Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7 - Monstermarketplace Umleitung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.09.2013, 14:46   #1
cajon
 
Win7 - Monstermarketplace Umleitung - Standard

Win7 - Monstermarketplace Umleitung



Liebes Forum-Team,
ich habe ein Problem, dass an anderen Stellen schon behandelt wurde. In meinem Firefox scheint auf Internetseiten eine gelbe Schrift auf, die auf Seiten wie monstermarketplace weiterleiten möchte. Ich habe schon adwcleaner laufen lassen und manche addons im Firefox entfernt, die gelbe Schrift mit der Verlinkung zu monstermarketplace sind schon weg, ich weiß aber nicht ob ich clean bin!?!

Hier findet ihr alle logfiles die ich zusammengesammelt habe - Allgemein 3 und 4 habe ich noch nicht ausgeführt - werden diese noch benötigt?!

Ich bitte um eure Hilfe! Danke schon im vorraus!
Lg cajon

Hier meine Firefox Informationen zur Fehlerbehebung
Code:
ATTFilter
  Allgemeine Informationen

        Name
        Firefox

        Version
        23.0.1

        User-Agent
        Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0

        Build-Konfiguration

          about:buildconfig

  Erweiterungen

        Name

        Version

        Aktiviert

        ID

        Adblock Plus
        2.3.2
        true
        {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

        Download Statusbar
        0.9.10
        true
        {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

        DVDVideoSoft YouTube MP3 and Video Download
        4.2.1.9
        true
        {ACAA314B-EEBA-48e4-AD47-84E31C44796C}

        Firebug
        1.12.1
        true
        firebug@software.joehewitt.com

        FoxTab
        1.4.9
        true
        {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

        Ghostery
        5.0.4
        true
        firefox@ghostery.com

        WOT
        20130515
        true
        {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

        Adobe Acrobat - Create PDF
        1.2
        false
        web2pdfextension@web2pdf.adobedotcom

        Anti-Banner
        12.0.1.511
        false
        KavAntiBanner@Kaspersky.ru

        Firefox Synchronisation Extension
        1.7.110.333
        false
        fe_9.0@nokia.com

        Kaspersky URL Advisor
        12.0.1.511
        false
        linkfilter@kaspersky.ru

        Kaspersky Virtual Keyboard
        12.0.1.511
        false
        virtualKeyboard@kaspersky.ru

  Wichtige modifizierte Einstellungen

      Name

      Wert

        accessibility.typeaheadfind.flashBar
        0

        browser.cache.disk.capacity
        358400

        browser.cache.disk.smart_size.first_run
        false

        browser.cache.disk.smart_size.use_old_max
        false

        browser.cache.disk.smart_size_cached_value
        358400

        browser.places.importBookmarksHTML
        false

        browser.places.smartBookmarksVersion
        4

        browser.search.useDBForOrder
        true

        browser.startup.homepage_override.buildID
        20130814063812

        browser.startup.homepage_override.mstone
        23.0.1

        browser.tabs.warnOnClose
        false

        dom.mozApps.used
        true

        dom.w3c_touch_events.expose
        false

        extensions.lastAppVersion
        23.0.1

        font.internaluseonly.changed
        true

        gfx.direct3d.checkDX10
        false

        gfx.direct3d.last_used_feature_level_idx
        1

        network.cookie.prefsMigrated
        true

        places.database.lastMaintenance
        1378806519

        places.history.expiration.transient_current_max_pages
        103753

        places.history.expiration.transient_optimal_database_size
        166003506

        places.last_vacuum
        1297520624

        plugin.disable_full_page_plugin_for_types
        application/pdf

        plugin.importedState
        true

        plugin.state.npitunes
        0

        print.print_printer
        Microsoft XPS Document Writer

        print.printer_Microsoft_XPS_Document_Writer.print_bgcolor
        false

        print.printer_Microsoft_XPS_Document_Writer.print_bgimages
        false

        print.printer_Microsoft_XPS_Document_Writer.print_command

        print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts
        false

        print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom
        0

        print.printer_Microsoft_XPS_Document_Writer.print_edge_left
        0

        print.printer_Microsoft_XPS_Document_Writer.print_edge_right
        0

        print.printer_Microsoft_XPS_Document_Writer.print_edge_top
        0

        print.printer_Microsoft_XPS_Document_Writer.print_evenpages
        true

        print.printer_Microsoft_XPS_Document_Writer.print_footercenter

        print.printer_Microsoft_XPS_Document_Writer.print_footerleft
        &PT

        print.printer_Microsoft_XPS_Document_Writer.print_footerright
        &D

        print.printer_Microsoft_XPS_Document_Writer.print_headercenter

        print.printer_Microsoft_XPS_Document_Writer.print_headerleft
        &T

        print.printer_Microsoft_XPS_Document_Writer.print_headerright
        &U

        print.printer_Microsoft_XPS_Document_Writer.print_in_color
        true

        print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom
        0.5

        print.printer_Microsoft_XPS_Document_Writer.print_margin_left
        0.5

        print.printer_Microsoft_XPS_Document_Writer.print_margin_right
        0.5

        print.printer_Microsoft_XPS_Document_Writer.print_margin_top
        0.5

        print.printer_Microsoft_XPS_Document_Writer.print_oddpages
        true

        print.printer_Microsoft_XPS_Document_Writer.print_orientation
        0

        print.printer_Microsoft_XPS_Document_Writer.print_pagedelay
        500

        print.printer_Microsoft_XPS_Document_Writer.print_paper_data
        9

        print.printer_Microsoft_XPS_Document_Writer.print_paper_height
        11,00

        print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type
        0

        print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit
        1

        print.printer_Microsoft_XPS_Document_Writer.print_paper_width
        8,50

        print.printer_Microsoft_XPS_Document_Writer.print_reversed
        false

        print.printer_Microsoft_XPS_Document_Writer.print_scaling
        1,00

        print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit
        true

        print.printer_Microsoft_XPS_Document_Writer.print_to_file
        false

        print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom
        0

        print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left
        0

        print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right
        0

        print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top
        0

        privacy.donottrackheader.enabled
        true

        privacy.popups.showBrowserMessage
        false

        privacy.sanitize.migrateFx3Prefs
        true

        security.warn_viewing_mixed
        false

        storage.vacuum.last.index
        1

        storage.vacuum.last.places.sqlite
        1377275059

  Grafik

        Direct2D aktiviert
        true

        DirectWrite aktiviert
        true (6.2.9200.16571)

        Geräte-ID
        0x0046

        GPU #2 aktiv
        false

        GPU-beschleunigte Fenster
        1/1 Direct3D 10

        Karten-Beschreibung
        Intel(R) HD Graphics

        Karten-RAM
        Unknown

        Karten-Treiber
        igdumd64 igd10umd64 igdumdx32 igd10umd32

        Treiber-Datum
        1-10-2012

        Treiber-Version
        8.15.10.2622

        Vendor-ID
        0x8086

        WebGL-Renderer
        Google Inc. -- ANGLE (Intel(R) HD Graphics)

        AzureCanvasBackend
        direct2d

        AzureContentBackend
        direct2d

        AzureFallbackCanvasBackend
        cairo

  JavaScript

        Inkrementelle GC
        true

  Barrierefreiheit

        Aktiviert
        false

        Barrierefreiheit verhindern
        0

  Bibliotheken-Versionen

        Minimal vorausgesetzte Version

        Verwendete Version

        NSPR
        4.10
        4.10

        NSS
        3.15 Basic ECC
        3.15 Basic ECC

        NSSSMIME
        3.15 Basic ECC
        3.15 Basic ECC

        NSSSSL
        3.15 Basic ECC
        3.15 Basic ECC

        NSSUTIL
        3.15
        3.15
         
Ich bin absoluter Neuling auf diesem Gebiet und habe, bevor ich die Regeln gelesen habe, schon mit dem ADW Cleaner gearbeitet, dies hat er mit nach dem Neustart berichtet:
Code:
ATTFilter
# AdwCleaner v3.003 - Bericht erstellt am 10/09/2013 um 14:01:58
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : haijes - HAIJES2
# Gestartet von : C:\Users\haijes\Downloads\3003-adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\haijes\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\haijes\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\jetpack
Datei Gelöscht : C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-flash-maker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-flash-maker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TubeSaver

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2491 octets] - [10/09/2013 13:56:06]
AdwCleaner[S0].txt - [2307 octets] - [10/09/2013 14:01:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2367 octets] ##########
         
Allgemeiner Schritt 1) Mit dem defogger ist nichts herausgekommen!
Allgemeiner Schritt 2) FRST
FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by haijes (administrator) on HAIJES2 on 10-09-2013 15:37:40
Running from C:\Users\haijes\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hauppauge Computer Works) C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Games\Game Alarm\Updater.exe
(Europe Support Ltd. N.V.) C:\Games\Game Alarm\gamealarm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\haijes\Downloads\Defogger.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-03-09] (Microsoft Corporation)
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1083264 2012-02-01] (Nokia)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [GameXN GO] - "C:\ProgramData\GameXN\GameXNGO.exe" /startup
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKCU\...\Run: [AdobeBridge] - [x]
MountPoints2: {17acaa49-a103-11e0-8db0-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {17acaa66-a103-11e0-8db0-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {45d4c3f1-903c-11e0-a70b-c0cb386c051d} - E:\AutoRun.exe
MountPoints2: {47de9b7c-36d1-11e2-a231-c0cb386c051d} - E:\LaunchU3.exe -a
MountPoints2: {6695febe-a189-11e0-af0a-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {796b65d7-99d5-11e0-8c26-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {d083391a-a4b9-11e0-8606-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {d34d4352-8f70-11e0-84ba-c0cb386c051d} - E:\AutoRun.exe
MountPoints2: {d34d436b-8f70-11e0-84ba-c0cb386c051d} - E:\AutoRun.exe
MountPoints2: {d34d43b6-8f70-11e0-84ba-5c260a32a526} - E:\AutoRun.exe
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\haijes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk
ShortcutTarget: Game Alarm.lnk -> C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{48B81B09-92A5-412C-AF69-F4A8B81C5719}: [NameServer]194.48.124.202 194.48.124.200

FireFox:
========
FF ProfilePath: C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\searchplugins\dictcc.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: firebug - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firefox - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
R2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [558592 2010-11-03] (Hauppauge Computer Works)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2010-02-02] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-30] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 npf; C:\Windows\System32\drivers\npf.sys [40464 2009-02-08] (CACE Technologies)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2007-02-07] (CACE Technologies)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 15:36 - 2013-09-10 15:36 - 01949196 _____ (Farbar) C:\Users\haijes\Desktop\FRST64.exe
2013-09-10 14:13 - 2013-09-10 14:13 - 00000474 _____ C:\Users\haijes\Downloads\defogger_disable.log
2013-09-10 14:13 - 2013-09-10 14:13 - 00000000 _____ C:\Users\haijes\defogger_reenable
2013-09-10 14:12 - 2013-09-10 14:12 - 00050477 _____ C:\Users\haijes\Downloads\Defogger.exe
2013-09-10 13:55 - 2013-09-10 14:02 - 00000000 ____D C:\AdwCleaner
2013-09-10 13:50 - 2013-04-04 05:30 - 00263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-10 13:49 - 2013-09-10 13:51 - 01037278 _____ C:\Users\haijes\Downloads\3003-adwcleaner.exe
2013-09-10 11:35 - 2013-09-10 11:35 - 07442384 _____ C:\Users\haijes\Downloads\MyPhoneExplorer_Setup_v1.8.5.exe
2013-09-10 10:29 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-10 10:29 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-10 10:29 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-10 10:29 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-10 10:29 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-10 10:29 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-10 10:29 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-10 10:29 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-10 10:29 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-10 10:29 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-10 10:29 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-10 10:29 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 10:19 - 2013-09-10 10:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-10 10:04 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-10 10:04 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-10 10:04 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-10 10:04 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-10 10:04 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-10 10:04 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-10 10:04 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-09-10 10:04 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-10 10:03 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-10 10:03 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-10 10:03 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-10 10:03 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-10 10:03 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-10 10:03 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-10 10:02 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-10 10:02 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 00:32 - 2013-09-09 00:32 - 00129024 _____ C:\Users\haijes\Downloads\36712_731_731_vaterunsernimmunsalsdeinekinderan.ppt
2013-08-30 20:08 - 2013-08-30 21:07 - 00000000 ____D C:\Users\haijes\Desktop\Bella
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iTunes
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iPod
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-17 22:13 - 2013-09-10 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-10 15:38 - 2011-02-09 16:49 - 00000000 ____D C:\Users\haijes\AppData\Roaming\Skype
2013-09-10 15:37 - 2013-09-10 15:37 - 00000000 ____D C:\FRST
2013-09-10 15:36 - 2013-09-10 15:36 - 01949196 _____ (Farbar) C:\Users\haijes\Desktop\FRST64.exe
2013-09-10 15:35 - 2011-12-22 20:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-10 15:35 - 2011-05-10 12:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 15:35 - 2011-02-08 13:25 - 01654070 _____ C:\Windows\WindowsUpdate.log
2013-09-10 14:15 - 2011-02-09 16:53 - 00000000 ____D C:\Users\haijes\Documents\Outlook-Dateien
2013-09-10 14:14 - 2009-07-14 06:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 14:14 - 2009-07-14 06:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 14:13 - 2013-09-10 14:13 - 00000474 _____ C:\Users\haijes\Downloads\defogger_disable.log
2013-09-10 14:13 - 2013-09-10 14:13 - 00000000 _____ C:\Users\haijes\defogger_reenable
2013-09-10 14:13 - 2011-02-08 20:34 - 00000000 ____D C:\Users\haijes
2013-09-10 14:12 - 2013-09-10 14:12 - 00050477 _____ C:\Users\haijes\Downloads\Defogger.exe
2013-09-10 14:05 - 2011-12-22 20:38 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-10 14:05 - 2011-05-10 12:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 14:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 14:05 - 2009-07-14 06:51 - 00355733 _____ C:\Windows\setupact.log
2013-09-10 14:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-09-10 14:04 - 2011-02-08 21:11 - 00056068 _____ C:\Windows\PFRO.log
2013-09-10 14:02 - 2013-09-10 13:55 - 00000000 ____D C:\AdwCleaner
2013-09-10 13:51 - 2013-09-10 13:49 - 01037278 _____ C:\Users\haijes\Downloads\3003-adwcleaner.exe
2013-09-10 13:50 - 2013-08-17 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-10 12:01 - 2011-02-11 10:11 - 00000000 ___RD C:\Users\haijes\Privat
2013-09-10 12:01 - 2011-02-11 10:11 - 00000000 ____D C:\Users\haijes\Schule
2013-09-10 12:00 - 2012-10-02 15:48 - 00000000 ____D C:\Users\haijes\Desktop\Fotos
2013-09-10 11:37 - 2013-04-13 15:31 - 00000000 ____D C:\Users\haijes\Dekanat
2013-09-10 11:37 - 2012-08-14 22:13 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-09-10 11:35 - 2013-09-10 11:35 - 07442384 _____ C:\Users\haijes\Downloads\MyPhoneExplorer_Setup_v1.8.5.exe
2013-09-10 10:31 - 2011-02-08 20:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-10 10:23 - 2013-09-10 10:19 - 00000000 ____D C:\Windows\system32\MRT
2013-09-10 10:18 - 2011-02-11 14:53 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-09 21:05 - 2011-02-09 17:51 - 00000000 ____D C:\Users\haijes\AppData\Local\Adobe
2013-09-09 16:16 - 2011-02-09 17:41 - 00020992 _____ C:\Users\haijes\Desktop\Daten.xlsx
2013-09-09 13:52 - 2011-06-05 19:13 - 00102416 _____ C:\Users\haijes\Desktop\Geldübersicht.xlsx
2013-09-09 11:44 - 2009-07-14 19:58 - 03819762 _____ C:\Windows\system32\perfh007.dat
2013-09-09 11:44 - 2009-07-14 19:58 - 01166822 _____ C:\Windows\system32\perfc007.dat
2013-09-09 11:44 - 2009-07-14 07:13 - 00006456 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 11:15 - 2012-07-10 10:36 - 00000000 ____D C:\Users\haijes\Pfarre
2013-09-09 00:32 - 2013-09-09 00:32 - 00129024 _____ C:\Users\haijes\Downloads\36712_731_731_vaterunsernimmunsalsdeinekinderan.ppt
2013-09-08 23:23 - 2013-02-17 15:56 - 00000000 ____D C:\Users\haijes\Pfarrhomepage
2013-08-30 21:07 - 2013-08-30 20:08 - 00000000 ____D C:\Users\haijes\Desktop\Bella
2013-08-30 11:37 - 2012-08-14 22:15 - 00000000 ____D C:\Users\haijes\AppData\Roaming\MyPhoneExplorer
2013-08-24 11:23 - 2012-05-06 11:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iTunes
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iPod
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files (x86)\iTunes

Files to move or delete:
====================
C:\Users\haijes\AppData\Local\Temp\autorun.dll
C:\Users\haijes\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\haijes\AppData\Local\Temp\Execute2App.exe
C:\Users\haijes\AppData\Local\Temp\ezGameXN.dll
C:\Users\haijes\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\haijes\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\haijes\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\haijes\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\haijes\AppData\Local\Temp\GameXNGO.exe
C:\Users\haijes\AppData\Local\Temp\hcwclear.exe
C:\Users\haijes\AppData\Local\Temp\InstallAX.exe
C:\Users\haijes\AppData\Local\Temp\IR32.exe
C:\Users\haijes\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\haijes\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\haijes\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\haijes\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\haijes\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\haijes\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\haijes\AppData\Local\Temp\msvcp90.dll
C:\Users\haijes\AppData\Local\Temp\msvcr90.dll
C:\Users\haijes\AppData\Local\Temp\NEventMessages.dll
C:\Users\haijes\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\haijes\AppData\Local\Temp\ose00000.exe
C:\Users\haijes\AppData\Local\Temp\Quarantine.exe
C:\Users\haijes\AppData\Local\Temp\Refresh.exe
C:\Users\haijes\AppData\Local\Temp\ResetDevice.exe
C:\Users\haijes\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-31 09:11

==================== End Of Log ============================
         
addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by haijes at 2013-09-10 15:39:18
Running from C:\Users\haijes\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color - Photoshop Specific (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0)
Adobe Color EU Recommended Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Extra Settings (x32 Version: 1.0)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Content Viewer (x32 Version: 1.4.0)
Adobe Creative Suite 3 Design Standard (x32 Version: 1.0)
Adobe Creative Suite 3 Design Standard hinzufügen oder entfernen (x32 Version: 1.0)
Adobe Creative Suite 5.5 Design Premium (x32 Version: 5.5)
Adobe Default Language CS3 (x32 Version: 1.0)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2)
Adobe Flash Player 10 ActiveX (x32 Version: 10.2.153.1)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Fonts All (x32 Version: 1.0)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Illustrator CS3 (x32 Version: 13.0)
Adobe InDesign CS3 (x32 Version: 5.0)
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe MotionPicture Color Files (x32 Version: 1.0)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Setup (x32 Version: 1.0)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Adobe SING CS3 (x32 Version: 0.1)
Adobe Stock Photos CS3 (x32 Version: 1.5)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe Version Cue CS3 Server (x32 Version: 3.0)
Adobe WAS CS3 (x32 Version: 1.0)
Adobe Widget Browser (x32 Version: 2.0 Build 230)
Adobe Widget Browser (x32 Version: 2.0.230)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
Adobe XMP Panels CS3 (x32 Version: 1.0)
AHV content for Acrobat and Flash (x32 Version: 1)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 1.3.12 (x32)
BMD CRW-II (x32 Version: 1.10.000)
bob internet (x32 Version: 1.0.0.139)
bob internet (x32)
Bonjour (Version: 3.0.0.10)
Canon iP4700 series Printer Driver
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Touchpad (Version: 7.1107.101.210)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Free Studio version 5.6.3.706 (x32 Version: 5.6.3.706)
Free WMA to MP3 Converter 1.16 (x32)
Game Alarm (HKCU)
GeoGebra 4 (HKCU)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
Hauppauge WinTV 7 (x32 Version: v7.0.28314)
HomePlug Wireless Konfiguration (x32 Version: 3.0.0.0)
HomePlug-Konfigurationsassistent (x32 Version: 3.0.0.0)
Intel(R) Network Connections 15.2.89.0 (Version: 15.2.89.0)
iTunes (Version: 11.0.5.5)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.0)
Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Communicator 2007 R2 (x32 Version: 3.5.6907.268)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (HKCU)
MyPhoneExplorer (x32 Version: 1.8.5)
Nokia Connectivity Cable Driver (x32 Version: 7.1.69.0)
Nokia Suite (x32 Version: 3.3.89.0)
PC Connectivity Solution (x32 Version: 11.5.29.0)
PDF Settings (x32 Version: 1.0)
PDF Settings CS5 (x32 Version: 10.0)
QuickTime (x32 Version: 7.70.80.34)
Samsung Kies (x32 Version: 2.5.0.12104_15)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
SbX RW  Controlling HLW II 09-10 (x32)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Ski Challenge 12 (AT) (HKCU)
Ski Challenge 13 (AT) (HKCU)
Skype™ 6.6 (x32 Version: 6.6.106)
Sound Rescue Terratec 2.1 (x32)
swMSM (x32 Version: 12.0.0.1)
TeamViewer 8 (x32 Version: 8.0.18051)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Webocton - Scriptly 0.8.95.6 (x32 Version: 0.8.95.6)
WIDCOMM Bluetooth Software (Version: 6.5.1.2700)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
winpcap-overlook 4.02 (x32)
WLAN Card Utility (Version: 5.60.48.35)

==================== Restore Points  =========================

30-07-2013 08:15:53 Windows Update
31-08-2013 07:08:55 Windows Update
10-09-2013 08:04:16 Windows Update
10-09-2013 11:48:21 Removed Java(TM) 6 Update 31

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0A449411-0230-4478-9AB7-345F68135B3C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {17A9BD89-CB80-4E88-B50D-8AF7D776A163} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {37CCA0AE-84CB-4E75-BF83-CEF887ED94EF} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {6649CC62-E297-4B74-ADA1-7832871CB268} - System32\Tasks\AdobeAAMUpdater-1.0-haijes2-haijes => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {7E424391-7C25-433A-8BD9-76631FBBF397} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9B6124B1-6C58-48AD-A135-B560CE0B0BED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10] (Google Inc.)
Task: {A3A594C1-E425-41B0-BCC6-350FEDB77861} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10] (Google Inc.)
Task: {B390CF0D-C65D-4131-B47B-4DAD0875F2AB} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {C1BA3A37-B694-4802-B49D-56B552027A05} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C702930A-7B77-4673-A4B9-6522A88D7CD0} - System32\Tasks\{5E01FF16-541D-4779-A106-D895A0102CCF} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {EF8655EB-5D4B-4CCD-AE5C-F5DB3F5FF758} - System32\Tasks\{92EA8B08-FB51-4DC4-8E4F-CD6BB35EB3C9} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {FD9578DE-5444-4874-AB99-7CF224A9A8FB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-04 01:09 - 2013-04-04 01:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-01-10 22:20 - 2012-01-10 22:20 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-05-31 12:38 - 2010-05-31 12:38 - 00105840 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2009-07-14 02:09 - 2009-07-14 03:38 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\irprops.cpl
2010-05-31 12:38 - 2010-05-31 12:38 - 00105840 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\VXDIF.DLL
2011-03-13 15:35 - 2010-04-24 06:00 - 02914304 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMUIA1.DLL
2011-03-13 15:35 - 2010-04-24 06:00 - 00650240 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMDRA1.DLL
2011-03-13 15:35 - 2010-04-24 06:00 - 00113664 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMCPA1.DLL
2012-01-10 19:37 - 2012-01-10 19:37 - 08172928 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 02288512 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 00919936 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 01081216 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\Dal.dll
2012-02-01 09:10 - 2012-02-01 09:10 - 00880000 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\CommonUtilities.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00055680 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\MMSParser.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 00346496 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2012-01-10 19:38 - 2012-01-10 19:38 - 00709504 _____ (Nokia Corporation) C:\Program Files (x86)\Nokia\Nokia Suite\nossu2dm.dll
2012-02-01 09:10 - 2012-02-01 09:10 - 00942976 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\CommonWidgets.dll
2012-02-01 09:12 - 2012-02-01 09:12 - 00596864 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\WidgetLibrary.dll
2012-02-01 09:12 - 2012-02-01 09:12 - 03260800 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\styles\Style.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 00032640 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 00034688 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 00202624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 02521984 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\DAL\Service.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 00196480 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2012-02-01 09:12 - 2012-02-01 09:12 - 00050048 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\TrayIcon.dll
2012-01-10 19:35 - 2012-01-10 19:35 - 00189824 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\CDC.DLL
2012-02-01 09:11 - 2012-02-01 09:11 - 01226112 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\dashboard.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 02252672 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 01294208 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 02557312 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2012-02-01 09:12 - 2012-02-01 09:12 - 00095104 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2012-02-01 09:12 - 2012-02-01 09:12 - 00165248 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
2012-02-01 09:12 - 2012-02-01 09:12 - 00384896 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 10843520 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2012-01-10 19:38 - 2012-01-10 19:38 - 00272768 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 01352576 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\DAL\Pccs.dll
2012-01-04 14:31 - 2012-01-04 14:31 - 00661544 _____ (Nokia.) C:\Program Files (x86)\PC Connectivity Solution\ConnAPI.dll
2012-01-04 14:31 - 2012-01-04 14:31 - 00205352 _____ (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ConfServer.dll
2012-01-04 14:32 - 2012-01-04 14:32 - 00265256 _____ (Nokia) C:\Program Files (x86)\PC Connectivity Solution\PCCS_ABAPI.dll
2012-01-04 14:31 - 2012-01-04 14:31 - 01485352 _____ (Nokia) C:\Program Files (x86)\PC Connectivity Solution\DAAPI.dll
2012-02-01 09:10 - 2012-02-01 09:10 - 00357760 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\DAL\NossuService.dll
2012-02-01 09:12 - 2012-02-01 09:12 - 01128320 _____ (Nokia Corporation) C:\Program Files (x86)\Nokia\Nokia Suite\nossu2fn.dll
2012-02-01 09:10 - 2012-02-01 09:10 - 00506240 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\DAL\NokiaService.dll
2012-02-01 09:12 - 2012-02-01 09:12 - 00423808 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2012-02-01 09:12 - 2012-02-01 09:12 - 00058240 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2012-01-10 19:36 - 2012-01-10 19:36 - 00388480 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
2012-02-01 09:10 - 2012-02-01 09:10 - 00405376 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\DAL\MapsService.dll
2012-01-10 19:36 - 2012-01-10 19:36 - 01037696 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00654208 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\DAL\Sync.dll
2011-12-21 12:11 - 2011-12-21 12:11 - 00325120 _____ (Nokia Corporation.) C:\Program Files (x86)\Nokia\Nokia Suite\syncRuntimeAPI.dll
2011-12-21 12:10 - 2011-12-21 12:10 - 00942080 _____ (Nokia Corporation.) C:\Program Files (x86)\Nokia\Nokia Suite\ilsyncEx.dll
2011-12-21 12:09 - 2011-12-21 12:09 - 00056832 _____ (Nokia Corporation.) C:\Program Files (x86)\Nokia\Nokia Suite\Attendees.dll
2011-12-21 12:09 - 2011-12-21 12:09 - 01061888 _____ (Nokia Corporation.) C:\Program Files (x86)\Nokia\Nokia Suite\recipients.dll
2011-12-21 12:09 - 2011-12-21 12:09 - 00069120 _____ (Nokia Corporation.) C:\Program Files (x86)\Nokia\Nokia Suite\PTATTACH.dll
2011-12-21 12:10 - 2011-12-21 12:10 - 00599040 _____ (Nokia Corporation.) C:\Program Files (x86)\Nokia\Nokia Suite\iltif32.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 02914176 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\MDataStore.dll
2012-02-01 09:12 - 2012-02-01 09:12 - 00253312 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\UI-QML_Library.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00437632 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00459136 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\MEvent.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00850304 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\MItems.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00380288 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\carousel.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 01371008 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\contacts.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00196480 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\BringYourStuff.dll
2012-02-01 09:12 - 2012-02-01 09:12 - 01962880 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\Photos.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 01531776 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\Messages.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 00422272 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 04954496 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\Music.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 00517504 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2012-01-10 19:37 - 2012-01-10 19:37 - 00682880 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00993152 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\maps.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 02191744 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\SoftwareUpdater.dll
2012-01-10 19:35 - 2012-01-10 19:35 - 00758656 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00214400 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\ApplicationInstaller.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00702336 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\BackUp.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00924544 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\caresuite.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00865152 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\ConnectToInternet.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00294272 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\customerfeedback.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00589696 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\FirstTimeUse.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00627584 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\NokiaAccount.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00141184 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\nps.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00510848 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\PIM.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00208256 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\Settings.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 00066944 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\plugins\WhatsNew.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 01131904 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\MThumbnailService.dll
2012-02-01 09:11 - 2012-02-01 09:11 - 02141056 _____ (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\MItemPlugins.dll
2012-01-05 17:00 - 2012-01-05 17:00 - 00112640 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
2012-11-09 22:12 - 2013-02-13 04:00 - 00166288 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\AgentDialogs.dll
2012-11-09 22:12 - 2013-02-13 04:00 - 00054152 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\AgentModels.dll
2012-11-09 22:12 - 2013-02-13 04:00 - 00119688 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\GlobalUtil.dll
2012-11-09 22:12 - 2013-02-13 04:00 - 01025936 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
2012-11-09 22:12 - 2013-02-13 04:00 - 01612680 _____ (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\AgentModule.dll
2013-01-10 16:32 - 2013-02-13 04:00 - 00106496 _____ (TODO: <Company name>) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\BaseUI.dll
2012-11-09 22:12 - 2013-02-13 04:00 - 03341208 _____ (Codejock Software) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\ToolkitPro1331vc90U.dll
2012-10-29 13:10 - 2012-10-29 13:10 - 00307200 _____ ( MarkAny.) C:\Program Files (x86)\Samsung\Kies\External\MACSSDK.dll
2011-07-05 16:19 - 2010-11-03 19:30 - 00074752 _____ (Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\DataModel.dll
2011-07-05 16:19 - 2010-11-10 18:58 - 00563200 _____ (Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\MultiMediaServices.dll
2011-07-05 16:19 - 2010-11-10 18:57 - 00598528 _____ (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\WinTV7\NativeMMS.dll
2011-07-05 16:19 - 2010-11-10 18:58 - 00019456 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2013-08-17 22:13 - 2013-08-17 22:13 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-10-13 21:41 - 2011-10-13 21:41 - 00090512 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
2011-04-25 00:12 - 2011-04-25 00:12 - 00012688 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avpinit.dll
2011-10-13 21:41 - 2012-10-30 15:44 - 00455096 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avpmain.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 00147856 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\prremote.dll
2011-04-25 00:13 - 2012-10-30 15:44 - 00098744 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\fssync.dll
2011-04-25 00:12 - 2011-04-25 00:12 - 00123280 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\DumpWriter.dll
2011-04-25 00:12 - 2011-04-25 00:12 - 00019856 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\CLLDR.DLL
2011-04-25 00:13 - 2011-04-25 00:13 - 00270736 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\prloader.dll
2011-04-25 00:14 - 2011-04-25 00:14 - 00115088 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\nfio.ppl
2011-04-25 00:13 - 2011-04-25 00:13 - 00021392 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\fsdrvplg.ppl
2011-04-25 00:14 - 2011-04-25 00:14 - 00038288 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\winreg.ppl
2011-04-25 00:13 - 2013-09-08 13:09 - 00274624 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\service.dll
2011-04-25 00:13 - 2013-09-08 13:09 - 00979136 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\eka_meta.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 00315792 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\esmgr.dll
2011-10-13 21:41 - 2012-05-02 18:12 - 00042896 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\pxstub.ppl
2011-10-13 21:41 - 2013-09-08 13:09 - 01118400 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\params.ppl
2011-10-13 21:41 - 2013-09-08 13:09 - 04460736 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avpgui.ppl
2011-04-25 00:13 - 2011-04-25 00:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
2011-10-13 21:41 - 2012-10-30 15:44 - 02154936 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\basegui.ppl
2011-04-25 00:14 - 2011-04-25 00:14 - 00041360 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\thpimpl.ppl
2011-04-25 00:13 - 2011-04-25 00:13 - 00074128 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\memmon.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 00582032 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\localization_manager.dll
2011-04-20 20:56 - 2011-04-20 20:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
2012-11-12 12:42 - 2013-02-13 12:32 - 00250368 _____ (Windows (R) Codename Longhorn DDK provider) C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
2012-11-29 23:59 - 2012-11-29 23:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-05-10 09:57 - 2013-05-10 09:57 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2010-11-17 14:16 - 2010-11-17 14:16 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2011-06-11 19:36 - 2010-11-20 04:16 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINSPOOL.DRV
2009-09-18 16:46 - 2009-09-18 16:46 - 00876544 _____ (STLport Consulting, Inc.) C:\Games\Game Alarm\stlport.5.0.dll
2012-12-11 16:17 - 2012-12-11 16:17 - 00020480 _____ () C:\Games\Game Alarm\rt\bin\jetvm\jvm.dll
2012-12-11 16:17 - 2012-12-11 16:17 - 00348160 _____ (Microsoft Corporation) C:\Games\Game Alarm\rt\bin\msvcr71.dll
2012-12-11 16:17 - 2012-12-11 16:17 - 00015872 _____ (Sun Microsystems, Inc.) C:\Games\Game Alarm\rt\bin\hpi.dll
2012-12-11 16:17 - 2012-12-11 16:17 - 00069632 _____ () C:\Games\Game Alarm\rt\bin\java.dll
2012-12-11 16:17 - 2012-12-11 16:17 - 00126976 _____ () C:\Games\Game Alarm\rt\bin\zip.dll
2012-12-11 16:17 - 2012-12-11 16:17 - 00077824 _____ (Sun Microsystems, Inc.) C:\Games\Game Alarm\rt\bin\net.dll
2012-12-11 16:17 - 2012-12-11 16:17 - 00020480 _____ (Sun Microsystems, Inc.) C:\Games\Game Alarm\rt\bin\nio.dll
2012-12-11 16:17 - 2012-12-11 16:17 - 00159744 _____ () C:\Games\Game Alarm\rt\jetrt\baseline720.dll
2012-12-11 16:17 - 2012-12-11 16:17 - 01212416 _____ (Sun Microsystems, Inc.) C:\Games\Game Alarm\rt\bin\awt.dll
2012-12-11 16:17 - 2012-12-11 16:17 - 00339968 _____ (Sun Microsystems, Inc.) C:\Games\Game Alarm\rt\bin\fontmanager.dll
2013-08-10 11:31 - 2013-08-10 11:31 - 16166280 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-05-10 09:57 - 2013-05-10 09:57 - 00105984 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU
2011-05-30 00:04 - 2011-05-30 00:04 - 00085720 _____ (FJ Software Development) C:\Program Files (x86)\MyPhoneExplorer\DLL\MyPhoneExplorer_OutlookAddIn.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 00336272 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\mcou.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 00123280 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\mapiedk.dll
2013-05-10 09:57 - 2013-05-10 09:57 - 02897488 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-05-10 09:57 - 2013-05-10 09:57 - 01446400 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-10-20 17:08 - 2010-10-20 17:08 - 00122720 _____ () C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL
2011-10-13 21:41 - 2012-09-03 16:16 - 00147896 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\scrchpg.dll
2011-04-25 00:14 - 2011-04-25 00:14 - 00086416 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\mailmsg.ppl
2011-04-25 00:13 - 2011-04-25 00:13 - 00017296 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\hashmd5.ppl
2011-04-25 00:14 - 2011-04-25 00:14 - 00082320 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\mdb.ppl
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll
2011-04-25 00:13 - 2011-04-25 00:13 - 00030096 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klscav.dll
2013-06-11 12:03 - 2013-06-11 12:03 - 06163104 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash10o.ocx

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH w/swipe sensor
Description: Broadcom USH w/swipe sensor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2013 03:35:10 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (09/10/2013 02:23:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12090

Error: (09/10/2013 02:23:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12090

Error: (09/10/2013 02:23:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2013 02:23:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11076

Error: (09/10/2013 02:23:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11076

Error: (09/10/2013 02:23:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2013 02:23:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10046

Error: (09/10/2013 02:23:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10046

Error: (09/10/2013 02:23:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/10/2013 02:05:02 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎10.‎09.‎2013 um 14:03:19 unerwartet heruntergefahren.

Error: (09/10/2013 00:56:51 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/10/2013 09:51:36 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎09.‎09.‎2013 um 22:00:03 unerwartet heruntergefahren.

Error: (09/09/2013 09:36:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/09/2013 09:36:26 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.

Error: (09/09/2013 09:35:46 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎09.‎09.‎2013 um 00:42:39 unerwartet heruntergefahren.

Error: (09/09/2013 00:43:26 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/08/2013 11:33:09 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎31.‎08.‎2013 um 10:23:39 unerwartet heruntergefahren.

Error: (08/31/2013 10:24:14 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/30/2013 07:52:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht.


Microsoft Office Sessions:
=========================
Error: (09/10/2013 03:35:10 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (09/10/2013 02:23:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12090

Error: (09/10/2013 02:23:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12090

Error: (09/10/2013 02:23:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2013 02:23:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11076

Error: (09/10/2013 02:23:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11076

Error: (09/10/2013 02:23:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2013 02:23:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10046

Error: (09/10/2013 02:23:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10046

Error: (09/10/2013 02:23:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2013-03-22 17:28:48.668
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 17:28:48.527
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 17:28:45.164
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 17:28:44.967
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 17:28:42.484
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 17:28:42.269
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 17:28:39.282
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 17:28:39.071
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 17:28:36.494
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-03-22 17:28:36.302
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 64%
Total physical RAM: 3957.83 MB
Available physical RAM: 1404.61 MB
Total Pagefile: 7913.85 MB
Available Pagefile: 4692.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.08 GB) (Free:59.5 GB) NTFS
Drive e: (HAIJES_SAM4) (Removable) (Total:7.4 GB) (Free:5.38 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================
         

Alt 10.09.2013, 15:48   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 - Monstermarketplace Umleitung - Standard

Win7 - Monstermarketplace Umleitung



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 10.09.2013, 16:52   #3
cajon
 
Win7 - Monstermarketplace Umleitung - Standard

Win7 - Monstermarketplace Umleitung



Habe das jetzt ausgeführt und hier sind die Ergebnisse:


Malwarebytes Anti-Malware :
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
haijes :: HAIJES2 [Administrator]

10.09.2013 17:06:11
mbam-log-2013-09-10 (17-06-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 264362
Laufzeit: 17 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\haijes\AppData\Local\Temp\nso9D38.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\haijes\Downloads\MyPhoneExplorer_Setup_1.8.4.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\haijes\Downloads\MyPhoneExplorer_Setup_v1.8.5.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\haijes\Downloads\SoftonicDownloader_fuer_photo-flash-maker.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Hier der JRT.txt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Professional x64
Ran by haijes on 10.09.2013 at 17:38:31,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{21D3A891-5A92-4832-8CDE-17B810AED83F}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{224FB4A6-CAAF-4D03-B43D-A14F822B6331}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{25A22097-55D5-43B0-B72D-7807B950D9BA}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{25F0352F-BD81-4B6C-AB29-81FC012186D6}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{29517A15-B768-4000-8FAE-A41733C41E82}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{31867212-EADC-47A1-AF29-CAC7B0A08FDD}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{3E28D1CD-8E80-48FC-BF40-B118CE9E0346}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{3F506C4E-3C6D-415B-9EEC-925CF04F01FC}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{4ECFC99D-41DA-4F71-A15C-BB40AAB81D96}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{5EB7582E-0806-4655-AB89-0F0284D2EA4B}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{6C5D6173-29E0-419D-8855-D8D0D44ACF24}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{72AB5F4B-A5D6-45FD-8654-254A113E00E9}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{89F6903F-3C4F-46A1-9C3A-35AE911426C8}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{901D4F96-6D09-4C4B-95D0-ECDF03466711}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{965C17A0-8AEA-4C50-B811-82B1EDC8248F}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{97D40B20-1703-4794-A6A8-7C65B8FDA58B}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{B5B6A13F-DC7D-4B93-BECE-C94A5AE83D2B}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{BF9C84DC-D239-4120-BFB1-0A6190B52990}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{CD2D0E4E-85B7-4853-9DA1-5881DE5D4D39}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{D76B17E8-A764-479A-A68D-F27385013428}
Successfully deleted: [Empty Folder] C:\Users\haijes\appdata\local\{DB97C0AB-26AE-47D9-8416-C970AE41039D}



~~~ FireFox

Emptied folder: C:\Users\haijes\AppData\Roaming\mozilla\firefox\profiles\u3l6ue87.default\minidumps [285 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.09.2013 at 17:45:22,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und nun der frische FRST log von jetzt:


FRST Logfile:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by haijes (administrator) on HAIJES2 on 10-09-2013 17:49:25
Running from C:\Users\haijes\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hauppauge Computer Works) C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Europe Support Ltd. N.V.) C:\Games\Game Alarm\gamealarm.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Thisisu) C:\Users\haijes\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-03-09] (Microsoft Corporation)
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1083264 2012-02-01] (Nokia)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [GameXN GO] - "C:\ProgramData\GameXN\GameXNGO.exe" /startup
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKCU\...\Run: [AdobeBridge] - [x]
MountPoints2: {17acaa49-a103-11e0-8db0-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {17acaa66-a103-11e0-8db0-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {45d4c3f1-903c-11e0-a70b-c0cb386c051d} - E:\AutoRun.exe
MountPoints2: {47de9b7c-36d1-11e2-a231-c0cb386c051d} - E:\LaunchU3.exe -a
MountPoints2: {6695febe-a189-11e0-af0a-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {796b65d7-99d5-11e0-8c26-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {d083391a-a4b9-11e0-8606-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {d34d4352-8f70-11e0-84ba-c0cb386c051d} - E:\AutoRun.exe
MountPoints2: {d34d436b-8f70-11e0-84ba-c0cb386c051d} - E:\AutoRun.exe
MountPoints2: {d34d43b6-8f70-11e0-84ba-5c260a32a526} - E:\AutoRun.exe
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\haijes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk
ShortcutTarget: Game Alarm.lnk -> C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{48B81B09-92A5-412C-AF69-F4A8B81C5719}: [NameServer]194.48.124.202 194.48.124.200

FireFox:
========
FF ProfilePath: C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\searchplugins\dictcc.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: firebug - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firefox - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0

==================== Services (Whitelisted) =================

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
R2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [558592 2010-11-03] (Hauppauge Computer Works)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2010-02-02] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-30] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 npf; C:\Windows\System32\drivers\npf.sys [40464 2009-02-08] (CACE Technologies)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2007-02-07] (CACE Technologies)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 17:38 - 2013-09-10 17:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 17:37 - 2013-09-10 17:37 - 01029490 _____ (Thisisu) C:\Users\haijes\Desktop\JRT.exe
2013-09-10 17:04 - 2013-09-10 17:04 - 00000000 ____D C:\Users\haijes\AppData\Roaming\Malwarebytes
2013-09-10 17:03 - 2013-09-10 17:03 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-10 17:03 - 2013-09-10 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 17:03 - 2013-09-10 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 17:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-10 17:02 - 2013-09-10 17:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\haijes\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-10 15:39 - 2013-09-10 15:39 - 00046365 _____ C:\Users\haijes\Desktop\Addition.txt
2013-09-10 15:37 - 2013-09-10 15:37 - 00000000 ____D C:\FRST
2013-09-10 15:36 - 2013-09-10 15:36 - 01949196 _____ (Farbar) C:\Users\haijes\Desktop\FRST64.exe
2013-09-10 14:13 - 2013-09-10 14:13 - 00000474 _____ C:\Users\haijes\Downloads\defogger_disable.log
2013-09-10 14:13 - 2013-09-10 14:13 - 00000000 _____ C:\Users\haijes\defogger_reenable
2013-09-10 14:12 - 2013-09-10 14:12 - 00050477 _____ C:\Users\haijes\Downloads\Defogger.exe
2013-09-10 13:55 - 2013-09-10 14:02 - 00000000 ____D C:\AdwCleaner
2013-09-10 13:50 - 2013-04-04 05:30 - 00263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-10 13:49 - 2013-09-10 13:51 - 01037278 _____ C:\Users\haijes\Downloads\3003-adwcleaner.exe
2013-09-10 10:29 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-10 10:29 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-10 10:29 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-10 10:29 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-10 10:29 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-10 10:29 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-10 10:29 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-10 10:29 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-10 10:29 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-10 10:29 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-10 10:29 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-10 10:29 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 10:19 - 2013-09-10 10:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-10 10:04 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-10 10:04 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-10 10:04 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-10 10:04 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-10 10:04 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-10 10:04 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-10 10:04 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-09-10 10:04 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-10 10:03 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-10 10:03 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-10 10:03 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-10 10:03 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-10 10:03 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-10 10:03 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-10 10:02 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-10 10:02 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 00:32 - 2013-09-09 00:32 - 00129024 _____ C:\Users\haijes\Downloads\36712_731_731_vaterunsernimmunsalsdeinekinderan.ppt
2013-08-30 20:08 - 2013-08-30 21:07 - 00000000 ____D C:\Users\haijes\Desktop\Bella
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iTunes
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iPod
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-17 22:13 - 2013-09-10 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-10 17:45 - 2013-09-10 17:45 - 00003116 _____ C:\Users\haijes\Desktop\JRT.txt
2013-09-10 17:40 - 2009-07-14 06:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 17:40 - 2009-07-14 06:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 17:38 - 2013-09-10 17:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 17:37 - 2013-09-10 17:37 - 01029490 _____ (Thisisu) C:\Users\haijes\Desktop\JRT.exe
2013-09-10 17:34 - 2011-12-22 20:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-10 17:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-09-10 17:32 - 2011-05-10 12:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 17:31 - 2011-12-22 20:38 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-10 17:31 - 2011-02-08 21:11 - 00057236 _____ C:\Windows\PFRO.log
2013-09-10 17:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 17:31 - 2009-07-14 06:51 - 00355789 _____ C:\Windows\setupact.log
2013-09-10 17:29 - 2011-02-08 13:25 - 01661654 _____ C:\Windows\WindowsUpdate.log
2013-09-10 17:28 - 2013-05-05 20:21 - 00000000 ____D C:\Users\haijes\Jungschar
2013-09-10 17:28 - 2011-02-09 16:53 - 00000000 ____D C:\Users\haijes\Documents\Outlook-Dateien
2013-09-10 17:04 - 2013-09-10 17:04 - 00000000 ____D C:\Users\haijes\AppData\Roaming\Malwarebytes
2013-09-10 17:03 - 2013-09-10 17:03 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-10 17:03 - 2013-09-10 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 17:03 - 2013-09-10 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 17:03 - 2013-09-10 17:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\haijes\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-10 16:56 - 2011-02-09 16:49 - 00000000 ____D C:\Users\haijes\AppData\Roaming\Skype
2013-09-10 16:54 - 2011-05-10 12:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 16:42 - 2012-07-10 10:36 - 00000000 ____D C:\Users\haijes\Pfarre
2013-09-10 16:42 - 2011-02-08 20:34 - 00000000 ____D C:\Users\haijes
2013-09-10 16:39 - 2011-02-11 10:11 - 00000000 ____D C:\Users\haijes\Schule
2013-09-10 15:39 - 2013-09-10 15:39 - 00046365 _____ C:\Users\haijes\Desktop\Addition.txt
2013-09-10 15:37 - 2013-09-10 15:37 - 00000000 ____D C:\FRST
2013-09-10 15:36 - 2013-09-10 15:36 - 01949196 _____ (Farbar) C:\Users\haijes\Desktop\FRST64.exe
2013-09-10 14:13 - 2013-09-10 14:13 - 00000474 _____ C:\Users\haijes\Downloads\defogger_disable.log
2013-09-10 14:13 - 2013-09-10 14:13 - 00000000 _____ C:\Users\haijes\defogger_reenable
2013-09-10 14:12 - 2013-09-10 14:12 - 00050477 _____ C:\Users\haijes\Downloads\Defogger.exe
2013-09-10 14:02 - 2013-09-10 13:55 - 00000000 ____D C:\AdwCleaner
2013-09-10 13:51 - 2013-09-10 13:49 - 01037278 _____ C:\Users\haijes\Downloads\3003-adwcleaner.exe
2013-09-10 13:50 - 2013-08-17 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-10 12:01 - 2011-02-11 10:11 - 00000000 ___RD C:\Users\haijes\Privat
2013-09-10 12:00 - 2012-10-02 15:48 - 00000000 ____D C:\Users\haijes\Desktop\Fotos
2013-09-10 11:37 - 2013-04-13 15:31 - 00000000 ____D C:\Users\haijes\Dekanat
2013-09-10 11:37 - 2012-08-14 22:13 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-09-10 10:31 - 2011-02-08 20:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-10 10:23 - 2013-09-10 10:19 - 00000000 ____D C:\Windows\system32\MRT
2013-09-10 10:18 - 2011-02-11 14:53 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-09 21:05 - 2011-02-09 17:51 - 00000000 ____D C:\Users\haijes\AppData\Local\Adobe
2013-09-09 16:16 - 2011-02-09 17:41 - 00020992 _____ C:\Users\haijes\Desktop\Daten.xlsx
2013-09-09 13:52 - 2011-06-05 19:13 - 00102416 _____ C:\Users\haijes\Desktop\Geldübersicht.xlsx
2013-09-09 11:44 - 2009-07-14 19:58 - 03819762 _____ C:\Windows\system32\perfh007.dat
2013-09-09 11:44 - 2009-07-14 19:58 - 01166822 _____ C:\Windows\system32\perfc007.dat
2013-09-09 11:44 - 2009-07-14 07:13 - 00006456 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 00:32 - 2013-09-09 00:32 - 00129024 _____ C:\Users\haijes\Downloads\36712_731_731_vaterunsernimmunsalsdeinekinderan.ppt
2013-09-08 23:23 - 2013-02-17 15:56 - 00000000 ____D C:\Users\haijes\Pfarrhomepage
2013-08-30 21:07 - 2013-08-30 20:08 - 00000000 ____D C:\Users\haijes\Desktop\Bella
2013-08-30 11:37 - 2012-08-14 22:15 - 00000000 ____D C:\Users\haijes\AppData\Roaming\MyPhoneExplorer
2013-08-24 11:23 - 2012-05-06 11:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iTunes
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iPod
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files (x86)\iTunes

Files to move or delete:
====================
C:\Users\haijes\AppData\Local\Temp\autorun.dll
C:\Users\haijes\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\haijes\AppData\Local\Temp\Execute2App.exe
C:\Users\haijes\AppData\Local\Temp\ezGameXN.dll
C:\Users\haijes\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\haijes\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\haijes\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\haijes\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\haijes\AppData\Local\Temp\GameXNGO.exe
C:\Users\haijes\AppData\Local\Temp\hcwclear.exe
C:\Users\haijes\AppData\Local\Temp\InstallAX.exe
C:\Users\haijes\AppData\Local\Temp\IR32.exe
C:\Users\haijes\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\haijes\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\haijes\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\haijes\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\haijes\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\haijes\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\haijes\AppData\Local\Temp\msvcp90.dll
C:\Users\haijes\AppData\Local\Temp\msvcr90.dll
C:\Users\haijes\AppData\Local\Temp\NEventMessages.dll
C:\Users\haijes\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\haijes\AppData\Local\Temp\ose00000.exe
C:\Users\haijes\AppData\Local\Temp\Quarantine.exe
C:\Users\haijes\AppData\Local\Temp\Refresh.exe
C:\Users\haijes\AppData\Local\Temp\ResetDevice.exe
C:\Users\haijes\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-31 09:11

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---
__________________

Alt 10.09.2013, 20:00   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 - Monstermarketplace Umleitung - Standard

Win7 - Monstermarketplace Umleitung




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.09.2013, 06:47   #5
cajon
 
Win7 - Monstermarketplace Umleitung - Standard

Win7 - Monstermarketplace Umleitung



Guten Morgen,
ich habe jetzt über Nacht ESET laufen gehabt. Er hat mir zwei Funde angezeigt...

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b6c0df87111c214f869f4cf505e5e96c
# engine=15082
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-11 01:08:28
# local_time=2013-09-11 03:08:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777213 100 98 20892 75509620 0 0
# compatibility_mode=5893 16776573 100 94 33779 130491558 0 0
# scanned=470957
# found=2
# cleaned=0
# scan_time=20637
sh=ACF593B8FF894B4B1E2A326058F7F23E87E4F01D ft=1 fh=57c0c69c994b76bf vn="multiple threats" ac=I fn="C:\Users\haijes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5BOF392R\TubeSaver_2070-2021_v122[1].exe"
sh=7734711563A3BDE5D331F02F1960FBB3E32B74BB ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\haijes\AppData\Local\Temp\jar_cache3856391658901057157.tmp"
         
Nun wollte ich den Security Check laufen lassen nur meldet er mit:

Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
Trotzdem hier der aktuelle FRST-logfile

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013
Ran by haijes (administrator) on HAIJES2 on 11-09-2013 07:43:50
Running from C:\Users\haijes\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hauppauge Computer Works) C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Europe Support Ltd. N.V.) C:\Games\Game Alarm\gamealarm.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\haijes\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-03-09] (Microsoft Corporation)
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1083264 2012-02-01] (Nokia)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [GameXN GO] - "C:\ProgramData\GameXN\GameXNGO.exe" /startup
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKCU\...\Run: [AdobeBridge] - [x]
MountPoints2: {17acaa49-a103-11e0-8db0-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {17acaa66-a103-11e0-8db0-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {45d4c3f1-903c-11e0-a70b-c0cb386c051d} - E:\AutoRun.exe
MountPoints2: {47de9b7c-36d1-11e2-a231-c0cb386c051d} - E:\LaunchU3.exe -a
MountPoints2: {6695febe-a189-11e0-af0a-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {796b65d7-99d5-11e0-8c26-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {d083391a-a4b9-11e0-8606-5c260a32a526} - E:\AutoRun.exe
MountPoints2: {d34d4352-8f70-11e0-84ba-c0cb386c051d} - E:\AutoRun.exe
MountPoints2: {d34d436b-8f70-11e0-84ba-c0cb386c051d} - E:\AutoRun.exe
MountPoints2: {d34d43b6-8f70-11e0-84ba-5c260a32a526} - E:\AutoRun.exe
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\haijes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk
ShortcutTarget: Game Alarm.lnk -> C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7B565BDFF114CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{48B81B09-92A5-412C-AF69-F4A8B81C5719}: [NameServer]194.48.124.202 194.48.124.200

FireFox:
========
FF ProfilePath: C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\searchplugins\dictcc.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: firebug - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firefox - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\haijes\AppData\Roaming\Mozilla\Firefox\Profiles\u3l6ue87.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [fe_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)
R2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [558592 2010-11-03] (Hauppauge Computer Works)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2010-02-02] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-30] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 npf; C:\Windows\System32\drivers\npf.sys [40464 2009-02-08] (CACE Technologies)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2007-02-07] (CACE Technologies)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 07:38 - 2013-09-11 07:38 - 00891144 _____ C:\Users\haijes\Desktop\SecurityCheck.exe
2013-09-10 21:21 - 2013-09-10 21:22 - 02347384 _____ (ESET) C:\Users\haijes\Downloads\esetsmartinstaller_enu.exe
2013-09-10 17:45 - 2013-09-10 17:45 - 00003116 _____ C:\Users\haijes\Desktop\JRT.txt
2013-09-10 17:38 - 2013-09-10 17:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 17:37 - 2013-09-10 17:37 - 01029490 _____ (Thisisu) C:\Users\haijes\Desktop\JRT.exe
2013-09-10 17:04 - 2013-09-10 17:04 - 00000000 ____D C:\Users\haijes\AppData\Roaming\Malwarebytes
2013-09-10 17:03 - 2013-09-10 17:03 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-10 17:03 - 2013-09-10 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 17:03 - 2013-09-10 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 17:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-10 17:02 - 2013-09-10 17:03 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\haijes\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-10 15:39 - 2013-09-10 15:39 - 00046365 _____ C:\Users\haijes\Desktop\Addition.txt
2013-09-10 15:37 - 2013-09-10 15:37 - 00000000 ____D C:\FRST
2013-09-10 14:13 - 2013-09-10 14:13 - 00000474 _____ C:\Users\haijes\Downloads\defogger_disable.log
2013-09-10 14:13 - 2013-09-10 14:13 - 00000000 _____ C:\Users\haijes\defogger_reenable
2013-09-10 14:12 - 2013-09-10 14:12 - 00050477 _____ C:\Users\haijes\Downloads\Defogger.exe
2013-09-10 13:55 - 2013-09-10 14:02 - 00000000 ____D C:\AdwCleaner
2013-09-10 13:50 - 2013-04-04 05:30 - 00263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-10 13:49 - 2013-09-10 13:51 - 01037278 _____ C:\Users\haijes\Downloads\3003-adwcleaner.exe
2013-09-10 10:29 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-10 10:29 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-10 10:29 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-10 10:29 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-10 10:29 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-10 10:29 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-10 10:29 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-10 10:29 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-10 10:29 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-10 10:29 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-10 10:29 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-10 10:29 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-10 10:29 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-10 10:29 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 10:19 - 2013-09-10 10:23 - 00000000 ____D C:\Windows\system32\MRT
2013-09-10 10:04 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-10 10:04 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-10 10:04 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-10 10:04 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-10 10:04 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-10 10:04 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-10 10:04 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-09-10 10:04 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-10 10:03 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-10 10:03 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-10 10:03 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-10 10:03 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-10 10:03 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-10 10:03 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-10 10:02 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-10 10:02 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-09 00:32 - 2013-09-09 00:32 - 00129024 _____ C:\Users\haijes\Downloads\36712_731_731_vaterunsernimmunsalsdeinekinderan.ppt
2013-08-30 20:08 - 2013-08-30 21:07 - 00000000 ____D C:\Users\haijes\Desktop\Bella
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iTunes
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iPod
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-17 22:13 - 2013-09-10 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-11 07:43 - 2013-09-11 07:43 - 01949408 _____ (Farbar) C:\Users\haijes\Desktop\FRST64.exe
2013-09-11 07:38 - 2013-09-11 07:38 - 00891144 _____ C:\Users\haijes\Desktop\SecurityCheck.exe
2013-09-11 07:03 - 2011-12-22 20:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-11 06:54 - 2011-05-10 12:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 04:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-09-11 03:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 03:36 - 2011-02-08 13:25 - 01700752 _____ C:\Windows\WindowsUpdate.log
2013-09-10 22:30 - 2011-02-09 16:53 - 00000000 ____D C:\Users\haijes\Documents\Outlook-Dateien
2013-09-10 21:22 - 2013-09-10 21:21 - 02347384 _____ (ESET) C:\Users\haijes\Downloads\esetsmartinstaller_enu.exe
2013-09-10 17:45 - 2013-09-10 17:45 - 00003116 _____ C:\Users\haijes\Desktop\JRT.txt
2013-09-10 17:40 - 2009-07-14 06:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 17:40 - 2009-07-14 06:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 17:38 - 2013-09-10 17:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-10 17:37 - 2013-09-10 17:37 - 01029490 _____ (Thisisu) C:\Users\haijes\Desktop\JRT.exe
2013-09-10 17:32 - 2011-05-10 12:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 17:31 - 2011-12-22 20:38 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-10 17:31 - 2011-02-08 21:11 - 00057236 _____ C:\Windows\PFRO.log
2013-09-10 17:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 17:31 - 2009-07-14 06:51 - 00355789 _____ C:\Windows\setupact.log
2013-09-10 17:28 - 2013-05-05 20:21 - 00000000 ____D C:\Users\haijes\Jungschar
2013-09-10 17:04 - 2013-09-10 17:04 - 00000000 ____D C:\Users\haijes\AppData\Roaming\Malwarebytes
2013-09-10 17:03 - 2013-09-10 17:03 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-10 17:03 - 2013-09-10 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-10 17:03 - 2013-09-10 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 17:03 - 2013-09-10 17:02 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\haijes\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-10 16:56 - 2011-02-09 16:49 - 00000000 ____D C:\Users\haijes\AppData\Roaming\Skype
2013-09-10 16:42 - 2012-07-10 10:36 - 00000000 ____D C:\Users\haijes\Pfarre
2013-09-10 16:42 - 2011-02-08 20:34 - 00000000 ____D C:\Users\haijes
2013-09-10 16:39 - 2011-02-11 10:11 - 00000000 ____D C:\Users\haijes\Schule
2013-09-10 15:39 - 2013-09-10 15:39 - 00046365 _____ C:\Users\haijes\Desktop\Addition.txt
2013-09-10 15:37 - 2013-09-10 15:37 - 00000000 ____D C:\FRST
2013-09-10 14:13 - 2013-09-10 14:13 - 00000474 _____ C:\Users\haijes\Downloads\defogger_disable.log
2013-09-10 14:13 - 2013-09-10 14:13 - 00000000 _____ C:\Users\haijes\defogger_reenable
2013-09-10 14:12 - 2013-09-10 14:12 - 00050477 _____ C:\Users\haijes\Downloads\Defogger.exe
2013-09-10 14:02 - 2013-09-10 13:55 - 00000000 ____D C:\AdwCleaner
2013-09-10 13:51 - 2013-09-10 13:49 - 01037278 _____ C:\Users\haijes\Downloads\3003-adwcleaner.exe
2013-09-10 13:50 - 2013-08-17 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-10 12:01 - 2011-02-11 10:11 - 00000000 ___RD C:\Users\haijes\Privat
2013-09-10 12:00 - 2012-10-02 15:48 - 00000000 ____D C:\Users\haijes\Desktop\Fotos
2013-09-10 11:37 - 2013-04-13 15:31 - 00000000 ____D C:\Users\haijes\Dekanat
2013-09-10 11:37 - 2012-08-14 22:13 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-09-10 10:31 - 2011-02-08 20:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-10 10:23 - 2013-09-10 10:19 - 00000000 ____D C:\Windows\system32\MRT
2013-09-10 10:18 - 2011-02-11 14:53 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-09 21:05 - 2011-02-09 17:51 - 00000000 ____D C:\Users\haijes\AppData\Local\Adobe
2013-09-09 16:16 - 2011-02-09 17:41 - 00020992 _____ C:\Users\haijes\Desktop\Daten.xlsx
2013-09-09 13:52 - 2011-06-05 19:13 - 00102416 _____ C:\Users\haijes\Desktop\Geldübersicht.xlsx
2013-09-09 11:44 - 2009-07-14 19:58 - 03819762 _____ C:\Windows\system32\perfh007.dat
2013-09-09 11:44 - 2009-07-14 19:58 - 01166822 _____ C:\Windows\system32\perfc007.dat
2013-09-09 11:44 - 2009-07-14 07:13 - 00006456 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 00:32 - 2013-09-09 00:32 - 00129024 _____ C:\Users\haijes\Downloads\36712_731_731_vaterunsernimmunsalsdeinekinderan.ppt
2013-09-08 23:23 - 2013-02-17 15:56 - 00000000 ____D C:\Users\haijes\Pfarrhomepage
2013-08-30 21:07 - 2013-08-30 20:08 - 00000000 ____D C:\Users\haijes\Desktop\Bella
2013-08-30 11:37 - 2012-08-14 22:15 - 00000000 ____D C:\Users\haijes\AppData\Roaming\MyPhoneExplorer
2013-08-24 11:23 - 2012-05-06 11:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iTunes
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files\iPod
2013-08-23 19:46 - 2013-08-23 19:46 - 00000000 ____D C:\Program Files (x86)\iTunes

Files to move or delete:
====================
C:\Users\haijes\AppData\Local\Temp\autorun.dll
C:\Users\haijes\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\haijes\AppData\Local\Temp\Execute2App.exe
C:\Users\haijes\AppData\Local\Temp\ezGameXN.dll
C:\Users\haijes\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\haijes\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\haijes\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\haijes\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\haijes\AppData\Local\Temp\GameXNGO.exe
C:\Users\haijes\AppData\Local\Temp\hcwclear.exe
C:\Users\haijes\AppData\Local\Temp\InstallAX.exe
C:\Users\haijes\AppData\Local\Temp\IR32.exe
C:\Users\haijes\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\haijes\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\haijes\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\haijes\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\haijes\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\haijes\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\haijes\AppData\Local\Temp\msvcp90.dll
C:\Users\haijes\AppData\Local\Temp\msvcr90.dll
C:\Users\haijes\AppData\Local\Temp\NEventMessages.dll
C:\Users\haijes\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\haijes\AppData\Local\Temp\ose00000.exe
C:\Users\haijes\AppData\Local\Temp\Quarantine.exe
C:\Users\haijes\AppData\Local\Temp\Refresh.exe
C:\Users\haijes\AppData\Local\Temp\ResetDevice.exe
C:\Users\haijes\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 03:36

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Probleme habe ich (derzeit) keine mehr! Also schon mal herzlichen Dank für die Hilfe, ich hoffe, dass mit dem Security Check ist nicht alzu tragisch?!
Kann ich nun wieder das eigene Anti-Viren-Programm einschalten und mit defogger re-enable'n?


Alt 11.09.2013, 09:06   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 - Monstermarketplace Umleitung - Standard

Win7 - Monstermarketplace Umleitung



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> Win7 - Monstermarketplace Umleitung

Alt 11.09.2013, 12:24   #7
cajon
 
Win7 - Monstermarketplace Umleitung - Standard

Win7 - Monstermarketplace Umleitung



Danke für alles schrauber - es hat alles super geklappt! WOT und der addblocker werden von mir schon seit jeher verwendet und ich werde in Zukunft noch vorsichtiger durch die Online-Welt gehen!

Lg cajon

Alt 11.09.2013, 17:02   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 - Monstermarketplace Umleitung - Standard

Win7 - Monstermarketplace Umleitung



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7 - Monstermarketplace Umleitung
192.168.0.2, adblock, adw cleaner, appdatalow, bonjour, computer, converter, defender, entfernen, error, excel, farbar, farbar recovery scan tool, firefox, flash player, ftp, google, internet explorer, karte, monitor, mp3, myphoneexplorer, plug-in, problem, registrierungsdatenbank, registry, scan, services.exe, svchost.exe, windows, windows xp, wlan, wma




Ähnliche Themen: Win7 - Monstermarketplace Umleitung


  1. Win7 64bit: Firefox neue Tabs mit Werbung, Umleitung von Seitenaurufen, Popup Fenster
    Log-Analyse und Auswertung - 21.11.2014 (10)
  2. Monstermarketplace / deltatoolbar
    Log-Analyse und Auswertung - 23.10.2013 (20)
  3. Problem mit Trojaner Monstermarketplace
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (27)
  4. MonsterMarketplace.com in Browser
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (35)
  5. kann Monstermarketplace nicht löschen
    Log-Analyse und Auswertung - 15.10.2013 (9)
  6. habe Probleme mit MonsterMarketplace.com
    Plagegeister aller Art und deren Bekämpfung - 11.10.2013 (9)
  7. MonsterMarketplace.com-Fenster poppt auf!
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (14)
  8. MonsterMarketPlace (und andere ungewollte Links)
    Log-Analyse und Auswertung - 03.10.2013 (3)
  9. Werde MonsterMarketplace nicht los.
    Log-Analyse und Auswertung - 26.09.2013 (18)
  10. Direktlinks auf Internetseiten von Monstermarketplace (Trojaner?)
    Log-Analyse und Auswertung - 25.09.2013 (3)
  11. Win7 : Monstermarketplace-Weiterleitung in websites
    Log-Analyse und Auswertung - 11.09.2013 (9)
  12. Monstermarketplace.com - Grüne Wörter mit Verlinkungen Monstermarketplace.com - Grüne Wörter mit Verlinkungen
    Log-Analyse und Auswertung - 06.09.2013 (16)
  13. Win7: Webseiten werden mit Werbung verlinkt; Suchmaschinen-ergebnisse sind infiziert (monstermarketplace.com)
    Log-Analyse und Auswertung - 02.09.2013 (23)
  14. Problem mit MonsterMarketPlace
    Plagegeister aller Art und deren Bekämpfung - 27.08.2013 (3)
  15. Monstermarketplace
    Log-Analyse und Auswertung - 15.08.2013 (9)
  16. Webcake und Monstermarketplace Befall
    Log-Analyse und Auswertung - 04.08.2013 (9)
  17. Nach Google Suche Umleitung auf Seiten wie z.B. Monstermarketplace. Anfänger!
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (27)

Zum Thema Win7 - Monstermarketplace Umleitung - Liebes Forum-Team, ich habe ein Problem, dass an anderen Stellen schon behandelt wurde. In meinem Firefox scheint auf Internetseiten eine gelbe Schrift auf, die auf Seiten wie monstermarketplace weiterleiten möchte. - Win7 - Monstermarketplace Umleitung...
Archiv
Du betrachtest: Win7 - Monstermarketplace Umleitung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.