40 - 00000000 ____D () C:\ProgramData\Eltima Software

2014-04-08 23:39 - 2014-04-08 23:59 - 00000000 ____D () C:\ProgramData\dad8f7a411806aea

2014-04-08 23:39 - 2014-04-08 23:43 - 00000000 ____D () C:\ProgramData\sAfeweb

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\xxx\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Program Files (x86)\sAfeweb

2014-04-08 23:38 - 2014-04-08 23:40 - 00000000 ____D () C:\ProgramData\InstallMate

2014-04-08 18:38 - 2014-04-08 18:39 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-04-08 18:38 - 2014-04-08 18:38 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\PDAppFlex

2014-04-08 18:06 - 2014-04-08 18:06 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-02 02:52 - 2014-04-02 02:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-03-27 23:56 - 2014-03-27 23:56 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ____D () C:\Users\xxx\AppData\Local\Skype

2014-03-19 16:15 - 2014-03-19 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

2014-04-11 14:42 - 2014-04-11 14:42 - 00013618 _____ () C:\Users\xxx\Desktop\FRST.txt
 

2014-04-11 14:42 - 2014-04-09 14:21 - 00000000 ____D () C:\FRST

2014-04-11 14:39 - 2014-04-11 14:39 - 00987448 _____ () C:\Users\xxx\Desktop\SecurityCheck.exe

2014-04-11 14:38 - 2013-11-11 15:25 - 00000145 _____ () C:\Windows\etGlobalInfo.txt

2014-04-11 14:38 - 2013-11-11 15:21 - 00002942 _____ () C:\Windows\System32\Tasks\{2B3E483C-6661-4E04-8FF4-C7FCE7D864BE}

2014-04-11 14:38 - 2013-11-11 15:21 - 00002928 _____ () C:\Windows\System32\Tasks\{2B3E483C-6661-4E04-8FF4-C7FCE7D864AE}

2014-04-11 14:26 - 2014-01-31 19:10 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-11 14:26 - 2014-01-31 19:10 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-11 14:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-04-11 13:58 - 2014-04-10 13:55 - 00000000 ____D () C:\Users\xxx\Desktop\Neuer Ordner (2)

2014-04-11 13:57 - 2014-04-11 13:57 - 02347384 _____ (ESET) C:\Users\xxx\Desktop\esetsmartinstaller_enu.exe

2014-04-11 13:53 - 2013-06-14 12:11 - 01787522 _____ () C:\Windows\WindowsUpdate.log

2014-04-11 01:29 - 2013-06-14 17:12 - 00000000 ____D () C:\Users\xxx\Desktop\BlaBla
 

2014-04-11 01:18 - 2012-07-26 12:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat

2014-04-11 01:18 - 2012-07-26 12:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat

2014-04-11 01:18 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-11 01:17 - 2014-04-11 01:17 - 00001107 _____ () C:\Users\UpdatusUser\Desktop\SWF Opener.lnk

2014-04-11 01:17 - 2014-04-11 01:17 - 00001107 _____ () C:\Users\xxx\Desktop\SWF Opener.lnk

2014-04-11 01:17 - 2014-04-11 01:17 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnH Solutions

2014-04-11 01:17 - 2014-04-11 01:17 - 00000000 ____D () C:\Program Files (x86)\UnH Solutions

2014-04-11 01:13 - 2013-11-14 17:06 - 00003306 _____ () C:\Windows\System32\Tasks\{995C167A-3E0F-4C93-9F4E-25AFC941B571}

2014-04-11 01:13 - 2013-04-18 05:02 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-04-11 01:13 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-11 01:04 - 2013-06-14 18:21 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\vlc

2014-04-10 23:46 - 2013-06-14 12:35 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Skype

2014-04-10 14:30 - 2014-04-10 14:30 - 00000000 ____D () C:\Windows\ERUNT

2014-04-10 14:27 - 2014-04-10 14:27 - 01016261 _____ (Thisisu) C:\Users\xxx\Desktop\JRT.exe

2014-04-10 14:21 - 2014-04-10 14:19 - 00000000 ____D () C:\AdwCleaner

2014-04-10 14:18 - 2014-04-10 14:18 - 01426178 _____ () C:\Users\xxx\Desktop\adwcleaner.exe

2014-04-10 14:13 - 2014-04-10 14:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-10 14:10 - 2013-06-24 16:43 - 00011151 _____ () C:\Users\xxx\Desktop\Neues Textdokument.txt

2014-04-10 14:00 - 2014-04-10 14:00 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-10 14:00 - 2014-04-10 14:00 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-10 14:00 - 2014-04-10 14:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-09 22:49 - 2013-06-14 14:47 - 00000000 ____D () C:\Users\xxx\AppData\Local\Adobe

2014-04-09 14:20 - 2014-04-09 14:20 - 02157056 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe

2014-04-09 03:36 - 2013-06-14 17:12 - 07110656 ___SH () C:\Users\xxx\Desktop\Thumbs.db

2014-04-09 00:00 - 2014-04-08 23:40 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Eltima Software

2014-04-08 23:59 - 2014-04-08 23:39 - 00000000 ____D () C:\ProgramData\dad8f7a411806aea

2014-04-08 23:43 - 2014-04-08 23:39 - 00000000 ____D () C:\ProgramData\sAfeweb

2014-04-08 23:43 - 2013-04-18 04:56 - 00118028 _____ () C:\Windows\PFRO.log

2014-04-08 23:43 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-04-08 23:40 - 2014-04-08 23:40 - 00000000 ____D () C:\ProgramData\Eltima Software

2014-04-08 23:40 - 2014-04-08 23:38 - 00000000 ____D () C:\ProgramData\InstallMate

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\xxx\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Gast

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Users\Administrator

2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\Program Files (x86)\sAfeweb

2014-04-08 23:39 - 2014-01-31 19:10 - 00000000 ____D () C:\Users\xxx\AppData\Local\Google

2014-04-08 22:50 - 2013-06-14 16:05 - 00000000 ____D () C:\Users\xxx\Documents\Vegas Movie Studio HD Platinum 10.0 Projekte

2014-04-08 19:01 - 2013-06-14 12:12 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Adobe

2014-04-08 19:01 - 2013-04-18 05:09 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-08 19:00 - 2013-04-18 05:09 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-04-08 18:39 - 2014-04-08 18:38 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-04-08 18:38 - 2014-04-08 18:38 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\PDAppFlex

2014-04-08 18:06 - 2014-04-08 18:06 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-04 18:41 - 2013-11-14 15:42 - 00000000 ____D () C:\Program Files (x86)\east-tec InvisibleSecrets

2014-04-03 09:51 - 2014-04-10 14:00 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-10 14:00 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-10 14:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-02 02:52 - 2014-04-02 02:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-04-02 02:52 - 2014-01-01 18:07 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-04-02 02:52 - 2013-06-14 12:27 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-04-02 02:52 - 2013-06-14 12:27 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-04-02 02:52 - 2013-06-14 12:27 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-04-01 13:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-03-30 14:21 - 2014-01-31 19:10 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-30 14:21 - 2014-01-31 19:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-28 16:41 - 2014-02-24 16:57 - 00004941 _____ () C:\Users\xxx\Desktop\Nachrichten.txt

2014-03-27 23:56 - 2014-03-27 23:56 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-27 23:56 - 2014-03-27 23:56 - 00000000 ____D () C:\Users\xxx\AppData\Local\Skype

2014-03-27 23:56 - 2013-06-14 12:35 - 00000000 ____D () C:\ProgramData\Skype

2014-03-26 03:26 - 2013-06-14 12:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-03-19 16:15 - 2014-03-19 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

Some content of TEMP:

====================

C:\Users\Raphael\AppData\Local\Temp\Quarantine.exe

C:\Users\Raphael\AppData\Local\Temp\swf_flv_player_orig.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-07 16:06
 

==================== End Of Log ============================

--- --- ---

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.