Deutsche Bank Phishing Email - Telefonbanking

schrauber · 07.09.2013, 07:23

Zitat:

es kam gerade wieder

heisst im Detail?

kiyuu · 07.09.2013, 11:47

das heisst, dass wenn mein mozilla firefox offen ist sich einfach irgendwann ein neuer tab öffnet mit werbung. mal dieser link, den ich gerade gepostet habe, mal was von einem piloten, aber immer eine website mit einem video eingebettet.

schrauber · 07.09.2013, 14:50

Immer? Oder nur wenn Du eine Seite aufsuchst und auf der was anklickt, sodass sich der Tab zusätzlich öffnet?

Adblock plus als addon installiert?

Bitte mal ein frisches FRST log.

kiyuu · 07.09.2013, 15:00

meist kommt das einfach so, also wenn ich zb gerade gar nichts am pc mache, dieser aber an und der browser geöffnet ist. log kommt sofort

ABP war installiert, habe aber seit das problem aufgetreten war mal den ad block gewechselt, da man munkelte ABP wäre eventuell dafür verantwortlich weil es oft "nicht störende" werbung durchlässt.

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2013 01
Ran by AllmightyMe (administrator) on ALLMIGHTYME-PC on 07-09-2013 15:58:24
Running from C:\Users\AllmightyMe\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\windows\splwow64.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\windows\system32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Farbar) C:\Users\AllmightyMe\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)
HKCU\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [PlusService] - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [802304 2012-09-24] (Yuna Software)
HKLM-x32\...\Run: [MessengerPlusForSkypeService] - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [125952 2012-12-16] (Yuna Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [260928 2012-02-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\AllmightyMe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=ds2nt&d
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
SearchScopes: HKCU - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DNS Error Helper - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\AllmightyMe\AppData\Roaming\Mozilla\Firefox\Profiles\flhqt30b.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\AllmightyMe\AppData\Roaming\Mozilla\Firefox\Profiles\flhqt30b.default\searchplugins\259d2b21-08e7-4110-bdda-04e4229005b0.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\AllmightyMe\AppData\Roaming\Mozilla\Firefox\Profiles\flhqt30b.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsgPlusService; C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [125952 2012-12-16] (Yuna Software)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-13] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-06 18:31 - 2013-09-06 18:31 - 00000000 ___RD C:\Users\AllmightyMe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-09-06 18:21 - 2013-09-07 10:48 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-09-06 18:21 - 2013-09-06 18:21 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-09-06 18:21 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-09-06 18:21 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-09-06 18:21 - 2013-08-30 09:48 - 00204880 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-09-06 18:21 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-09-06 18:21 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-09-06 18:21 - 2013-08-30 09:48 - 00065336 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-09-06 18:21 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-09-06 18:21 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-09-06 18:21 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-09-06 18:20 - 2013-09-06 18:20 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-06 18:20 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr
2013-09-06 18:18 - 2013-09-06 18:20 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-06 18:08 - 2013-09-06 18:08 - 00227096 _____ C:\Users\AllmightyMe\Downloads\avira_registry_cleaner_de.exe
2013-09-06 10:19 - 2013-09-06 10:19 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-09-05 22:36 - 2013-09-05 22:36 - 00002096 _____ C:\Users\AllmightyMe\Downloads\FSS.txt
2013-09-05 22:31 - 2013-09-05 22:32 - 00041108 _____ C:\Users\AllmightyMe\Downloads\Addition.txt
2013-09-05 22:30 - 2013-09-05 22:30 - 00000000 ____D C:\FRST
2013-09-05 22:29 - 2013-09-05 22:29 - 01947160 _____ (Farbar) C:\Users\AllmightyMe\Downloads\FRST64.exe
2013-09-05 22:28 - 2013-09-05 22:28 - 00358609 _____ (Farbar) C:\Users\AllmightyMe\Downloads\FSS.exe
2013-09-05 22:24 - 2013-09-05 22:32 - 131918888 _____ C:\Users\AllmightyMe\Downloads\avast_free_antivirus_setup.exe
2013-09-05 17:24 - 2013-09-05 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 17:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-05 17:06 - 2013-09-05 17:17 - 00108140 _____ C:\Users\AllmightyMe\Downloads\OTL.Txt
2013-09-05 17:06 - 2013-09-05 17:06 - 00109712 _____ C:\Users\AllmightyMe\Downloads\Extras.Txt
2013-09-05 16:51 - 2013-09-05 16:51 - 00602112 _____ (OldTimer Tools) C:\Users\AllmightyMe\Downloads\OTL.exe
2013-09-05 16:08 - 2013-09-05 16:09 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\AllmightyMe\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-05 12:37 - 2013-09-05 12:37 - 00055776 _____ C:\Users\AllmightyMe\Downloads\Halftones.zip
2013-09-01 21:51 - 2013-09-07 10:53 - 00000000 ____D C:\Users\AllmightyMe\Desktop\porn inspiration
2013-08-26 22:43 - 2012-12-11 13:07 - 01509760 _____ (Wacom Technology, Corp.) C:\windows\SysWOW64\Wintab32.dll
2013-08-26 22:40 - 2013-08-26 22:42 - 38455200 _____ C:\Users\AllmightyMe\Downloads\cons532-1_int(2).exe
2013-08-26 22:19 - 2013-08-26 22:19 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2013-08-26 18:55 - 2013-08-26 18:55 - 00005120 ____H C:\Users\AllmightyMe\photothumb.db
2013-08-25 22:42 - 2013-08-25 22:42 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\WTablet
2013-08-25 22:38 - 2013-08-26 22:44 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-08-25 22:38 - 2012-12-11 13:07 - 01981312 _____ (Wacom Technology, Corp.) C:\windows\system32\Pen_Tablet.dll
2013-08-25 22:38 - 2012-12-11 13:07 - 01974144 _____ (Wacom Technology, Corp.) C:\windows\system32\Pen_Touch_Tablet.dll
2013-08-25 22:38 - 2012-12-11 13:07 - 01843584 _____ (Wacom Technology, Corp.) C:\windows\system32\Wintab32.dll
2013-08-25 22:38 - 2012-12-11 13:07 - 01840000 _____ (Wacom Technology, Corp.) C:\windows\system32\WacomMT.dll
2013-08-25 22:38 - 2012-12-11 13:07 - 01621888 _____ (Wacom Technology, Corp.) C:\windows\SysWOW64\Pen_Touch_Tablet.dll
2013-08-25 22:38 - 2012-12-11 13:07 - 01505664 _____ (Wacom Technology, Corp.) C:\windows\SysWOW64\WacomMT.dll
2013-08-25 22:36 - 2013-08-25 22:37 - 07434944 _____ C:\Users\AllmightyMe\Downloads\bamboo_setup_web0407final(2).exe
2013-08-25 22:36 - 2013-08-25 22:36 - 00057731 _____ C:\Users\AllmightyMe\Downloads\bamboo_setup_web0407final(1).exe
2013-08-25 21:55 - 2013-08-25 21:59 - 38455200 _____ C:\Users\AllmightyMe\Downloads\cons532-1_int(1).exe
2013-08-25 21:55 - 2013-08-25 21:56 - 02222363 _____ C:\Users\AllmightyMe\Downloads\bamboo_setup_web0407final(1).exe.part
2013-08-25 02:23 - 2013-08-29 00:54 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\vlc
2013-08-25 01:39 - 2013-08-25 01:39 - 06246400 _____ C:\Users\AllmightyMe\New Canvas.sai
2013-08-24 22:43 - 2013-08-24 22:43 - 10780672 _____ C:\Users\AllmightyMe\armor 2.sai
2013-08-24 14:02 - 2013-02-26 10:57 - 00000274 _____ C:\Users\AllmightyMe\Documents\regfix_64.reg
2013-08-24 14:01 - 2013-08-24 14:01 - 00000326 _____ C:\Users\AllmightyMe\Downloads\regfix_64.zip
2013-08-24 14:01 - 2013-08-24 14:01 - 00000000 ____D C:\Users\AllmightyMe\Downloads\regfix_64
2013-08-23 12:52 - 2013-08-23 12:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-23 11:56 - 2013-08-23 11:59 - 38455200 _____ C:\Users\AllmightyMe\Downloads\cons532-1_int.exe
2013-08-21 17:34 - 2013-08-22 00:14 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\HpUpdate
2013-08-21 17:33 - 2013-08-21 17:33 - 03111104 _____ (Hewlett-Packard                                              ) C:\Users\AllmightyMe\Downloads\hpusetup.exe
2013-08-21 17:33 - 2013-08-21 17:33 - 00000000 ____D C:\windows\Hewlett-Packard
2013-08-19 00:39 - 2013-08-23 11:28 - 00864956 _____ C:\Users\AllmightyMe\Desktop\rpg coffee and cookies.odt
2013-08-16 22:15 - 2013-09-07 10:52 - 00000000 ____D C:\Users\AllmightyMe\Desktop\dollz
2013-08-15 17:19 - 2013-08-15 17:19 - 00262308 _____ C:\windows\msxml4-KB2758694-enu.LOG
2013-08-15 16:00 - 2013-08-15 16:01 - 00000000 ____D C:\windows\system32\MRT
2013-08-15 15:59 - 2013-08-05 16:14 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-15 15:13 - 2013-09-07 15:35 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-15 15:13 - 2013-08-15 15:13 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-15 15:06 - 2013-08-15 15:06 - 00000000 ____D C:\Users\ALLMIG~1\AppData\Local\Secunia PSI
2013-08-15 15:05 - 2013-08-15 15:05 - 03272136 _____ (Secunia) C:\Users\AllmightyMe\Downloads\PSISetup711.exe
2013-08-15 15:05 - 2013-08-15 15:05 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:02 - 2013-08-15 15:02 - 00001120 _____ C:\DelFix.txt
2013-08-15 03:05 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-15 03:05 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-15 03:05 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-15 03:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-15 03:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-15 03:05 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-15 03:05 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-15 03:05 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-15 03:05 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-15 03:05 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-15 03:05 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-15 03:05 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-15 03:05 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-15 03:05 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-15 03:05 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-15 03:05 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-15 03:05 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-15 03:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-15 03:05 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-15 03:05 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-15 03:05 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-15 03:05 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-15 03:05 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-08-15 03:05 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-15 03:05 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-15 03:05 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-15 03:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-15 03:05 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-15 03:05 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-15 03:05 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:05 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 01:54 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-15 01:54 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-08-15 01:54 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-15 01:54 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-08-15 01:54 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-15 01:54 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-15 01:54 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-08-15 01:54 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-15 01:54 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-15 01:54 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-15 01:54 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-15 01:54 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-15 01:54 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-08-15 01:54 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-08-15 01:54 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-08-15 01:54 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-15 01:54 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-15 01:54 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-08-15 01:54 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-15 01:54 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-08-15 01:54 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-08-15 01:54 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-08-15 01:54 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-08-15 01:54 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-08-15 01:54 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-08-15 01:53 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-15 01:53 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-08-13 22:04 - 2013-08-15 15:02 - 00000000 ____D C:\windows\ERUNT
2013-08-13 20:02 - 2013-08-13 20:02 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\Malwarebytes
2013-08-13 20:02 - 2013-08-13 20:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-13 19:34 - 2013-08-13 19:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\AllmightyMe\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-13 18:11 - 2013-08-15 14:57 - 00000000 ____D C:\windows\erdnt
2013-08-13 02:14 - 2013-08-13 02:14 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\TrojanHunter
2013-08-13 02:05 - 2013-08-13 22:31 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-08-13 02:05 - 2013-08-13 02:05 - 00059392 ____R C:\windows\SysWOW64\streamhlp.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 05843488 _____ (Mischel Internet Security                                   ) C:\Users\AllmightyMe\Downloads\TrojanHunterSetup_5.5_Build_1003.exe

==================== One Month Modified Files and Folders =======

2013-09-07 15:57 - 2013-09-07 15:57 - 01948682 _____ (Farbar) C:\Users\AllmightyMe\Downloads\FRST64(1).exe
2013-09-07 15:44 - 2013-01-18 19:54 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\Skype
2013-09-07 15:35 - 2013-08-15 15:13 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-07 11:11 - 2012-04-23 11:51 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-09-07 10:53 - 2013-09-01 21:51 - 00000000 ____D C:\Users\AllmightyMe\Desktop\porn inspiration
2013-09-07 10:53 - 2013-07-30 19:19 - 00000000 ____D C:\Users\AllmightyMe\Desktop\Camera
2013-09-07 10:53 - 2013-07-15 09:05 - 00000000 ____D C:\Users\AllmightyMe\Desktop\digitale bilder
2013-09-07 10:53 - 2013-01-21 12:23 - 00095232 ____H C:\Users\AllmightyMe\Desktop\photothumb.db
2013-09-07 10:52 - 2013-08-16 22:15 - 00000000 ____D C:\Users\AllmightyMe\Desktop\dollz
2013-09-07 10:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\tracing
2013-09-07 10:48 - 2013-09-06 18:21 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-09-06 23:49 - 2013-06-27 12:09 - 00000000 ____D C:\Users\AllmightyMe\Desktop\Originals
2013-09-06 23:37 - 2013-05-22 15:51 - 00003072 ____H C:\Users\AllmightyMe\Documents\photothumb.db
2013-09-06 21:15 - 2013-01-16 18:47 - 00000000 ____D C:\Users\AllmightyMe\Documents\Bluetooth Folder
2013-09-06 21:15 - 2013-01-16 18:47 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\Atheros
2013-09-06 19:36 - 2013-06-26 23:06 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-06 18:49 - 2009-07-14 06:45 - 00020992 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-06 18:49 - 2009-07-14 06:45 - 00020992 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-06 18:34 - 2012-04-24 03:46 - 01182406 _____ C:\windows\WindowsUpdate.log
2013-09-06 18:31 - 2013-09-06 18:31 - 00000000 ___RD C:\Users\AllmightyMe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-09-06 18:30 - 2012-04-23 11:51 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-09-06 18:29 - 2013-03-17 19:17 - 00065536 _____ C:\windows\system32\Ikeext.etl
2013-09-06 18:29 - 2013-02-28 12:03 - 00017907 _____ C:\windows\setupact.log
2013-09-06 18:29 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-06 18:28 - 2013-06-26 23:06 - 00000000 ____D C:\Users\ALLMIG~1\AppData\Local\Google
2013-09-06 18:28 - 2010-11-21 05:47 - 00521872 _____ C:\windows\PFRO.log
2013-09-06 18:21 - 2013-09-06 18:21 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-09-06 18:20 - 2013-09-06 18:20 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-06 18:20 - 2013-09-06 18:18 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-06 18:08 - 2013-09-06 18:08 - 00227096 _____ C:\Users\AllmightyMe\Downloads\avira_registry_cleaner_de.exe
2013-09-06 10:19 - 2013-09-06 10:19 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-09-05 22:36 - 2013-09-05 22:36 - 00002096 _____ C:\Users\AllmightyMe\Downloads\FSS.txt
2013-09-05 22:32 - 2013-09-05 22:31 - 00041108 _____ C:\Users\AllmightyMe\Downloads\Addition.txt
2013-09-05 22:32 - 2013-09-05 22:24 - 131918888 _____ C:\Users\AllmightyMe\Downloads\avast_free_antivirus_setup.exe
2013-09-05 22:30 - 2013-09-05 22:30 - 00000000 ____D C:\FRST
2013-09-05 22:29 - 2013-09-05 22:29 - 01947160 _____ (Farbar) C:\Users\AllmightyMe\Downloads\FRST64.exe
2013-09-05 22:28 - 2013-09-05 22:28 - 00358609 _____ (Farbar) C:\Users\AllmightyMe\Downloads\FSS.exe
2013-09-05 18:33 - 2013-07-12 15:51 - 00000000 ____D C:\Users\AllmightyMe\Desktop\sai
2013-09-05 17:24 - 2013-09-05 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 17:17 - 2013-09-05 17:06 - 00108140 _____ C:\Users\AllmightyMe\Downloads\OTL.Txt
2013-09-05 17:06 - 2013-09-05 17:06 - 00109712 _____ C:\Users\AllmightyMe\Downloads\Extras.Txt
2013-09-05 16:51 - 2013-09-05 16:51 - 00602112 _____ (OldTimer Tools) C:\Users\AllmightyMe\Downloads\OTL.exe
2013-09-05 16:09 - 2013-09-05 16:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\AllmightyMe\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-05 12:37 - 2013-09-05 12:37 - 00055776 _____ C:\Users\AllmightyMe\Downloads\Halftones.zip
2013-09-04 23:37 - 2012-04-24 02:59 - 00654166 _____ C:\windows\system32\perfh007.dat
2013-09-04 23:37 - 2012-04-24 02:59 - 00130006 _____ C:\windows\system32\perfc007.dat
2013-09-04 23:37 - 2009-07-14 07:13 - 01498506 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-04 20:13 - 2013-05-19 10:27 - 00000000 ____D C:\Users\ALLMIG~1\AppData\Local\CrashDumps
2013-09-04 17:24 - 2013-07-22 15:37 - 00000000 ____D C:\Users\ALLMIG~1\AppData\Local\Procaster
2013-09-01 22:21 - 2013-01-28 22:41 - 00000000 ____D C:\Users\AllmightyMe\Documents\Youcam
2013-09-01 13:33 - 2013-01-23 06:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-01 13:33 - 2013-01-16 18:50 - 00000000 ____D C:\ProgramData\Skype
2013-08-30 09:48 - 2013-09-06 18:21 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-06 18:21 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-06 18:21 - 00204880 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-06 18:21 - 00080816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-06 18:21 - 00072016 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-06 18:21 - 00065336 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2013-09-06 18:21 - 00064288 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-06 18:21 - 00033400 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2013-09-06 18:21 - 00287840 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-06 18:20 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr
2013-08-29 00:54 - 2013-08-25 02:23 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\vlc
2013-08-29 00:36 - 2013-02-02 23:50 - 00000000 ____D C:\Users\AllmightyMe\Calibre Bibliothek
2013-08-26 22:44 - 2013-08-25 22:38 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-08-26 22:44 - 2013-07-12 19:36 - 00000000 ____D C:\Program Files\TabletPlugins
2013-08-26 22:43 - 2013-07-12 19:36 - 00000000 ____D C:\Program Files\Tablet
2013-08-26 22:42 - 2013-08-26 22:40 - 38455200 _____ C:\Users\AllmightyMe\Downloads\cons532-1_int(2).exe
2013-08-26 22:20 - 2013-05-15 10:40 - 00001438 _____ C:\ProgramData\hpzinstall.log
2013-08-26 22:19 - 2013-08-26 22:19 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2013-08-26 22:17 - 2013-07-12 19:41 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\Wacom
2013-08-26 18:55 - 2013-08-26 18:55 - 00005120 ____H C:\Users\AllmightyMe\photothumb.db
2013-08-26 18:55 - 2013-01-16 18:45 - 00000000 ____D C:\Users\AllmightyMe
2013-08-26 15:12 - 2013-07-12 19:40 - 00000002 _____ C:\Users\AllmightyMe\.bdockinstall.log
2013-08-26 02:05 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2013-08-25 22:42 - 2013-08-25 22:42 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\WTablet
2013-08-25 22:37 - 2013-08-25 22:36 - 07434944 _____ C:\Users\AllmightyMe\Downloads\bamboo_setup_web0407final(2).exe
2013-08-25 22:36 - 2013-08-25 22:36 - 00057731 _____ C:\Users\AllmightyMe\Downloads\bamboo_setup_web0407final(1).exe
2013-08-25 21:59 - 2013-08-25 21:55 - 38455200 _____ C:\Users\AllmightyMe\Downloads\cons532-1_int(1).exe
2013-08-25 21:56 - 2013-08-25 21:55 - 02222363 _____ C:\Users\AllmightyMe\Downloads\bamboo_setup_web0407final(1).exe.part
2013-08-25 01:39 - 2013-08-25 01:39 - 06246400 _____ C:\Users\AllmightyMe\New Canvas.sai
2013-08-24 22:43 - 2013-08-24 22:43 - 10780672 _____ C:\Users\AllmightyMe\armor 2.sai
2013-08-24 14:01 - 2013-08-24 14:01 - 00000326 _____ C:\Users\AllmightyMe\Downloads\regfix_64.zip
2013-08-24 14:01 - 2013-08-24 14:01 - 00000000 ____D C:\Users\AllmightyMe\Downloads\regfix_64
2013-08-23 12:52 - 2013-08-23 12:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-23 11:59 - 2013-08-23 11:56 - 38455200 _____ C:\Users\AllmightyMe\Downloads\cons532-1_int.exe
2013-08-23 11:35 - 2013-02-21 13:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-23 11:28 - 2013-08-19 00:39 - 00864956 _____ C:\Users\AllmightyMe\Desktop\rpg coffee and cookies.odt
2013-08-22 00:14 - 2013-08-21 17:34 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\HpUpdate
2013-08-21 17:36 - 2013-05-15 10:43 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-21 17:33 - 2013-08-21 17:33 - 03111104 _____ (Hewlett-Packard                                              ) C:\Users\AllmightyMe\Downloads\hpusetup.exe
2013-08-21 17:33 - 2013-08-21 17:33 - 00000000 ____D C:\windows\Hewlett-Packard
2013-08-15 17:19 - 2013-08-15 17:19 - 00262308 _____ C:\windows\msxml4-KB2758694-enu.LOG
2013-08-15 16:01 - 2013-08-15 16:00 - 00000000 ____D C:\windows\system32\MRT
2013-08-15 15:51 - 2013-05-18 06:31 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-15 15:13 - 2013-08-15 15:13 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-15 15:13 - 2013-01-16 19:16 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-15 15:13 - 2013-01-16 19:16 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-15 15:06 - 2013-08-15 15:06 - 00000000 ____D C:\Users\ALLMIG~1\AppData\Local\Secunia PSI
2013-08-15 15:05 - 2013-08-15 15:05 - 03272136 _____ (Secunia) C:\Users\AllmightyMe\Downloads\PSISetup711.exe
2013-08-15 15:05 - 2013-08-15 15:05 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-08-15 15:02 - 2013-08-15 15:02 - 00001120 _____ C:\DelFix.txt
2013-08-15 15:02 - 2013-08-13 22:04 - 00000000 ____D C:\windows\ERUNT
2013-08-15 14:57 - 2013-08-13 18:11 - 00000000 ____D C:\windows\erdnt
2013-08-15 14:42 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2013-08-13 22:31 - 2013-08-13 02:05 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-08-13 20:02 - 2013-08-13 20:02 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\Malwarebytes
2013-08-13 20:02 - 2013-08-13 20:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-13 19:34 - 2013-08-13 19:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\AllmightyMe\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-13 18:37 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-13 02:14 - 2013-08-13 02:14 - 00000000 ____D C:\Users\AllmightyMe\AppData\Roaming\TrojanHunter
2013-08-13 02:05 - 2013-08-13 02:05 - 00059392 ____R C:\windows\SysWOW64\streamhlp.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 05843488 _____ (Mischel Internet Security                                   ) C:\Users\AllmightyMe\Downloads\TrojanHunterSetup_5.5_Build_1003.exe

Files to move or delete:
====================
C:\Users\ALLMIG~1\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 16:35

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

mittlerweile sind auf meinem desktop auch versteckte systemdateien sichtbar wie
Desktop.ini

und

photothumb.db

welche beide vorher nie angezeigt wurden

schrauber · 07.09.2013, 21:13

die versteckten Symbole sind normal.

Firefox bitte komplett deinstallieren, keine Daten behalten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Firefox neu installiren und testen.

kiyuu · 09.09.2013, 00:43

ich kann mein Firefox nicht deinstallieren, es sagt immer wieder es müsse neustarten vorher um ein altes update zu installieren, das hab ich dann gemacht aber es kommt immer wieder diese nachricht.

quasi ein ewiger kreislauf...so kann ich es weder deinstallieren noch richtig installieren

okay ich habs geregelt bekommen und hab alles ausgeführt, aber jetzt zickt skype rum, hat mich rausgeworfen und sagt es hätte einen "schreib-/lesefehler" es sagt ich solle es beenden und neu starten, das hab ich mehrmals, auch meinen pc und hab auch mal gängige lösungsvorschläge aus dem skype-forum ausprobiert, alles ohne erfolg, leider.

ich habe das gefühl kaum ist ein problem bereinigt kommt ein neues

schrauber · 09.09.2013, 06:27

Firefox ist jetzt fehlerfrei?

Revo Uninstaller Pro - Uninstall Software, Remove Programs easily, Forced Uninstall, Leftovers Uninstaller
Damit Skype deinstallieren, Reste entfernen lassen, neu installieren.

kiyuu · 09.09.2013, 14:10

Firefox läuft, Skype auch wieder soweit aber jetz sind Probleme mit dem verbinden zum W-lan, weil immer wieder Probleme am Drahtlosnetzwerkadapter auftreten, dass mein laptop sich nicht mehr verbinden kann.....

schrauber · 09.09.2013, 17:28

Oh mann

Router vom Strom nehmen, 30 min warten, wieder anklemmen.

kiyuu · 09.09.2013, 17:33

jah hab ich gemacht ich hoffe die probleme hören jetzt bald mal auf dafür das das ein nicht mal ein jahre alter pc ist....eine schande XD

schrauber · 10.09.2013, 06:47

geht es denn nun wieder?

07.09.2013, 14:50	#18
schrauber /// the machine /// TB-Ausbilder	Deutsche Bank Phishing Email - Telefonbanking Immer? Oder nur wenn Du eine Seite aufsuchst und auf der was anklickt, sodass sich der Tab zusätzlich öffnet? Adblock plus als addon installiert? Bitte mal ein frisches FRST log. __________________ __________________

09.09.2013, 17:28	#24
schrauber /// the machine /// TB-Ausbilder	Deutsche Bank Phishing Email - Telefonbanking Oh mann Router vom Strom nehmen, 30 min warten, wieder anklemmen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

10.09.2013, 06:47	#26
schrauber /// the machine /// TB-Ausbilder	Deutsche Bank Phishing Email - Telefonbanking geht es denn nun wieder? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Deutsche Bank Phishing Email - Telefonbanking

Plagegeister aller Art und deren Bekämpfung: Deutsche Bank Phishing Email - Telefonbanking