Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Werde MonsterMarketplace nicht los.

Werde MonsterMarketplace nicht los.


Log-Analyse und Auswertung: Werde MonsterMarketplace nicht los.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 11.09.2013, 13:42   #1
ghackl
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hallo!

Ich bin neu hier. Vielleicht kann mir jemand bei meinem Problem helfen. Ich verwende Windows 7 32 bit, Internet Explorer 11 und Firefox 23. Meine Kinderlein haben ein wenig Software installiert und nun hatte ich einige Probleme. Insgesamt laufen das System und die Anwendungen wieder ganz gut, nur das Popup von MonsterMarketplace.com werde ich nicht los. Ich habe es schon mit Anti-Maleware probiert. Wie erwähnt hat das viel gebracht, aber MonsterMarketplace blieb mir. Vielleicht kann mir jemand weiterhelfen.


Für Hilfe wäre ich wirklich dankbar

Alt 11.09.2013, 13:48   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.




Dein Thema ist in Arbeit und wird von einem unserer Auszubildenden betreut.

Bitte beachte, dass alle Antworten des Auszubildenden zuerst von einem Ausbilder freigegeben werden müssen, bevor diese hier gepostet werden dürfen. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 15.09.2013, 20:52   #3
Bootsektor
Ruhe in Frieden
† 2019
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.
__________________
Geändert von aharonov (15.09.2013 um 22:10 Uhr)

Alt 16.09.2013, 14:40   #4
ghackl
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hallo!
Danke für dein Bemühen. Ich war leider ein paar Tage weg. Das Popup ist inzwischen verschwunden. Ich habe versucht alles zu deinstallieren was ich an Programmen nicht brauche. Das Gerät startet noch langsam, ist aber stabil.
Trotzdem habe ich den scan gemacht. Wenn du es dir noch anschaust wäre ich sehr dankbar.

lG

Die frst.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013
Ran by Gerhard (administrator) on ASTERIX on 16-09-2013 15:30:33
Running from C:\Users\Gerhard\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
() C:\Program Files\Opera\16.0.1196.73\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: D - D:\SETUP.EXE
HKU\Christoph\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Christoph\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\Christoph\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe -update plugin
HKU\Christoph\...\Policies\system: [LogonHoursAction] 2
HKU\Christoph\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sandra\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Sandra\...\Policies\system: [LogonHoursAction] 2
HKU\Sandra\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=12180030673B53CE&affID=121240&tsp=5002
SearchScopes: HKCU - {2106394C-51CA-44D0-8605-33CABCB2F0FA} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {32882D0E-3D83-453C-9A27-040D73F4C672} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {5526EAEE-2E41-42FE-B997-C268A3D3C840} URL = hxxp://at.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F61742E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D39333738313126703D7B7365617263685465726D737D&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {58E9CEE7-94AA-4E1F-B12F-33B83D06FC72} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6995AFC5-C518-4CE0-8337-15E96A030491} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937414452415F6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {99F93A0D-98C3-4FF9-8564-34D1BD090F74} URL = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432323639303530&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {CF4DFCC6-8A1C-41CA-B6EC-FFA355D191C8} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {E1418032-0EE4-454A-8419-60680FD2DA78} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {F335605E-9705-4F57-84D7-89DA79B85F97} URL = hxxp://search.softonic.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E736F66746F6E69632E636F6D2F4D4F4E30303031352F74625F76313F713D7B7365617263685465726D737D26536561726368536F757263653D342663633D26723D393834&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gerhard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 dgdersvc; C:\Windows\system32\dgdersvc.exe [95568 2009-12-22] (Devguru Co., Ltd.)
S4 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435568 2012-12-10] (LogMeIn Inc.)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [108032 2013-08-09] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 AMOptimalDiskService; C:\Program Files\Common Files\OptimalSuite Common\AMDSrv.exe [x]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [x]
S4 SpeedBoosterSvc; C:\Program Files\Common Files\OptimalSuite Common\BoostService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
S3 Cardex; C:\Windows\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 Edspport; C:\Windows\System32\DRIVERS\es56tpi.sys [450892 2001-10-19] (Creative Labs,Inc.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2009-12-22] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 mbmiodrvr; C:\Windows\system32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 15:30 - 2013-09-16 15:30 - 00000000 ____D C:\FRST
2013-09-16 15:29 - 2013-09-16 15:29 - 01084083 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST.exe
2013-09-13 06:35 - 2013-09-13 06:35 - 00003429 _____ C:\Users\Gerhard\.recently-used.xbel
2013-09-11 18:29 - 2013-09-15 15:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 18:29 - 2013-09-11 18:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 18:29 - 2013-09-11 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-11 17:58 - 2013-09-11 17:58 - 00000000 ____D C:\Users\Gerhard\Documents\Optimizer Pro
2013-09-11 17:53 - 2013-09-11 18:18 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-09-11 17:50 - 2013-09-11 17:50 - 00001891 _____ C:\Users\Gerhard\Desktop\Search.lnk
2013-09-11 17:50 - 2013-09-11 17:50 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Babylon
2013-09-11 17:50 - 2013-09-11 17:50 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-11 17:50 - 2013-09-11 17:50 - 00000000 ____D C:\ProgramData\Babylon
2013-09-11 17:49 - 2013-09-11 17:49 - 01088152 _____ (InstallManager) C:\Users\Gerhard\Downloads\Setup(1).exe
2013-09-11 17:48 - 2013-09-11 17:48 - 01088152 _____ (InstallManager) C:\Users\Gerhard\Downloads\Setup.exe
2013-09-11 14:54 - 2013-09-11 14:54 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT (1).exe
2013-09-11 14:53 - 2013-09-11 14:53 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT.exe
2013-09-11 14:53 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-11 14:53 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-11 14:39 - 2013-09-11 14:41 - 00008704 ___SH C:\Users\Gerhard\Thumbs.db
2013-09-11 13:19 - 2013-08-07 06:30 - 02724352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 13:19 - 2013-08-07 06:10 - 16981504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 13:19 - 2013-08-07 05:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 13:19 - 2013-08-07 05:47 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 13:19 - 2013-08-07 04:54 - 04247040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 13:19 - 2013-08-07 04:28 - 11087360 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 13:19 - 2013-08-07 03:50 - 01788928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 13:19 - 2013-08-07 03:49 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 11:55 - 2013-09-11 11:55 - 01037278 _____ C:\Users\Gerhard\Downloads\3003-adwcleaner.exe
2013-09-11 11:50 - 2013-09-12 15:03 - 00241062 _____ C:\Windows\PFRO.log
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-11 11:12 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-11 11:11 - 2013-09-11 11:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gerhard\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-11 11:10 - 2013-09-11 11:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gerhard\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-11 10:39 - 2013-09-11 10:58 - 00000000 ____D C:\Windows\865537E164904193A4B6669C62711852.TMP
2013-09-11 10:39 - 2013-09-11 10:39 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-11 10:37 - 2013-09-11 10:37 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Gerhard\Downloads\SpyHunter-Installer.exe
2013-09-11 09:29 - 2013-09-11 09:29 - 00001126 _____ C:\Users\Public\Desktop\Opera.lnk
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Program Files\Opera
2013-09-11 09:27 - 2013-09-11 09:28 - 32093736 _____ (Opera Software ASA) C:\Users\Gerhard\Downloads\Opera_16.0.1196.73_Setup.exe
2013-09-11 09:03 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:03 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:03 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:03 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:03 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:03 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:03 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:03 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:15 - 2013-09-11 11:59 - 00000000 ____D C:\AdwCleaner
2013-09-11 08:15 - 2013-09-11 08:15 - 01037278 _____ C:\Users\Gerhard\Downloads\adwcleaner.exe
2013-09-09 15:55 - 2013-09-09 15:55 - 00000596 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-09 15:47 - 2013-09-09 15:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Software Updater
2013-09-09 15:43 - 2013-09-16 15:17 - 00461317 _____ C:\Windows\setupact.log
2013-09-09 15:43 - 2013-09-09 15:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 15:57 - 2013-09-08 15:57 - 00001104 _____ C:\Users\Gerhard\Desktop\appsmaker OptimalPC.lnk
2013-09-08 07:26 - 2013-09-08 07:26 - 00001144 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-03 19:01 - 2013-09-09 16:11 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Freemium
2013-09-03 18:59 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-09-03 18:58 - 2013-09-11 08:38 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-03 18:58 - 2013-09-03 18:58 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-09-03 18:55 - 2013-09-03 18:55 - 00444408 _____ C:\Users\Gerhard\Downloads\free-system-utilities-DE.exe
2013-09-03 18:39 - 2012-09-18 15:26 - 00365568 _____ C:\Windows\system32\ZSHP1020.EXE
2013-09-03 18:39 - 2012-09-18 15:26 - 00169472 _____ C:\Windows\system32\ZLhp1020.DLL
2013-09-03 18:34 - 2006-07-30 19:00 - 00028672 _____ (Zenographics, Inc.) C:\Windows\system32\IMF32.DLL
2013-09-03 18:34 - 2006-07-30 19:00 - 00024576 _____ (Zenographics, Inc.) C:\Windows\system32\ZTAG32.DLL
2013-09-01 08:35 - 2013-09-01 08:35 - 22240760 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox_Setup_23.0.1.exe
2013-08-25 18:13 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-25 18:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-25 18:13 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-25 18:13 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-25 18:12 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-25 18:12 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-25 18:12 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-25 18:12 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-25 18:12 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-25 18:12 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-19 08:08 - 2013-09-12 14:58 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-08-19 08:08 - 2013-09-11 18:29 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-19 08:08 - 2013-08-19 08:08 - 00000000 ____D C:\ProgramData\McAfee

==================== One Month Modified Files and Folders =======

2013-09-16 15:30 - 2013-09-16 15:30 - 00000000 ____D C:\FRST
2013-09-16 15:29 - 2013-09-16 15:29 - 01084083 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST.exe
2013-09-16 15:25 - 2010-01-31 20:49 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 15:25 - 2010-01-31 20:49 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 15:22 - 2010-01-31 20:58 - 01754199 _____ C:\Windows\WindowsUpdate.log
2013-09-16 15:17 - 2013-09-09 15:43 - 00461317 _____ C:\Windows\setupact.log
2013-09-16 15:17 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-15 15:56 - 2013-09-11 18:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-13 06:43 - 2010-01-31 21:05 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 06:42 - 2010-06-15 09:12 - 00000000 ____D C:\Users\Gerhard\.gimp-2.6
2013-09-13 06:35 - 2013-09-13 06:35 - 00003429 _____ C:\Users\Gerhard\.recently-used.xbel
2013-09-13 06:35 - 2010-06-15 09:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\gtk-2.0
2013-09-13 06:35 - 2010-01-31 20:50 - 00000000 ____D C:\Users\Gerhard
2013-09-12 15:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 15:03 - 2013-09-11 11:50 - 00241062 _____ C:\Windows\PFRO.log
2013-09-12 14:58 - 2013-08-19 08:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-09-11 18:29 - 2013-09-11 18:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 18:29 - 2013-09-11 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 18:29 - 2013-08-19 08:08 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-11 18:28 - 2010-04-13 08:12 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Adobe
2013-09-11 18:19 - 2012-04-01 07:13 - 00000000 ____D C:\Program Files\gs
2013-09-11 18:18 - 2013-09-11 17:53 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-09-11 18:17 - 2012-02-13 21:17 - 00000000 ____D C:\Program Files\NCH Software
2013-09-11 18:12 - 2010-11-17 20:46 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-09-11 18:09 - 2012-02-12 10:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Electronic Arts
2013-09-11 18:09 - 2012-02-12 10:46 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-09-11 18:09 - 2012-02-12 10:27 - 00000000 ____D C:\Program Files\Electronic Arts
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-11 17:58 - 2013-09-11 17:58 - 00000000 ____D C:\Users\Gerhard\Documents\Optimizer Pro
2013-09-11 17:50 - 2013-09-11 17:50 - 00001891 _____ C:\Users\Gerhard\Desktop\Search.lnk
2013-09-11 17:50 - 2013-09-11 17:50 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Babylon
2013-09-11 17:50 - 2013-09-11 17:50 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-11 17:50 - 2013-09-11 17:50 - 00000000 ____D C:\ProgramData\Babylon
2013-09-11 17:49 - 2013-09-11 17:49 - 01088152 _____ (InstallManager) C:\Users\Gerhard\Downloads\Setup(1).exe
2013-09-11 17:48 - 2013-09-11 17:48 - 01088152 _____ (InstallManager) C:\Users\Gerhard\Downloads\Setup.exe
2013-09-11 17:36 - 2013-03-25 13:51 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-09-11 14:54 - 2013-09-11 14:54 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT (1).exe
2013-09-11 14:53 - 2013-09-11 14:53 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT.exe
2013-09-11 14:53 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-11 14:41 - 2013-09-11 14:39 - 00008704 ___SH C:\Users\Gerhard\Thumbs.db
2013-09-11 14:26 - 2012-11-01 21:21 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702119738-4214834906-2091399523-1000UA.job
2013-09-11 14:17 - 2009-07-14 06:33 - 00437440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 14:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 13:18 - 2013-08-01 14:38 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 13:16 - 2011-12-30 09:41 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 11:59 - 2013-09-11 08:15 - 00000000 ____D C:\AdwCleaner
2013-09-11 11:55 - 2013-09-11 11:55 - 01037278 _____ C:\Users\Gerhard\Downloads\3003-adwcleaner.exe
2013-09-11 11:50 - 2010-04-13 08:11 - 00000000 ____D C:\Program Files\Google
2013-09-11 11:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-11 11:12 - 2013-09-11 11:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gerhard\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-11 11:10 - 2013-09-11 11:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gerhard\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-11 10:58 - 2013-09-11 10:39 - 00000000 ____D C:\Windows\865537E164904193A4B6669C62711852.TMP
2013-09-11 10:51 - 2011-12-18 16:39 - 00001608 _____ C:\Users\Christoph\Desktop\gothic2-artwork_008 - Verknüpfung.lnk
2013-09-11 10:39 - 2013-09-11 10:39 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-11 10:39 - 2012-06-09 15:12 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-11 10:37 - 2013-09-11 10:37 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Gerhard\Downloads\SpyHunter-Installer.exe
2013-09-11 09:29 - 2013-09-11 09:29 - 00001126 _____ C:\Users\Public\Desktop\Opera.lnk
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Program Files\Opera
2013-09-11 09:28 - 2013-09-11 09:27 - 32093736 _____ (Opera Software ASA) C:\Users\Gerhard\Downloads\Opera_16.0.1196.73_Setup.exe
2013-09-11 09:14 - 2010-04-13 08:32 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Google
2013-09-11 09:14 - 2010-04-13 08:11 - 00000000 ____D C:\ProgramData\Google
2013-09-11 08:59 - 2011-02-28 12:45 - 00000000 ____D C:\Users\Gerhard\Desktop\für Schulwebseite
2013-09-11 08:38 - 2013-09-03 18:58 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-11 08:15 - 2013-09-11 08:15 - 01037278 _____ C:\Users\Gerhard\Downloads\adwcleaner.exe
2013-09-10 20:37 - 2012-11-01 21:21 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702119738-4214834906-2091399523-1000Core.job
2013-09-09 16:39 - 2011-09-13 13:51 - 00000000 ____D C:\Windows\pss
2013-09-09 16:36 - 2012-11-28 15:01 - 00000000 ____D C:\Users\Gerhard\AppData\Local\LogMeIn Hamachi
2013-09-09 16:33 - 2012-10-29 17:03 - 00000000 ___RD C:\Users\Gerhard\Dropbox
2013-09-09 16:33 - 2012-10-29 16:46 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Dropbox
2013-09-09 16:31 - 2010-01-31 15:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-09 16:31 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 16:11 - 2013-09-03 19:01 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Freemium
2013-09-09 15:55 - 2013-09-09 15:55 - 00000596 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-09 15:47 - 2013-09-09 15:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Software Updater
2013-09-09 15:43 - 2013-09-09 15:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 15:57 - 2013-09-08 15:57 - 00001104 _____ C:\Users\Gerhard\Desktop\appsmaker OptimalPC.lnk
2013-09-08 10:27 - 2013-02-24 19:59 - 00000000 ____D C:\Users\Gerhard\Documents\Eigene Scans
2013-09-08 10:27 - 2013-02-10 11:36 - 00000000 ____D C:\xampp
2013-09-08 10:27 - 2013-01-02 14:54 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\.minecraft
2013-09-08 10:27 - 2012-12-08 19:18 - 00000000 ____D C:\Users\Sandra\AppData\Local\LogMeIn Hamachi
2013-09-08 10:27 - 2012-11-28 17:18 - 00000000 ____D C:\Users\Christoph\AppData\Local\LogMeIn Hamachi
2013-09-08 10:27 - 2012-11-28 15:02 - 00000000 ____D C:\Users\Gerhard\Downloads\Minecraft Server
2013-09-08 10:27 - 2012-05-01 15:54 - 00000000 ____D C:\Users\Sandra\Documents\Samsung Galaxy Mini
2013-09-08 10:27 - 2012-04-29 16:23 - 00000000 ____D C:\Users\Christoph\Documents\Galaxy S2
2013-09-08 10:27 - 2012-01-31 16:58 - 00000000 ____D C:\Users\Christoph\Documents\DVDVideoSoft
2013-09-08 10:27 - 2011-07-02 20:05 - 00000000 ____D C:\Program Files\Palm
2013-09-08 10:27 - 2010-11-30 19:49 - 00000000 ____D C:\Users\Gerhard\Documents\Add-in Express
2013-09-08 10:27 - 2010-01-31 20:45 - 00000000 ____D C:\Windows\Panther
2013-09-08 10:27 - 2010-01-31 14:55 - 00000000 ____D C:\Users\Gerhard\AppData\Local\VirtualStore
2013-09-08 10:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Msdtc
2013-09-08 07:26 - 2013-09-08 07:26 - 00001144 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-08 07:26 - 2013-02-07 08:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-03 19:09 - 2010-12-01 20:32 - 00000000 ____D C:\Windows\Minidump
2013-09-03 18:58 - 2013-09-03 18:58 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-09-03 18:55 - 2013-09-03 18:55 - 00444408 _____ C:\Users\Gerhard\Downloads\free-system-utilities-DE.exe
2013-09-02 15:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-01 08:35 - 2013-09-01 08:35 - 22240760 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox_Setup_23.0.1.exe
2013-08-30 09:48 - 2013-09-11 14:53 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-11 14:53 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2012-12-26 08:37 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2012-06-14 07:12 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2011-02-03 21:38 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 09:47 - 2010-02-01 14:55 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-24 18:36 - 2010-02-01 14:56 - 00002085 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-24 18:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-08-24 18:32 - 2010-04-13 08:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-24 18:32 - 2010-04-13 08:14 - 00000000 ____D C:\Program Files\Adobe
2013-08-24 18:32 - 2010-02-11 18:48 - 00000000 ____D C:\Users\Sandra
2013-08-24 18:32 - 2010-02-01 20:20 - 00000000 ____D C:\Users\Christoph
2013-08-24 18:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-08-24 18:29 - 2010-01-31 16:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Adobe
2013-08-19 08:08 - 2013-08-19 08:08 - 00000000 ____D C:\ProgramData\McAfee

Files to move or delete:
====================
C:\ProgramData\nud0repor.pad
C:\Users\Gerhard\nitro_pdf_professional6_de.exe
C:\Users\Gerhard\OOo_3.3.0_Win_x86_install-wJRE_de.exe
C:\Users\Public\[freeware.de]Core-Temp-setup.exe


Some content of TEMP:
====================
C:\Users\Christoph\AppData\Local\Temp\i4jdel0.exe
C:\Users\Christoph\AppData\Local\Temp\i4jdel1.exe
C:\Users\Christoph\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Christoph\AppData\Local\Temp\_inst1.exe
C:\Users\Gerhard\AppData\Local\Temp\apptorun.exe
C:\Users\Gerhard\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Gerhard\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Gerhard\AppData\Local\Temp\fp_pl_pfs_installer-3.exe
C:\Users\Gerhard\AppData\Local\Temp\fp_pl_pfs_installer-4.exe
C:\Users\Gerhard\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Gerhard\AppData\Local\Temp\Installer.exe
C:\Users\Gerhard\AppData\Local\Temp\installerdll233455.dll
C:\Users\Gerhard\AppData\Local\Temp\Medal of Honor_uninst.exe
C:\Users\Gerhard\AppData\Local\Temp\Quarantine.exe
C:\Users\Gerhard\AppData\Local\Temp\rootsupd.exe
C:\Users\Gerhard\AppData\Local\Temp\SHSetup.exe
C:\Users\Gerhard\AppData\Local\Temp\siinst.exe
C:\Users\Gerhard\AppData\Local\Temp\strings.dll
C:\Users\Gerhard\AppData\Local\Temp\uninst.exe
C:\Users\Gerhard\AppData\Local\Temp\uninst1.exe
C:\Users\Sandra\AppData\Local\Temp\apptorun.exe
C:\Users\Sandra\AppData\Local\Temp\i4jdel0.exe
C:\Users\Sandra\AppData\Local\Temp\i4jdel1.exe
C:\Users\Sandra\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 15:45

==================== End Of Log ============================
--- --- ---



und die Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013
Ran by Gerhard at 2013-09-16 15:31:34
Running from C:\Users\Gerhard\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

3DVIA player 5.0.0.20 (Version: 5.0.20)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader 9.3.2 - Deutsch (Version: 9.3.2)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Apple Application Support (Version: 1.1.0)
Apple Software Update (Version: 2.1.1.116)
Assistant 5.05.013 (Version: 5.5.13.0)
Audacity 1.3.14 (Unicode)
avast! Free Antivirus (Version: 8.0.1497.0)
Brick-Force  (Version: )
CeeBot4
CuteFTP 8 Home (Version: 8.3.3)
Demo RepertoriX 2009 Plus
DemoAugen (Version: 2013.0)
DHTML Editing Component (Version: 6.02.0001)
Die Rache der Sumpfhühner SE
Download Manager (Version: 2, 0, 0, 210)
DriveImage XML (Private Edition) (Version: 2.30)
Driver Detective (Version: 8.0.1)
Driving Speed 2.0
Dropbox (HKCU Version: 2.0.22)
e-törn 1.0 (Version: 1.0)
FileZilla Client 3.3.1 (Version: 3.3.1)
Free YouTube Download version 3.1.42.1212 (Version: 3.1.42.1212)
FreeMind (Version: 0.9.0)
GIMP 2.6.8
HappyFoto-Designer 2.7
Harry Potter und die Heiligtümer des Todes(TM) - Teil 2 (Version: 1.0.0.0)
HOFER Bestellsoftware 4.9.6 (Version: 4.9.6)
HotPotatoes v 6.3.0.4
HP LaserJet Professional M1130-M1210 MFP Series
HP OrderReminder (Version: 2.1)
Image Resizer Powertoy Clone for Windows (Version: 2.1.1)
Iminent (Version: 6.35.31.0)
IrfanView (remove only) (Version: 4.27)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 22 (Version: 6.0.220)
Kies (Version: 1.4)
Landwirtschafts Simulator 2011 (Version: 1.0)
LaserJet 1018
LogMeIn Hamachi (Version: 2.1.0.294)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.285.6)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (Version: 12.0.4518.1014)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MORE! 2 DVD-ROM (Version: V1.0)
Motherboard Monitor 5 (Version: 5)
Motherboard Monitor 5 Languages (Version: 5)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyFreeCodec
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller-Treiber 280.19 (Version: 280.19)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Drivers (Version: 1.7)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.2.23.3 (Version: 1.2.23.3)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Oblivion (Version: 1.2.0416)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera Stable 16.0.1196.73 (Version: 16.0.1196.73)
Outlook Backup Assistant 5 (Testversion) (Version: 5.0)
Pacific Hawk 1.0 (Version: 1.0)
Palm Desktop by ACCESS (Version: 6.4.0.0)
PC Connectivity Solution (Version: 8.47.7.0)
PDF Editor 3
PE Builder 3.1.10a
Phase 5 HTML-Editor (Version: 5.6.2.3)
Radiopath für Netbooks 1.0  (Version: 1.0)
Realtek High Definition Audio Driver
SAMSUNG USB Driver for Mobile Phones (Version: 1.2.912.21200)
Scan To (Version: 2.0.1)
Ski Challenge 12 (AT)
Skype Toolbars (Version: 1.0.4051)
Skype™ 6.0 (Version: 6.0.126)
SLOW-PCfighter (Version: 1.2.61)
SpeedFan (remove only)
SyncToy 2.1 (x86) (Version: 2.1.0)
Toonworks v1.3
Uninstall Creative Modem Blaster
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Vtune 7.21
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
XAMPP 1.8.1

==================== Restore Points  =========================

11-04-2013 13:17:49 Removed LogMeIn Hamachi
15-04-2013 13:49:56 Windows Update
20-04-2013 08:35:54 Windows Update
23-04-2013 12:57:02 Windows Update
24-04-2013 22:26:04 Windows Update
01-05-2013 18:02:22 Windows Update
07-05-2013 11:44:14 Windows Update
10-05-2013 12:53:52 Windows Update
14-05-2013 13:35:01 Windows Update
15-05-2013 12:27:56 Windows Update
21-05-2013 07:52:13 Windows Update
21-05-2013 09:15:13 Windows Update
26-05-2013 09:35:36 Windows Update
26-05-2013 10:25:03 Windows Update
31-05-2013 06:16:21 Windows Update
31-05-2013 07:51:47 Installiert Kies
31-05-2013 08:02:53 Removed Samsung Kies
31-05-2013 08:14:40 Installiert Kies
04-06-2013 16:23:48 Windows Update
08-06-2013 04:26:35 Windows Update
08-06-2013 08:07:47 Installed Java 7 Update 21
12-06-2013 06:10:27 Windows Update
13-06-2013 05:09:01 Windows Update
15-06-2013 04:35:43 Windows Update
19-06-2013 17:32:01 Windows Update
25-06-2013 15:50:03 Windows Update
02-07-2013 10:16:02 Windows Update
16-07-2013 06:43:59 Windows Update
16-07-2013 16:33:00 Windows Update
23-07-2013 09:32:49 Windows Update
30-07-2013 16:54:11 Windows Update
01-08-2013 12:37:18 Windows Update
07-08-2013 06:32:35 Windows Update
09-08-2013 11:48:03 Windows Modules Installer
09-08-2013 12:18:31 Removed Delta Chrome Toolbar
14-08-2013 06:38:42 Windows Update
15-08-2013 07:48:49 Windows Update
20-08-2013 08:25:31 Windows Update
24-08-2013 16:18:27 Wiederherstellungsvorgang
24-08-2013 16:49:32 Windows Update
25-08-2013 16:06:50 Windows Update
26-08-2013 14:28:47 Windows Update
28-08-2013 18:45:44 Steam wird entfernt
30-08-2013 11:24:17 Windows Update
03-09-2013 16:16:01 Windows Update
03-09-2013 16:57:05 Free System Utilities
03-09-2013 17:07:42 Free System Utilities 03.09.2013 19:07:38
09-09-2013 13:53:12 Free Computer Cleaner
09-09-2013 14:13:30 Free Computer Cleaner 09.09.2013 16:13:28
10-09-2013 13:20:46 Windows Update
11-09-2013 06:34:29 Free System Utilities
11-09-2013 06:38:13 Free Computer Cleaner
11-09-2013 06:47:30 Windows Defender Checkpoint
11-09-2013 08:39:24 Installed SpyHunter
11-09-2013 08:58:15 Removed SpyHunter
11-09-2013 11:15:44 Windows Update
11-09-2013 15:34:33 TuneUp Utilities 2013 wird entfernt
11-09-2013 15:36:37 TuneUp Utilities Language Pack (de-DE) wird entfernt
11-09-2013 16:11:03 Removed Facebook Video Calling 1.2.0.287
11-09-2013 16:13:06 Entfernt TOGGO PC-Spielebox 3
11-09-2013 16:13:54 Secure Download Manager wird entfernt
11-09-2013 16:15:03 Removed QuickTime
11-09-2013 16:19:36 Removed 7-Zip 9.21
15-09-2013 05:13:18 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {2E58FB03-AE09-4535-9902-420A058730DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3702119738-4214834906-2091399523-1000UA => C:\Users\Gerhard\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01] (Facebook Inc.)
Task: {38C6511C-3162-4944-AFA0-7FBFEB4CE944} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3702119738-4214834906-2091399523-1000Core => C:\Users\Gerhard\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01] (Facebook Inc.)
Task: {4BB46668-3F6B-409D-8DB3-94333546E251} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {4D2FA8EF-B929-4F1B-862E-65B3E199DC7D} - System32\Tasks\PCCleaner1ClickMaint => C:\Program Files\Covus Freemium\Free Computer Cleaner\1Click.exe
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {656CDDFB-A5B5-4D45-81DA-A76F84CD64D2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {81F03AA6-D95C-43A2-A875-E8AEEAE8EC2B} - System32\Tasks\Freemium1ClickMaint => C:\Users\Gerhard\Downloads\1Click.exe
Task: {8DD9A0C5-8932-49D2-BEE2-29AA85B23D28} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {A8720B38-B2D2-4077-BCD2-C36CC4F4428D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {BA37E200-0515-4617-BA0C-D9BF2B113529} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {CA184349-F0AC-4FBD-A388-BD68CCF1C7A4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {CD944186-D4C9-40C3-A7D3-9A1C71408E60} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3702119738-4214834906-2091399523-1003 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {E265B993-C1DD-46DA-9CF3-11098A57748B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {E50E0429-5FAF-4FED-89C4-85E279DB4586} - System32\Tasks\{AB0CFDF8-A5CC-4B3B-85B0-9C45C75BD066} => C:\Program Files\Skype\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)
Task: {F652EAA4-D1AB-4E98-B4E7-0937C088A0E6} - System32\Tasks\Advanced System Optimizer => C:\Program Files\Advanced System Optimizer 3\ASO3.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702119738-4214834906-2091399523-1000Core.job => C:\Users\Gerhard\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702119738-4214834906-2091399523-1000UA.job => C:\Users\Gerhard\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-25 02:36 - 2013-05-25 02:36 - 00130736 _____ (Dropbox, Inc.) C:\Users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2010-01-03 23:46 - 2010-01-03 23:46 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2012-06-27 19:40 - 2012-06-09 19:20 - 00167936 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2011-03-06 17:44 - 2012-03-28 22:11 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2006-10-26 22:30 - 2006-10-26 22:30 - 00065312 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2006-10-27 16:35 - 2006-10-27 16:35 - 00436512 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2006-10-26 14:56 - 2006-10-26 14:56 - 00757008 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2011-06-22 13:25 - 2010-11-20 14:21 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll
2013-09-11 09:29 - 2013-09-05 07:27 - 00868704 _____ () C:\Program Files\Opera\16.0.1196.73\ffmpegsumo.dll
2013-09-11 18:29 - 2013-09-11 18:29 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
2009-01-18 15:50 - 2009-01-18 15:50 - 00417792 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\adobexmp.dll
2007-11-16 17:02 - 2007-11-16 17:02 - 00401408 ____R () C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2013 05:36:02 PM) (Source: Microsoft-Windows-RestartManager) (User: Asterix)
Description: Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden.

Error: (09/11/2013 09:04:44 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 23.0.1.4974, Zeitstempel: 0x520bc252
Name des fehlerhaften Moduls: xul.dll, Version: 23.0.1.4974, Zeitstempel: 0x520bc166
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0017af08
ID des fehlerhaften Prozesses: 0x1230
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (09/11/2013 08:47:27 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {4126cd0b-1f03-483d-bf45-79297072e4e1}

Error: (09/10/2013 04:00:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/10/2013 03:58:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (09/03/2013 06:28:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 23.0.1.4974, Zeitstempel: 0x520bc252
Name des fehlerhaften Moduls: xul.dll, Version: 23.0.1.4974, Zeitstempel: 0x520bc166
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0017af08
ID des fehlerhaften Prozesses: 0x1624
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (09/02/2013 03:49:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/02/2013 03:47:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/30/2013 07:36:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/24/2013 06:25:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: spoolsv.exe, Version: 6.1.7601.17777, Zeitstempel: 0x4f35efc3
Name des fehlerhaften Moduls: ZSR.dll, Version: 6.20.1625.0, Zeitstempel: 0x462fd713
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f979
ID des fehlerhaften Prozesses: 0x1798
Startzeit der fehlerhaften Anwendung: 0xspoolsv.exe0
Pfad der fehlerhaften Anwendung: spoolsv.exe1
Pfad des fehlerhaften Moduls: spoolsv.exe2
Berichtskennung: spoolsv.exe3


System errors:
=============
Error: (09/11/2013 08:20:33 AM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "H:" können nicht gelesen werden.

Error: (09/11/2013 07:57:00 AM) (Source: cdrom) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom1 gefunden.

Error: (09/09/2013 04:34:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/09/2013 04:34:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/09/2013 03:55:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/09/2013 03:46:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/09/2013 03:46:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/08/2013 03:58:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/08/2013 03:58:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/08/2013 10:25:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (08/09/2013 01:52:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17416 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (07/08/2013 01:11:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 234 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (03/22/2013 11:19:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 906 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (03/21/2013 09:45:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 768 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (07/10/2012 01:08:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/10/2012 01:06:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/10/2012 01:06:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 60 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/10/2012 01:04:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/26/2012 06:28:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 26 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/26/2012 06:27:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 3583.24 MB
Available physical RAM: 2450.83 MB
Total Pagefile: 7166.48 MB
Available Pagefile: 5945.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:492.98 GB) (Free:290.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Fotos) (Fixed) (Total:97.66 GB) (Free:91.86 GB) NTFS
Drive f: (Daten ab 2010) (Fixed) (Total:195.31 GB) (Free:186.86 GB) NTFS
Drive g: (Volume) (Fixed) (Total:145.36 GB) (Free:21.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 838EECBD)
Partition 1: (Active) - (Size=493 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341 GB) - (Type=OF Extended)

==================== End Of Log ============================

Alt 16.09.2013, 22:12   #5
Bootsektor
Ruhe in Frieden
† 2019
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hallo ghackl und , mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst dann stoppe mit Deiner Auführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
Alt 17.09.2013, 14:05   #6
ghackl
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hallo!
Danke für deine Hilfe!

Hier die Logdatei:

Code:
ATTFilter
ComboFix 13-09-17.01 - Gerhard 17.09.2013  14:45:01.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.43.1031.18.3583.2266 [GMT 2:00]
ausgeführt von:: c:\users\Gerhard\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DSearchLink
c:\programdata\DSearchLink\DSearchLink.exe
c:\programdata\nud0repor.pad
c:\users\Gerhard\AppData\Local\assembly\tmp
c:\users\Gerhard\Desktop\Search.lnk
c:\users\Gerhard\OOo_3.3.0_Win_x86_install-wJRE_de.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-17 bis 2013-09-17  ))))))))))))))))))))))))))))))
.
.
2013-09-17 12:57 . 2013-09-17 12:57	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-09-17 12:57 . 2013-09-17 12:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-17 12:57 . 2013-09-17 12:57	--------	d-----w-	c:\users\Christoph\AppData\Local\temp
2013-09-17 12:57 . 2013-09-17 12:57	--------	d-----w-	c:\users\Sandra\AppData\Local\temp
2013-09-17 12:46 . 2013-09-17 12:46	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F849BEBD-2C93-4AA3-9932-69DDE81A954B}\offreg.dll
2013-09-17 12:28 . 2013-09-05 05:02	7328304	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F849BEBD-2C93-4AA3-9932-69DDE81A954B}\mpengine.dll
2013-09-16 13:30 . 2013-09-16 13:30	--------	d-----w-	C:\FRST
2013-09-11 16:29 . 2013-09-11 16:29	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 16:29 . 2013-09-11 16:29	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-09-11 16:05 . 2013-09-11 16:05	--------	d-----w-	c:\windows\system32\searchplugins
2013-09-11 16:05 . 2013-09-11 16:05	--------	d-----w-	c:\windows\system32\Extensions
2013-09-11 15:53 . 2013-09-11 16:18	--------	d-----w-	c:\program files\Optimizer Pro
2013-09-11 15:50 . 2013-09-11 15:50	--------	d-----w-	c:\users\Gerhard\AppData\Roaming\Babylon
2013-09-11 15:50 . 2013-09-11 15:50	--------	d-----w-	c:\programdata\Babylon
2013-09-11 12:53 . 2013-08-30 07:48	177864	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-09-11 12:53 . 2013-08-30 07:48	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-09-11 11:19 . 2013-08-07 04:30	2724352	----a-w-	c:\windows\system32\mshtml.tlb
2013-09-11 11:19 . 2013-08-07 02:03	243712	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-09-11 11:19 . 2013-08-07 02:54	4247040	----a-w-	c:\windows\system32\jscript9.dll
2013-09-11 11:19 . 2013-08-07 01:50	1788928	----a-w-	c:\windows\system32\wininet.dll
2013-09-11 09:12 . 2013-09-11 09:12	--------	d-----w-	c:\users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 09:12 . 2013-09-11 09:12	--------	d-----w-	c:\programdata\Malwarebytes
2013-09-11 09:12 . 2013-09-11 09:12	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-09-11 09:12 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-09-11 09:11 . 2013-09-11 09:11	--------	d-----w-	c:\users\Gerhard\AppData\Local\Programs
2013-09-11 08:39 . 2013-09-11 08:39	--------	d-----w-	c:\program files\Enigma Software Group
2013-09-11 08:39 . 2013-09-11 08:58	--------	d-----w-	c:\windows\865537E164904193A4B6669C62711852.TMP
2013-09-11 07:29 . 2013-09-11 07:29	--------	d-----w-	c:\users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 07:29 . 2013-09-11 07:29	--------	d-----w-	c:\users\Gerhard\AppData\Local\Opera Software
2013-09-11 07:29 . 2013-09-11 07:29	--------	d-----w-	c:\program files\Opera
2013-09-11 06:15 . 2013-09-11 09:59	--------	d-----w-	C:\AdwCleaner
2013-09-09 13:47 . 2013-09-09 13:47	--------	d-----w-	c:\users\Gerhard\AppData\Local\Software Updater
2013-09-03 17:01 . 2013-09-09 14:11	--------	d-----w-	c:\users\Gerhard\AppData\Local\Freemium
2013-09-03 16:59 . 2013-08-13 06:38	32328	----a-w-	c:\windows\Launcher.exe
2013-09-03 16:58 . 2013-09-11 06:38	--------	d-----w-	c:\program files\Covus Freemium
2013-09-03 16:40 . 2012-09-18 13:26	59904	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\PPhp1020.DLL
2013-09-03 16:39 . 2012-09-18 13:26	169472	----a-w-	c:\windows\system32\ZLhp1020.DLL
2013-09-03 16:39 . 2012-09-18 13:26	365568	----a-w-	c:\windows\system32\ZSHP1020.EXE
2013-09-03 16:34 . 2006-07-30 17:00	28672	----a-w-	c:\windows\system32\IMF32.DLL
2013-09-03 16:34 . 2006-07-30 17:00	24576	----a-w-	c:\windows\system32\ZTAG32.DLL
2013-09-03 16:34 . 2006-07-30 17:00	49152	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\IMFPRINT.DLL
2013-08-25 16:13 . 2013-07-09 04:50	652800	----a-w-	c:\windows\system32\rpcrt4.dll
2013-08-25 16:13 . 2013-07-09 04:52	175104	----a-w-	c:\windows\system32\wintrust.dll
2013-08-25 16:13 . 2013-07-09 04:46	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-25 16:13 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\system32\crypt32.dll
2013-08-25 16:13 . 2013-07-09 04:46	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-25 16:13 . 2013-07-09 05:03	3968960	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-08-25 16:13 . 2013-07-09 05:03	3913664	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-25 16:12 . 2013-07-09 04:53	1289096	----a-w-	c:\windows\system32\ntdll.dll
2013-08-25 16:12 . 2013-07-06 05:05	1293760	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-08-25 16:12 . 2013-07-25 08:57	1620992	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-08-25 16:12 . 2013-07-19 01:41	2048	----a-w-	c:\windows\system32\tzres.dll
2013-08-25 16:12 . 2013-06-15 03:40	918528	----a-w-	c:\windows\system32\rdpcorets.dll
2013-08-25 16:12 . 2013-06-15 03:38	31232	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2013-08-19 06:08 . 2013-09-11 16:29	--------	d-----w-	c:\programdata\McAfee Security Scan
2013-08-19 06:08 . 2013-08-19 06:08	--------	d-----w-	c:\programdata\McAfee
2013-08-19 06:08 . 2013-09-12 12:58	--------	d-----w-	c:\program files\McAfee Security Scan
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-30 07:48 . 2010-02-01 12:56	369584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2010-02-01 12:56	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2012-12-26 06:37	61680	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2012-06-14 05:12	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2010-02-01 12:56	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2010-02-01 12:56	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2011-02-03 19:38	41664	----a-w-	c:\windows\avastSS.scr
2013-08-30 07:47 . 2010-02-01 12:55	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-08-09 11:49 . 2013-08-09 11:49	86016	----a-w-	c:\windows\system32\iesysprep.dll
2013-08-09 11:49 . 2013-08-09 11:49	74240	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-08-09 11:49 . 2013-08-09 11:49	71680	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-08-09 11:49 . 2013-08-09 11:49	645120	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-09 11:49 . 2013-08-09 11:49	639488	----a-w-	c:\windows\system32\jsIntl.dll
2013-08-09 11:49 . 2013-08-09 11:49	62464	----a-w-	c:\windows\system32\tdc.ocx
2013-08-09 11:49 . 2013-08-09 11:49	61952	----a-w-	c:\windows\system32\MshtmlDac.dll
2013-08-09 11:49 . 2013-08-09 11:49	534528	----a-w-	c:\windows\system32\jscript9diag.dll
2013-08-09 11:49 . 2013-08-09 11:49	51200	----a-w-	c:\windows\system32\ieetwproxystub.dll
2013-08-09 11:49 . 2013-08-09 11:49	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-08-09 11:49 . 2013-08-09 11:49	36352	----a-w-	c:\windows\system32\imgutil.dll
2013-08-09 11:49 . 2013-08-09 11:49	3584	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2013-08-09 11:49 . 2013-08-09 11:49	34304	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2013-08-09 11:49 . 2013-08-09 11:49	337408	----a-w-	c:\windows\system32\html.iec
2013-08-09 11:49 . 2013-08-09 11:49	193536	----a-w-	c:\windows\system32\elshyph.dll
2013-08-09 11:49 . 2013-08-09 11:49	183808	----a-w-	c:\windows\system32\msls31.dll
2013-08-09 11:49 . 2013-08-09 11:49	13312	----a-w-	c:\windows\system32\mshta.exe
2013-08-09 11:49 . 2013-08-09 11:49	112128	----a-w-	c:\windows\system32\ieUnatt.exe
2013-08-09 11:49 . 2013-08-09 11:49	111616	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-08-09 11:49 . 2013-08-09 11:49	108032	----a-w-	c:\windows\system32\ieetwcollector.exe
2013-08-09 11:49 . 2013-08-09 11:49	892416	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-08-09 11:49 . 2013-08-09 11:49	61952	----a-w-	c:\windows\system32\iesetup.dll
2013-08-09 11:49 . 2013-08-09 11:49	454144	----a-w-	c:\windows\system32\vbscript.dll
2013-08-09 11:49 . 2013-08-09 11:49	24576	----a-w-	c:\windows\system32\licmgr10.dll
2013-08-09 11:49 . 2013-08-09 11:49	151552	----a-w-	c:\windows\system32\iexpress.exe
2013-08-09 11:49 . 2013-08-09 11:49	1433088	----a-w-	c:\windows\system32\inetcpl.cpl
2013-08-09 11:49 . 2013-08-09 11:49	139264	----a-w-	c:\windows\system32\wextract.exe
2013-08-07 02:22 . 2010-01-31 13:55	238872	------w-	c:\windows\system32\MpSigStub.exe
2003-03-21 12:45 . 2011-01-11 18:49	250544	----a-w-	c:\program files\Common Files\keyhelp.ocx
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47	121968	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-06 6265376]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
.
c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-16 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoEncryptOnMove"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Alarm.lnk]
path=c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk
backup=c:\windows\pss\Game Alarm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42	36272	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection]
2011-12-20 14:00	1052848	----a-w-	c:\program files\HappyFoto-Designer\dd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssSpkPhone]
2001-10-19 10:49	49152	----a-w-	c:\windows\essspk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-11-01 19:21	138096	----atw-	c:\users\Gerhard\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2010-01-28 13:19	3404600	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29	2254768	----a-w-	c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32	253816	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2011-08-02 14:38	2248704	----a-w-	c:\program files\Vtune\TBPANEL.exe
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 83864]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-08-09 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2012-12-24 17408]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 114280]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 181784]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x]
R4 AMOptimalDiskService;appsmaker OptimalDisk Service;c:\program files\Common Files\OptimalSuite Common\AMDSrv.exe [x]
R4 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-12-22 95568]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 1435568]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-10-19 160944]
R4 SpeedBoosterSvc;appsmaker OptimalPC SpeedBooster Service;c:\program files\Common Files\OptimalSuite Common\BoostService.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-05-18 99896]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 16:29]
.
2013-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702119738-4214834906-2091399523-1000Core.job
- c:\users\Gerhard\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 19:21]
.
2013-09-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3702119738-4214834906-2091399523-1000UA.job
- c:\users\Gerhard\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 19:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1;127.0.0.1;127.0.0.1
uSearchAssistant = hxxp://www.google.com
Trusted Zone: oepul.at\www
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/
FF - ExtSQL: 2013-09-11 14:53; wrc@avast.com; c:\program files\Alwil Software\Avast5\WebRep\FF
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 1218a3ed0000000000000030673b53ce
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15959
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.617:50
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121240&tsp=5002
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
MSConfigStartUp-Browser Infrastructure Helper - c:\users\Gerhard\AppData\Local\Smartbar\Application\Linkury.exe
MSConfigStartUp-InboxToolbar - c:\program files\Inbox Toolbar\Inbox.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-ESSMDM - c:\windows\remvdsi
AddRemove-Free YouTube Download_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-17  15:02:08
ComboFix-quarantined-files.txt  2013-09-17 13:02
.
Vor Suchlauf: 18 Verzeichnis(se), 311.946.940.416 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 313.149.014.016 Bytes frei
.
- - End Of File - - 71E8DB2210A073E2A857CBE5B6D11080
A36C5E4F47E84449FF07ED3517B43A31

Alt 18.09.2013, 20:05   #7
Bootsektor
Ruhe in Frieden
† 2019
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hallo ghackl,

Schritt 1
Bitte deinstalliere folgendes Programm:
Iminent

Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Schritt 2
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    Folder::
c:\program files\Optimizer Pro
c:\users\Gerhard\AppData\Roaming\Babylon
c:\programdata\Babylon
c:\program files\Enigma Software Group
c:\windows\865537E164904193A4B6669C62711852.TMP


Firefox::
FF - ProfilePath - c:\users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 1218a3ed0000000000000030673b53ce
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15959
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.617:50
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121240&tsp=5002
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!



Schritt 3
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 4
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
Alt 19.09.2013, 20:03   #8
ghackl
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hallo!

Iminent ist nicht vorhanden.

ComboFix.txt
Code:
ATTFilter
ComboFix 13-09-19.01 - Gerhard 19.09.2013  18:49:01.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.43.1031.18.3583.2364 [GMT 2:00]
ausgeführt von:: c:\users\Gerhard\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Gerhard\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130911_104210.log
c:\program files\Enigma Software Group\SpyHunter\scanlog.log
c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
c:\program files\Optimizer Pro
c:\programdata\Babylon
c:\users\Christoph\Desktop\Internet Explorer.lnk
c:\users\Gerhard\AppData\Roaming\Babylon
c:\users\Gerhard\AppData\Roaming\Babylon\log_file.txt
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 1.hobbit
c:\users\Sandra\Documents\Der Hobbit \Drüber hin und drunter durch - 1.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 1.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 1.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 2.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 2.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 3.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 3.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 4.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 4.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 5.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 5.xbmp
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 6.hobbit
c:\users\Sandra\Documents\Der Hobbit \Ein unerwartetes Fest - 6.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 1.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 1.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 2.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 2.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 3.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 3.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 4.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 4.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 5.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 5.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 6.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 6.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 7.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 7.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 8.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 8.xbmp
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 9.hobbit
c:\users\Sandra\Documents\Der Hobbit \Hammelbraten - 9.xbmp
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 1.hobbit
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 1.xbmp
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 2.hobbit
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 2.xbmp
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 3.hobbit
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 3.xbmp
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 4.hobbit
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 4.xbmp
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 5.hobbit
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 5.xbmp
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 6.hobbit
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 6.xbmp
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 7.hobbit
c:\users\Sandra\Documents\Der Hobbit \Trollhöhle - 7.xbmp
c:\windows\865537E164904193A4B6669C62711852.TMP
c:\windows\865537E164904193A4B6669C62711852.TMP\WiseCustomCall.dll
c:\windows\865537E164904193A4B6669C62711852.TMP\WiseCustomCalla.dll
c:\windows\865537E164904193A4B6669C62711852.TMP\WiseCustomCalla17.dll
c:\windows\865537E164904193A4B6669C62711852.TMP\WiseCustomCalla18.exe
c:\windows\865537E164904193A4B6669C62711852.TMP\WiseCustomCalla19.dll
c:\windows\865537E164904193A4B6669C62711852.TMP\WiseCustomCalla2.dll
c:\windows\865537E164904193A4B6669C62711852.TMP\WiseCustomCalla20.dll
c:\windows\865537E164904193A4B6669C62711852.TMP\WiseCustomCalla22.exe
c:\windows\865537E164904193A4B6669C62711852.TMP\WiseData.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-19 bis 2013-09-19  ))))))))))))))))))))))))))))))
.
.
2013-09-19 16:57 . 2013-09-19 16:57	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-09-19 16:57 . 2013-09-19 16:57	--------	d-----w-	c:\users\Sandra\AppData\Local\temp
2013-09-19 16:57 . 2013-09-19 16:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-19 16:57 . 2013-09-19 16:57	--------	d-----w-	c:\users\Christoph\AppData\Local\temp
2013-09-18 14:14 . 2013-09-18 14:14	--------	d-----w-	c:\program files\GanttProject-2.6
2013-09-18 12:25 . 2013-09-18 13:48	--------	d-----w-	c:\users\Sandra\AppData\Roaming\The Hobbit
2013-09-18 10:21 . 2013-09-18 10:21	--------	d-----w-	c:\users\Gerhard\AppData\Roaming\SmartTools
2013-09-17 17:26 . 2013-09-17 17:27	--------	d-----w-	c:\users\Gerhard\AppData\Roaming\The Hobbit
2013-09-17 16:23 . 2013-09-17 16:23	--------	d-----w-	c:\program files\Sierra
2013-09-17 12:28 . 2013-09-05 05:02	7328304	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F849BEBD-2C93-4AA3-9932-69DDE81A954B}\mpengine.dll
2013-09-16 13:30 . 2013-09-16 13:30	--------	d-----w-	C:\FRST
2013-09-11 16:29 . 2013-09-11 16:29	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 16:29 . 2013-09-11 16:29	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-09-11 16:05 . 2013-09-11 16:05	--------	d-----w-	c:\windows\system32\searchplugins
2013-09-11 16:05 . 2013-09-11 16:05	--------	d-----w-	c:\windows\system32\Extensions
2013-09-11 12:53 . 2013-08-30 07:48	177864	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-09-11 12:53 . 2013-08-30 07:48	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-09-11 11:19 . 2013-08-07 04:30	2724352	----a-w-	c:\windows\system32\mshtml.tlb
2013-09-11 11:19 . 2013-08-07 02:03	243712	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-09-11 11:19 . 2013-08-07 02:54	4247040	----a-w-	c:\windows\system32\jscript9.dll
2013-09-11 11:19 . 2013-08-07 01:50	1788928	----a-w-	c:\windows\system32\wininet.dll
2013-09-11 09:12 . 2013-09-11 09:12	--------	d-----w-	c:\users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 09:12 . 2013-09-11 09:12	--------	d-----w-	c:\programdata\Malwarebytes
2013-09-11 09:12 . 2013-09-19 16:27	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-09-11 09:11 . 2013-09-11 09:11	--------	d-----w-	c:\users\Gerhard\AppData\Local\Programs
2013-09-11 07:29 . 2013-09-11 07:29	--------	d-----w-	c:\users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 07:29 . 2013-09-11 07:29	--------	d-----w-	c:\users\Gerhard\AppData\Local\Opera Software
2013-09-11 07:29 . 2013-09-11 07:29	--------	d-----w-	c:\program files\Opera
2013-09-11 06:15 . 2013-09-11 09:59	--------	d-----w-	C:\AdwCleaner
2013-09-09 13:47 . 2013-09-09 13:47	--------	d-----w-	c:\users\Gerhard\AppData\Local\Software Updater
2013-09-03 17:01 . 2013-09-09 14:11	--------	d-----w-	c:\users\Gerhard\AppData\Local\Freemium
2013-09-03 16:59 . 2013-08-13 06:38	32328	----a-w-	c:\windows\Launcher.exe
2013-09-03 16:58 . 2013-09-11 06:38	--------	d-----w-	c:\program files\Covus Freemium
2013-09-03 16:40 . 2012-09-18 13:26	59904	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\PPhp1020.DLL
2013-09-03 16:39 . 2012-09-18 13:26	169472	----a-w-	c:\windows\system32\ZLhp1020.DLL
2013-09-03 16:39 . 2012-09-18 13:26	365568	----a-w-	c:\windows\system32\ZSHP1020.EXE
2013-09-03 16:34 . 2006-07-30 17:00	28672	----a-w-	c:\windows\system32\IMF32.DLL
2013-09-03 16:34 . 2006-07-30 17:00	24576	----a-w-	c:\windows\system32\ZTAG32.DLL
2013-09-03 16:34 . 2006-07-30 17:00	49152	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\IMFPRINT.DLL
2013-08-25 16:13 . 2013-07-09 04:50	652800	----a-w-	c:\windows\system32\rpcrt4.dll
2013-08-25 16:13 . 2013-07-09 04:52	175104	----a-w-	c:\windows\system32\wintrust.dll
2013-08-25 16:13 . 2013-07-09 04:46	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-25 16:13 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\system32\crypt32.dll
2013-08-25 16:13 . 2013-07-09 04:46	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-25 16:13 . 2013-07-09 05:03	3968960	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-08-25 16:13 . 2013-07-09 05:03	3913664	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-25 16:12 . 2013-07-09 04:53	1289096	----a-w-	c:\windows\system32\ntdll.dll
2013-08-25 16:12 . 2013-07-06 05:05	1293760	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-08-25 16:12 . 2013-07-25 08:57	1620992	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-08-25 16:12 . 2013-07-19 01:41	2048	----a-w-	c:\windows\system32\tzres.dll
2013-08-25 16:12 . 2013-06-15 03:40	918528	----a-w-	c:\windows\system32\rdpcorets.dll
2013-08-25 16:12 . 2013-06-15 03:38	31232	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-30 07:48 . 2010-02-01 12:56	369584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2010-02-01 12:56	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2012-12-26 06:37	61680	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2012-06-14 05:12	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2010-02-01 12:56	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2010-02-01 12:56	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2011-02-03 19:38	41664	----a-w-	c:\windows\avastSS.scr
2013-08-30 07:47 . 2010-02-01 12:55	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-08-09 11:49 . 2013-08-09 11:49	86016	----a-w-	c:\windows\system32\iesysprep.dll
2013-08-09 11:49 . 2013-08-09 11:49	74240	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-08-09 11:49 . 2013-08-09 11:49	71680	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-08-09 11:49 . 2013-08-09 11:49	645120	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-09 11:49 . 2013-08-09 11:49	639488	----a-w-	c:\windows\system32\jsIntl.dll
2013-08-09 11:49 . 2013-08-09 11:49	62464	----a-w-	c:\windows\system32\tdc.ocx
2013-08-09 11:49 . 2013-08-09 11:49	61952	----a-w-	c:\windows\system32\MshtmlDac.dll
2013-08-09 11:49 . 2013-08-09 11:49	534528	----a-w-	c:\windows\system32\jscript9diag.dll
2013-08-09 11:49 . 2013-08-09 11:49	51200	----a-w-	c:\windows\system32\ieetwproxystub.dll
2013-08-09 11:49 . 2013-08-09 11:49	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-08-09 11:49 . 2013-08-09 11:49	36352	----a-w-	c:\windows\system32\imgutil.dll
2013-08-09 11:49 . 2013-08-09 11:49	3584	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2013-08-09 11:49 . 2013-08-09 11:49	34304	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2013-08-09 11:49 . 2013-08-09 11:49	337408	----a-w-	c:\windows\system32\html.iec
2013-08-09 11:49 . 2013-08-09 11:49	193536	----a-w-	c:\windows\system32\elshyph.dll
2013-08-09 11:49 . 2013-08-09 11:49	183808	----a-w-	c:\windows\system32\msls31.dll
2013-08-09 11:49 . 2013-08-09 11:49	13312	----a-w-	c:\windows\system32\mshta.exe
2013-08-09 11:49 . 2013-08-09 11:49	112128	----a-w-	c:\windows\system32\ieUnatt.exe
2013-08-09 11:49 . 2013-08-09 11:49	111616	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-08-09 11:49 . 2013-08-09 11:49	108032	----a-w-	c:\windows\system32\ieetwcollector.exe
2013-08-09 11:49 . 2013-08-09 11:49	892416	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-08-09 11:49 . 2013-08-09 11:49	61952	----a-w-	c:\windows\system32\iesetup.dll
2013-08-09 11:49 . 2013-08-09 11:49	454144	----a-w-	c:\windows\system32\vbscript.dll
2013-08-09 11:49 . 2013-08-09 11:49	24576	----a-w-	c:\windows\system32\licmgr10.dll
2013-08-09 11:49 . 2013-08-09 11:49	151552	----a-w-	c:\windows\system32\iexpress.exe
2013-08-09 11:49 . 2013-08-09 11:49	1433088	----a-w-	c:\windows\system32\inetcpl.cpl
2013-08-09 11:49 . 2013-08-09 11:49	139264	----a-w-	c:\windows\system32\wextract.exe
2013-08-07 02:22 . 2010-01-31 13:55	238872	------w-	c:\windows\system32\MpSigStub.exe
2003-03-21 12:45 . 2011-01-11 18:49	250544	----a-w-	c:\program files\Common Files\keyhelp.ocx
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47	121968	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-06 6265376]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
.
c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-16 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoEncryptOnMove"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Alarm.lnk]
path=c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk
backup=c:\windows\pss\Game Alarm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Gerhard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42	36272	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection]
2011-12-20 14:00	1052848	----a-w-	c:\program files\HappyFoto-Designer\dd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssSpkPhone]
2001-10-19 10:49	49152	----a-w-	c:\windows\essspk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2010-01-28 13:19	3404600	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32	253816	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2011-08-02 14:38	2248704	----a-w-	c:\program files\Vtune\TBPANEL.exe
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 83864]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-08-09 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2012-12-24 17408]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 114280]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 181784]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x]
R4 AMOptimalDiskService;appsmaker OptimalDisk Service;c:\program files\Common Files\OptimalSuite Common\AMDSrv.exe [x]
R4 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-12-22 95568]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-10-19 160944]
R4 SpeedBoosterSvc;appsmaker OptimalPC SpeedBooster Service;c:\program files\Common Files\OptimalSuite Common\BoostService.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-05-18 99896]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 16:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1;127.0.0.1;127.0.0.1
uSearchAssistant = hxxp://www.google.com
Trusted Zone: oepul.at\www
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/
FF - ExtSQL: 2013-09-11 14:53; wrc@avast.com; c:\program files\Alwil Software\Avast5\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Facebook Update - c:\users\Gerhard\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3808)
c:\users\Gerhard\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
c:\windows\System32\ieframe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-19  19:21:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-09-19 17:21
ComboFix2.txt  2013-09-17 13:02
.
Vor Suchlauf: 25 Verzeichnis(se), 310.563.454.976 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 310.409.994.240 Bytes frei
.
- - End Of File - - EB8AE6EAD3D0F47E9A1715BE1DACD622
A36C5E4F47E84449FF07ED3517B43A31
Adwcleander findet nichts und macht auch keine Logdatei

Frst:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013
Ran by Gerhard (administrator) on ASTERIX on 19-09-2013 20:54:22
Running from C:\Users\Gerhard\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Christoph\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Christoph\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\Christoph\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe -update plugin
HKU\Christoph\...\Policies\system: [LogonHoursAction] 2
HKU\Christoph\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sandra\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Sandra\...\Policies\system: [LogonHoursAction] 2
HKU\Sandra\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=12180030673B53CE&affID=121240&tsp=5002
SearchScopes: HKCU - {2106394C-51CA-44D0-8605-33CABCB2F0FA} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {32882D0E-3D83-453C-9A27-040D73F4C672} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {5526EAEE-2E41-42FE-B997-C268A3D3C840} URL = hxxp://at.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F61742E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D39333738313126703D7B7365617263685465726D737D&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {58E9CEE7-94AA-4E1F-B12F-33B83D06FC72} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6995AFC5-C518-4CE0-8337-15E96A030491} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937414452415F6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {99F93A0D-98C3-4FF9-8564-34D1BD090F74} URL = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432323639303530&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {CF4DFCC6-8A1C-41CA-B6EC-FFA355D191C8} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {E1418032-0EE4-454A-8419-60680FD2DA78} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {F335605E-9705-4F57-84D7-89DA79B85F97} URL = hxxp://search.softonic.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E736F66746F6E69632E636F6D2F4D4F4E30303031352F74625F76313F713D7B7365617263685465726D737D26536561726368536F757263653D342663633D26723D393834&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gerhard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 dgdersvc; C:\Windows\system32\dgdersvc.exe [95568 2009-12-22] (Devguru Co., Ltd.)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [108032 2013-08-09] (Microsoft Corporation)
S4 AMOptimalDiskService; C:\Program Files\Common Files\OptimalSuite Common\AMDSrv.exe [x]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [x]
S4 SpeedBoosterSvc; C:\Program Files\Common Files\OptimalSuite Common\BoostService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
S3 Cardex; C:\Windows\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 Edspport; C:\Windows\System32\DRIVERS\es56tpi.sys [450892 2001-10-19] (Creative Labs,Inc.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2009-12-22] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 mbmiodrvr; C:\Windows\system32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Gerhard\AppData\Local\Temp\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
U3 mbr; \??\C:\Users\Gerhard\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-19 20:54 - 2013-09-16 15:29 - 01084083 _____ (Farbar) C:\Users\Gerhard\Desktop\FRST.exe
2013-09-19 19:28 - 2013-09-11 08:15 - 01037278 _____ C:\Users\Gerhard\Desktop\adwcleaner.exe
2013-09-19 19:26 - 2013-09-19 19:27 - 01039554 _____ C:\Users\Gerhard\Downloads\adwcleaner (1).exe
2013-09-19 19:21 - 2013-09-19 19:21 - 00024708 _____ C:\ComboFix.txt
2013-09-19 18:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-19 18:34 - 2013-09-19 18:35 - 05128554 ____R (Swearware) C:\Users\Gerhard\Desktop\ComboFix.exe
2013-09-18 16:20 - 2013-09-18 16:27 - 00003525 _____ C:\Users\Gerhard\.ganttproject
2013-09-18 16:17 - 2013-09-18 16:17 - 00003272 _____ C:\Users\Gerhard\Documents\Tag der  yyyy.gan
2013-09-18 16:14 - 2013-09-18 16:27 - 00001523 _____ C:\Users\Gerhard\ganttproject.log
2013-09-18 16:14 - 2013-09-18 16:14 - 00001982 _____ C:\Users\Public\Desktop\GanttProject.lnk
2013-09-18 16:14 - 2013-09-18 16:14 - 00000000 ____D C:\Program Files\GanttProject-2.6
2013-09-18 16:13 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473(1).exe
2013-09-18 16:12 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473.exe
2013-09-18 14:25 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\The Hobbit
2013-09-18 14:25 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-18 12:25 - 2013-09-18 12:25 - 00079360 _____ C:\Users\Gerhard\Downloads\Project_Planning.xls
2013-09-18 12:21 - 2013-09-18 12:21 - 01124243 _____ C:\Users\Gerhard\Downloads\projplan.exe
2013-09-18 12:21 - 2013-09-18 12:21 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\SmartTools
2013-09-18 12:17 - 2013-09-18 12:17 - 00015918 _____ C:\Users\Gerhard\Documents\Projektplan klein.xlsx
2013-09-17 19:26 - 2013-09-17 19:27 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\The Hobbit
2013-09-17 19:18 - 2013-09-17 19:18 - 00002019 _____ C:\Users\Public\Desktop\DER HOBBIT spielen.lnk
2013-09-17 18:23 - 2013-09-17 18:23 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 14:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 14:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 14:35 - 2013-09-19 19:21 - 00000000 ____D C:\Qoobox
2013-09-17 14:34 - 2013-09-19 18:58 - 00000000 ____D C:\Windows\erdnt
2013-09-16 15:32 - 2013-09-16 15:32 - 00042019 _____ C:\Users\Gerhard\Downloads\FRST.txt
2013-09-16 15:31 - 2013-09-16 15:32 - 00025506 _____ C:\Users\Gerhard\Downloads\Addition.txt
2013-09-16 15:30 - 2013-09-16 15:30 - 00000000 ____D C:\FRST
2013-09-16 15:29 - 2013-09-16 15:29 - 01084083 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST.exe
2013-09-13 06:35 - 2013-09-13 06:35 - 00003429 _____ C:\Users\Gerhard\.recently-used.xbel
2013-09-11 18:29 - 2013-09-19 19:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 18:29 - 2013-09-11 18:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 18:29 - 2013-09-11 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-11 17:58 - 2013-09-11 17:58 - 00000000 ____D C:\Users\Gerhard\Documents\Optimizer Pro
2013-09-11 17:49 - 2013-09-11 17:49 - 01088152 _____ (InstallManager) C:\Users\Gerhard\Downloads\Setup(1).exe
2013-09-11 17:48 - 2013-09-11 17:48 - 01088152 _____ (InstallManager) C:\Users\Gerhard\Downloads\Setup.exe
2013-09-11 14:54 - 2013-09-11 14:54 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT (1).exe
2013-09-11 14:53 - 2013-09-11 14:53 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT.exe
2013-09-11 14:53 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-11 14:53 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-11 14:39 - 2013-09-11 14:41 - 00008704 ___SH C:\Users\Gerhard\Thumbs.db
2013-09-11 13:19 - 2013-08-07 06:30 - 02724352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 13:19 - 2013-08-07 06:10 - 16981504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 13:19 - 2013-08-07 05:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 13:19 - 2013-08-07 05:47 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 13:19 - 2013-08-07 04:54 - 04247040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 13:19 - 2013-08-07 04:28 - 11087360 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 13:19 - 2013-08-07 03:50 - 01788928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 13:19 - 2013-08-07 03:49 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 11:50 - 2013-09-19 18:58 - 00242716 _____ C:\Windows\PFRO.log
2013-09-11 11:12 - 2013-09-19 18:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 11:11 - 2013-09-11 11:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gerhard\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-11 11:10 - 2013-09-11 11:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gerhard\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-11 10:37 - 2013-09-11 10:37 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Gerhard\Downloads\SpyHunter-Installer.exe
2013-09-11 09:29 - 2013-09-11 09:29 - 00001126 _____ C:\Users\Public\Desktop\Opera.lnk
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Program Files\Opera
2013-09-11 09:27 - 2013-09-11 09:28 - 32093736 _____ (Opera Software ASA) C:\Users\Gerhard\Downloads\Opera_16.0.1196.73_Setup.exe
2013-09-11 09:03 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:03 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:03 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:03 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:03 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:03 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:03 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:03 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:15 - 2013-09-19 19:29 - 00000000 ____D C:\AdwCleaner
2013-09-11 08:15 - 2013-09-11 08:15 - 01037278 _____ C:\Users\Gerhard\Downloads\adwcleaner.exe
2013-09-09 15:55 - 2013-09-09 15:55 - 00000596 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-09 15:47 - 2013-09-09 15:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Software Updater
2013-09-09 15:43 - 2013-09-19 18:59 - 00645525 _____ C:\Windows\setupact.log
2013-09-09 15:43 - 2013-09-09 15:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 15:57 - 2013-09-08 15:57 - 00001104 _____ C:\Users\Gerhard\Desktop\appsmaker OptimalPC.lnk
2013-09-08 07:26 - 2013-09-08 07:26 - 00001144 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-03 19:01 - 2013-09-09 16:11 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Freemium
2013-09-03 18:59 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-09-03 18:58 - 2013-09-11 08:38 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-03 18:58 - 2013-09-03 18:58 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-09-03 18:55 - 2013-09-03 18:55 - 00444408 _____ C:\Users\Gerhard\Downloads\free-system-utilities-DE.exe
2013-09-03 18:39 - 2012-09-18 15:26 - 00365568 _____ C:\Windows\system32\ZSHP1020.EXE
2013-09-03 18:39 - 2012-09-18 15:26 - 00169472 _____ C:\Windows\system32\ZLhp1020.DLL
2013-09-03 18:34 - 2006-07-30 19:00 - 00028672 _____ (Zenographics, Inc.) C:\Windows\system32\IMF32.DLL
2013-09-03 18:34 - 2006-07-30 19:00 - 00024576 _____ (Zenographics, Inc.) C:\Windows\system32\ZTAG32.DLL
2013-09-01 08:35 - 2013-09-01 08:35 - 22240760 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox_Setup_23.0.1.exe
2013-08-25 18:13 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-25 18:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-25 18:13 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-25 18:13 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-25 18:12 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-25 18:12 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-25 18:12 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-25 18:12 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-25 18:12 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-25 18:12 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-19 20:54 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-19 20:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-19 19:56 - 2013-09-11 18:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 19:29 - 2013-09-11 08:15 - 00000000 ____D C:\AdwCleaner
2013-09-19 19:27 - 2013-09-19 19:26 - 01039554 _____ C:\Users\Gerhard\Downloads\adwcleaner (1).exe
2013-09-19 19:21 - 2013-09-19 19:21 - 00024708 _____ C:\ComboFix.txt
2013-09-19 19:21 - 2013-09-17 14:35 - 00000000 ____D C:\Qoobox
2013-09-19 19:18 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-19 19:07 - 2010-01-31 20:49 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 19:07 - 2010-01-31 20:49 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 19:03 - 2010-01-31 20:58 - 01875165 _____ C:\Windows\WindowsUpdate.log
2013-09-19 18:59 - 2013-09-09 15:43 - 00645525 _____ C:\Windows\setupact.log
2013-09-19 18:59 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 18:58 - 2013-09-17 14:34 - 00000000 ____D C:\Windows\erdnt
2013-09-19 18:58 - 2013-09-11 11:50 - 00242716 _____ C:\Windows\PFRO.log
2013-09-19 18:35 - 2013-09-19 18:34 - 05128554 ____R (Swearware) C:\Users\Gerhard\Desktop\ComboFix.exe
2013-09-19 18:27 - 2013-09-11 11:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-18 16:27 - 2013-09-18 16:20 - 00003525 _____ C:\Users\Gerhard\.ganttproject
2013-09-18 16:27 - 2013-09-18 16:14 - 00001523 _____ C:\Users\Gerhard\ganttproject.log
2013-09-18 16:27 - 2010-01-31 20:50 - 00000000 ____D C:\Users\Gerhard
2013-09-18 16:17 - 2013-09-18 16:17 - 00003272 _____ C:\Users\Gerhard\Documents\Tag der  yyyy.gan
2013-09-18 16:14 - 2013-09-18 16:14 - 00001982 _____ C:\Users\Public\Desktop\GanttProject.lnk
2013-09-18 16:14 - 2013-09-18 16:14 - 00000000 ____D C:\Program Files\GanttProject-2.6
2013-09-18 16:13 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473(1).exe
2013-09-18 16:13 - 2013-09-18 16:12 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473.exe
2013-09-18 15:48 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\The Hobbit
2013-09-18 14:25 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-18 12:25 - 2013-09-18 12:25 - 00079360 _____ C:\Users\Gerhard\Downloads\Project_Planning.xls
2013-09-18 12:21 - 2013-09-18 12:21 - 01124243 _____ C:\Users\Gerhard\Downloads\projplan.exe
2013-09-18 12:21 - 2013-09-18 12:21 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\SmartTools
2013-09-18 12:17 - 2013-09-18 12:17 - 00015918 _____ C:\Users\Gerhard\Documents\Projektplan klein.xlsx
2013-09-18 11:26 - 2012-11-01 21:21 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Facebook
2013-09-17 19:27 - 2013-09-17 19:26 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\The Hobbit
2013-09-17 19:25 - 2012-03-10 09:47 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-17 19:19 - 2010-01-31 15:33 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-17 19:18 - 2013-09-17 19:18 - 00002019 _____ C:\Users\Public\Desktop\DER HOBBIT spielen.lnk
2013-09-17 18:23 - 2013-09-17 18:23 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 15:02 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-17 14:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-16 15:32 - 2013-09-16 15:32 - 00042019 _____ C:\Users\Gerhard\Downloads\FRST.txt
2013-09-16 15:32 - 2013-09-16 15:31 - 00025506 _____ C:\Users\Gerhard\Downloads\Addition.txt
2013-09-16 15:30 - 2013-09-16 15:30 - 00000000 ____D C:\FRST
2013-09-16 15:29 - 2013-09-19 20:54 - 01084083 _____ (Farbar) C:\Users\Gerhard\Desktop\FRST.exe
2013-09-16 15:29 - 2013-09-16 15:29 - 01084083 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST.exe
2013-09-13 06:43 - 2010-01-31 21:05 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 06:42 - 2010-06-15 09:12 - 00000000 ____D C:\Users\Gerhard\.gimp-2.6
2013-09-13 06:35 - 2013-09-13 06:35 - 00003429 _____ C:\Users\Gerhard\.recently-used.xbel
2013-09-13 06:35 - 2010-06-15 09:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\gtk-2.0
2013-09-12 14:58 - 2013-08-19 08:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-09-11 18:29 - 2013-09-11 18:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 18:29 - 2013-09-11 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 18:29 - 2013-08-19 08:08 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-11 18:28 - 2010-04-13 08:12 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Adobe
2013-09-11 18:19 - 2012-04-01 07:13 - 00000000 ____D C:\Program Files\gs
2013-09-11 18:17 - 2012-02-13 21:17 - 00000000 ____D C:\Program Files\NCH Software
2013-09-11 18:12 - 2010-11-17 20:46 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-09-11 18:09 - 2012-02-12 10:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Electronic Arts
2013-09-11 18:09 - 2012-02-12 10:46 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-09-11 18:09 - 2012-02-12 10:27 - 00000000 ____D C:\Program Files\Electronic Arts
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-11 17:58 - 2013-09-11 17:58 - 00000000 ____D C:\Users\Gerhard\Documents\Optimizer Pro
2013-09-11 17:49 - 2013-09-11 17:49 - 01088152 _____ (InstallManager) C:\Users\Gerhard\Downloads\Setup(1).exe
2013-09-11 17:48 - 2013-09-11 17:48 - 01088152 _____ (InstallManager) C:\Users\Gerhard\Downloads\Setup.exe
2013-09-11 17:36 - 2013-03-25 13:51 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-09-11 14:54 - 2013-09-11 14:54 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT (1).exe
2013-09-11 14:53 - 2013-09-11 14:53 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT.exe
2013-09-11 14:53 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-11 14:41 - 2013-09-11 14:39 - 00008704 ___SH C:\Users\Gerhard\Thumbs.db
2013-09-11 14:17 - 2009-07-14 06:33 - 00437440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 14:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 13:18 - 2013-08-01 14:38 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 13:16 - 2011-12-30 09:41 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 11:50 - 2010-04-13 08:11 - 00000000 ____D C:\Program Files\Google
2013-09-11 11:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gerhard\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-09-11 11:10 - 2013-09-11 11:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gerhard\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-11 10:51 - 2011-12-18 16:39 - 00001608 _____ C:\Users\Christoph\Desktop\gothic2-artwork_008 - Verknüpfung.lnk
2013-09-11 10:39 - 2012-06-09 15:12 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-11 10:37 - 2013-09-11 10:37 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Gerhard\Downloads\SpyHunter-Installer.exe
2013-09-11 09:29 - 2013-09-11 09:29 - 00001126 _____ C:\Users\Public\Desktop\Opera.lnk
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Program Files\Opera
2013-09-11 09:28 - 2013-09-11 09:27 - 32093736 _____ (Opera Software ASA) C:\Users\Gerhard\Downloads\Opera_16.0.1196.73_Setup.exe
2013-09-11 09:14 - 2010-04-13 08:32 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Google
2013-09-11 09:14 - 2010-04-13 08:11 - 00000000 ____D C:\ProgramData\Google
2013-09-11 08:59 - 2011-02-28 12:45 - 00000000 ____D C:\Users\Gerhard\Desktop\für Schulwebseite
2013-09-11 08:38 - 2013-09-03 18:58 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-11 08:15 - 2013-09-19 19:28 - 01037278 _____ C:\Users\Gerhard\Desktop\adwcleaner.exe
2013-09-11 08:15 - 2013-09-11 08:15 - 01037278 _____ C:\Users\Gerhard\Downloads\adwcleaner.exe
2013-09-09 16:39 - 2011-09-13 13:51 - 00000000 ____D C:\Windows\pss
2013-09-09 16:33 - 2012-10-29 17:03 - 00000000 ___RD C:\Users\Gerhard\Dropbox
2013-09-09 16:33 - 2012-10-29 16:46 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Dropbox
2013-09-09 16:31 - 2010-01-31 15:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-09 16:31 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 16:11 - 2013-09-03 19:01 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Freemium
2013-09-09 15:55 - 2013-09-09 15:55 - 00000596 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-09 15:47 - 2013-09-09 15:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Software Updater
2013-09-09 15:43 - 2013-09-09 15:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 15:57 - 2013-09-08 15:57 - 00001104 _____ C:\Users\Gerhard\Desktop\appsmaker OptimalPC.lnk
2013-09-08 10:27 - 2013-02-24 19:59 - 00000000 ____D C:\Users\Gerhard\Documents\Eigene Scans
2013-09-08 10:27 - 2013-02-10 11:36 - 00000000 ____D C:\xampp
2013-09-08 10:27 - 2013-01-02 14:54 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\.minecraft
2013-09-08 10:27 - 2012-12-08 19:18 - 00000000 ____D C:\Users\Sandra\AppData\Local\LogMeIn Hamachi
2013-09-08 10:27 - 2012-11-28 17:18 - 00000000 ____D C:\Users\Christoph\AppData\Local\LogMeIn Hamachi
2013-09-08 10:27 - 2012-11-28 15:02 - 00000000 ____D C:\Users\Gerhard\Downloads\Minecraft Server
2013-09-08 10:27 - 2012-05-01 15:54 - 00000000 ____D C:\Users\Sandra\Documents\Samsung Galaxy Mini
2013-09-08 10:27 - 2012-04-29 16:23 - 00000000 ____D C:\Users\Christoph\Documents\Galaxy S2
2013-09-08 10:27 - 2012-01-31 16:58 - 00000000 ____D C:\Users\Christoph\Documents\DVDVideoSoft
2013-09-08 10:27 - 2011-07-02 20:05 - 00000000 ____D C:\Program Files\Palm
2013-09-08 10:27 - 2010-11-30 19:49 - 00000000 ____D C:\Users\Gerhard\Documents\Add-in Express
2013-09-08 10:27 - 2010-01-31 20:45 - 00000000 ____D C:\Windows\Panther
2013-09-08 10:27 - 2010-01-31 14:55 - 00000000 ____D C:\Users\Gerhard\AppData\Local\VirtualStore
2013-09-08 10:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Msdtc
2013-09-08 07:26 - 2013-09-08 07:26 - 00001144 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-08 07:26 - 2013-02-07 08:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-03 19:09 - 2010-12-01 20:32 - 00000000 ____D C:\Windows\Minidump
2013-09-03 18:58 - 2013-09-03 18:58 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-09-03 18:55 - 2013-09-03 18:55 - 00444408 _____ C:\Users\Gerhard\Downloads\free-system-utilities-DE.exe
2013-09-01 08:35 - 2013-09-01 08:35 - 22240760 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox_Setup_23.0.1.exe
2013-08-30 09:48 - 2013-09-11 14:53 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-11 14:53 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2012-12-26 08:37 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2012-06-14 07:12 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2011-02-03 21:38 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 09:47 - 2010-02-01 14:55 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-24 18:36 - 2010-02-01 14:56 - 00002085 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-24 18:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-08-24 18:32 - 2010-04-13 08:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-24 18:32 - 2010-04-13 08:14 - 00000000 ____D C:\Program Files\Adobe
2013-08-24 18:32 - 2010-02-11 18:48 - 00000000 ____D C:\Users\Sandra
2013-08-24 18:32 - 2010-02-01 20:20 - 00000000 ____D C:\Users\Christoph
2013-08-24 18:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-08-24 18:29 - 2010-01-31 16:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Adobe

Files to move or delete:
====================
C:\Users\Gerhard\nitro_pdf_professional6_de.exe
C:\Users\Public\[freeware.de]Core-Temp-setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-18 13:20

==================== End Of Log ============================
--- --- ---


Danke!

Alt 19.09.2013, 22:28   #9
Bootsektor
Ruhe in Frieden
† 2019
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hallo ghackl,
die Logs sehen gut aus.
Macht der Rechner noch Probleme?

Schritt 1
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 2
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
Alt 21.09.2013, 07:59   #10
ghackl
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hallo!

Danke für die Unterstützung. Ich habe die drei Programme ausgeführt. Der Rechner läuft wieder einwandfrei. Ich denke das ist erledigt.

Vielen Dank!

Hier noch die Logdateien.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.20.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9431.194
Gerhard :: ASTERIX [Administrator]

Schutz: Deaktiviert

20.09.2013 21:32:56
mbam-log-2013-09-20 (21-32-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 272257
Laufzeit: 6 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Gerhard\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\Users\Gerhard\Downloads\Setup(1).exe (PUP.Optional.IBryte) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerhard\Downloads\Setup.exe (PUP.Optional.IBryte) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gerhard\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9f899566e932e1449112c4079404556d
# engine=15204
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-21 06:44:03
# local_time=2013-09-21 08:44:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 67500 131377034 0 0
# scanned=374373
# found=0
# cleaned=0
# scan_time=7145
und

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013
Ran by Gerhard (administrator) on ASTERIX on 21-09-2013 08:55:30
Running from C:\Users\Gerhard\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
() C:\Program Files\Opera\16.0.1196.73\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(FileZilla Project) C:\Program Files\FileZilla FTP Client\filezilla.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Christoph\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Christoph\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\Christoph\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe -update plugin
HKU\Christoph\...\Policies\system: [LogonHoursAction] 2
HKU\Christoph\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sandra\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Sandra\...\Policies\system: [LogonHoursAction] 2
HKU\Sandra\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=12180030673B53CE&affID=121240&tsp=5002
SearchScopes: HKCU - {2106394C-51CA-44D0-8605-33CABCB2F0FA} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {32882D0E-3D83-453C-9A27-040D73F4C672} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {5526EAEE-2E41-42FE-B997-C268A3D3C840} URL = hxxp://at.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F61742E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D39333738313126703D7B7365617263685465726D737D&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {58E9CEE7-94AA-4E1F-B12F-33B83D06FC72} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6995AFC5-C518-4CE0-8337-15E96A030491} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937414452415F6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {99F93A0D-98C3-4FF9-8564-34D1BD090F74} URL = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432323639303530&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {CF4DFCC6-8A1C-41CA-B6EC-FFA355D191C8} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {E1418032-0EE4-454A-8419-60680FD2DA78} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {F335605E-9705-4F57-84D7-89DA79B85F97} URL = hxxp://search.softonic.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E736F66746F6E69632E636F6D2F4D4F4E30303031352F74625F76313F713D7B7365617263685465726D737D26536561726368536F757263653D342663633D26723D393834&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gerhard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 dgdersvc; C:\Windows\system32\dgdersvc.exe [95568 2009-12-22] (Devguru Co., Ltd.)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [108032 2013-08-09] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 AMOptimalDiskService; C:\Program Files\Common Files\OptimalSuite Common\AMDSrv.exe [x]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [x]
S4 SpeedBoosterSvc; C:\Program Files\Common Files\OptimalSuite Common\BoostService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
S3 Cardex; C:\Windows\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 Edspport; C:\Windows\System32\DRIVERS\es56tpi.sys [450892 2001-10-19] (Creative Labs,Inc.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2009-12-22] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 mbmiodrvr; C:\Windows\system32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Gerhard\AppData\Local\Temp\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-21 08:55 - 2013-09-21 08:55 - 00000000 _____ C:\Users\Gerhard\Desktop\FRST.txt
2013-09-21 08:52 - 2013-09-16 15:29 - 01084083 _____ (Farbar) C:\Users\Gerhard\FRST.exe
2013-09-21 08:47 - 2013-09-13 16:13 - 00000000 ____D C:\Users\Gerhard\Downloads\moodle
2013-09-21 07:34 - 2013-09-21 07:36 - 40718902 _____ C:\Users\Gerhard\Downloads\moodle-latest-25.zip
2013-09-21 06:41 - 2013-09-21 06:41 - 02347384 _____ (ESET) C:\Users\Gerhard\Downloads\esetsmartinstaller_enu.exe
2013-09-21 06:41 - 2013-09-21 06:41 - 00000000 ____D C:\Program Files\ESET
2013-09-20 21:32 - 2013-09-20 21:32 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-20 21:32 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit 
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit 
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit
2013-09-19 19:26 - 2013-09-19 19:27 - 01039554 _____ C:\Users\Gerhard\Downloads\adwcleaner (1).exe
2013-09-19 19:21 - 2013-09-19 19:21 - 00024708 _____ C:\ComboFix.txt
2013-09-19 18:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-18 16:20 - 2013-09-18 16:27 - 00003525 _____ C:\Users\Gerhard\.ganttproject
2013-09-18 16:17 - 2013-09-18 16:17 - 00003272 _____ C:\Users\Gerhard\Documents\Tag der  yyyy.gan
2013-09-18 16:14 - 2013-09-18 16:27 - 00001523 _____ C:\Users\Gerhard\ganttproject.log
2013-09-18 16:14 - 2013-09-18 16:14 - 00001982 _____ C:\Users\Public\Desktop\GanttProject.lnk
2013-09-18 16:14 - 2013-09-18 16:14 - 00000000 ____D C:\Program Files\GanttProject-2.6
2013-09-18 16:13 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473(1).exe
2013-09-18 16:12 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473.exe
2013-09-18 14:25 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\The Hobbit
2013-09-18 14:25 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-18 12:25 - 2013-09-18 12:25 - 00079360 _____ C:\Users\Gerhard\Downloads\Project_Planning.xls
2013-09-18 12:21 - 2013-09-18 12:21 - 01124243 _____ C:\Users\Gerhard\Downloads\projplan.exe
2013-09-18 12:21 - 2013-09-18 12:21 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\SmartTools
2013-09-18 12:17 - 2013-09-18 12:17 - 00015918 _____ C:\Users\Gerhard\Documents\Projektplan klein.xlsx
2013-09-17 19:26 - 2013-09-17 19:27 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\The Hobbit
2013-09-17 19:18 - 2013-09-17 19:18 - 00002019 _____ C:\Users\Public\Desktop\DER HOBBIT spielen.lnk
2013-09-17 18:23 - 2013-09-17 18:23 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 14:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 14:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 14:35 - 2013-09-19 19:21 - 00000000 ____D C:\Qoobox
2013-09-17 14:34 - 2013-09-19 18:58 - 00000000 ____D C:\Windows\erdnt
2013-09-16 15:32 - 2013-09-16 15:32 - 00042019 _____ C:\Users\Gerhard\Downloads\FRST.txt
2013-09-16 15:31 - 2013-09-16 15:32 - 00025506 _____ C:\Users\Gerhard\Downloads\Addition.txt
2013-09-16 15:30 - 2013-09-16 15:30 - 00000000 ____D C:\FRST
2013-09-16 15:29 - 2013-09-16 15:29 - 01084083 _____ (Farbar) C:\Users\Gerhard\Desktop\FRST.exe
2013-09-13 06:35 - 2013-09-13 06:35 - 00003429 _____ C:\Users\Gerhard\.recently-used.xbel
2013-09-11 18:29 - 2013-09-21 07:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 18:29 - 2013-09-11 18:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 18:29 - 2013-09-11 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-11 14:54 - 2013-09-11 14:54 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT (1).exe
2013-09-11 14:53 - 2013-09-11 14:53 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT.exe
2013-09-11 14:53 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-11 14:53 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-11 14:39 - 2013-09-11 14:41 - 00008704 ___SH C:\Users\Gerhard\Thumbs.db
2013-09-11 13:19 - 2013-08-07 06:30 - 02724352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 13:19 - 2013-08-07 06:10 - 16981504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 13:19 - 2013-08-07 05:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 13:19 - 2013-08-07 05:47 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 13:19 - 2013-08-07 04:54 - 04247040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 13:19 - 2013-08-07 04:28 - 11087360 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 13:19 - 2013-08-07 03:50 - 01788928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 13:19 - 2013-08-07 03:49 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 11:50 - 2013-09-20 22:19 - 00243742 _____ C:\Windows\PFRO.log
2013-09-11 11:12 - 2013-09-20 21:32 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 10:37 - 2013-09-11 10:37 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Gerhard\Downloads\SpyHunter-Installer.exe
2013-09-11 09:29 - 2013-09-11 09:29 - 00001126 _____ C:\Users\Public\Desktop\Opera.lnk
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Program Files\Opera
2013-09-11 09:27 - 2013-09-11 09:28 - 32093736 _____ (Opera Software ASA) C:\Users\Gerhard\Downloads\Opera_16.0.1196.73_Setup.exe
2013-09-11 09:03 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:03 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:03 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:03 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:03 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:03 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:03 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:03 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:15 - 2013-09-19 19:29 - 00000000 ____D C:\AdwCleaner
2013-09-11 08:15 - 2013-09-11 08:15 - 01037278 _____ C:\Users\Gerhard\Downloads\adwcleaner.exe
2013-09-09 15:55 - 2013-09-09 15:55 - 00000596 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-09 15:47 - 2013-09-09 15:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Software Updater
2013-09-09 15:43 - 2013-09-21 06:37 - 00806707 _____ C:\Windows\setupact.log
2013-09-09 15:43 - 2013-09-09 15:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 15:57 - 2013-09-08 15:57 - 00001104 _____ C:\Users\Gerhard\Desktop\appsmaker OptimalPC.lnk
2013-09-08 07:26 - 2013-09-08 07:26 - 00001144 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-03 19:01 - 2013-09-09 16:11 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Freemium
2013-09-03 18:59 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-09-03 18:58 - 2013-09-11 08:38 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-03 18:58 - 2013-09-03 18:58 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-09-03 18:55 - 2013-09-03 18:55 - 00444408 _____ C:\Users\Gerhard\Downloads\free-system-utilities-DE.exe
2013-09-03 18:39 - 2012-09-18 15:26 - 00365568 _____ C:\Windows\system32\ZSHP1020.EXE
2013-09-03 18:39 - 2012-09-18 15:26 - 00169472 _____ C:\Windows\system32\ZLhp1020.DLL
2013-09-03 18:34 - 2006-07-30 19:00 - 00028672 _____ (Zenographics, Inc.) C:\Windows\system32\IMF32.DLL
2013-09-03 18:34 - 2006-07-30 19:00 - 00024576 _____ (Zenographics, Inc.) C:\Windows\system32\ZTAG32.DLL
2013-09-01 08:35 - 2013-09-01 08:35 - 22240760 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox_Setup_23.0.1.exe
2013-08-25 18:13 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-25 18:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-25 18:13 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-25 18:13 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-25 18:12 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-25 18:12 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-25 18:12 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-25 18:12 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-25 18:12 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-25 18:12 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-21 08:55 - 2013-09-21 08:55 - 00000000 _____ C:\Users\Gerhard\Desktop\FRST.txt
2013-09-21 08:52 - 2010-02-11 15:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\FileZilla
2013-09-21 08:52 - 2010-01-31 20:50 - 00000000 ____D C:\Users\Gerhard
2013-09-21 07:56 - 2013-09-11 18:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-21 07:36 - 2013-09-21 07:34 - 40718902 _____ C:\Users\Gerhard\Downloads\moodle-latest-25.zip
2013-09-21 06:46 - 2010-01-31 20:49 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-21 06:46 - 2010-01-31 20:49 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-21 06:42 - 2010-01-31 20:58 - 01937400 _____ C:\Windows\WindowsUpdate.log
2013-09-21 06:41 - 2013-09-21 06:41 - 02347384 _____ (ESET) C:\Users\Gerhard\Downloads\esetsmartinstaller_enu.exe
2013-09-21 06:41 - 2013-09-21 06:41 - 00000000 ____D C:\Program Files\ESET
2013-09-21 06:37 - 2013-09-09 15:43 - 00806707 _____ C:\Windows\setupact.log
2013-09-21 06:37 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-20 22:19 - 2013-09-11 11:50 - 00243742 _____ C:\Windows\PFRO.log
2013-09-20 21:32 - 2013-09-20 21:32 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-20 21:32 - 2013-09-11 11:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-20 20:49 - 2010-01-31 21:19 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Microsoft Help
2013-09-20 20:34 - 2011-02-28 12:45 - 00000000 ____D C:\Users\Gerhard\Desktop\für Schulwebseite
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit 
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit 
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit
2013-09-19 20:54 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-19 20:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-19 19:29 - 2013-09-11 08:15 - 00000000 ____D C:\AdwCleaner
2013-09-19 19:27 - 2013-09-19 19:26 - 01039554 _____ C:\Users\Gerhard\Downloads\adwcleaner (1).exe
2013-09-19 19:21 - 2013-09-19 19:21 - 00024708 _____ C:\ComboFix.txt
2013-09-19 19:21 - 2013-09-17 14:35 - 00000000 ____D C:\Qoobox
2013-09-19 19:18 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-19 18:58 - 2013-09-17 14:34 - 00000000 ____D C:\Windows\erdnt
2013-09-18 16:27 - 2013-09-18 16:20 - 00003525 _____ C:\Users\Gerhard\.ganttproject
2013-09-18 16:27 - 2013-09-18 16:14 - 00001523 _____ C:\Users\Gerhard\ganttproject.log
2013-09-18 16:17 - 2013-09-18 16:17 - 00003272 _____ C:\Users\Gerhard\Documents\Tag der  yyyy.gan
2013-09-18 16:14 - 2013-09-18 16:14 - 00001982 _____ C:\Users\Public\Desktop\GanttProject.lnk
2013-09-18 16:14 - 2013-09-18 16:14 - 00000000 ____D C:\Program Files\GanttProject-2.6
2013-09-18 16:13 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473(1).exe
2013-09-18 16:13 - 2013-09-18 16:12 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473.exe
2013-09-18 15:48 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\The Hobbit
2013-09-18 14:25 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-18 12:25 - 2013-09-18 12:25 - 00079360 _____ C:\Users\Gerhard\Downloads\Project_Planning.xls
2013-09-18 12:21 - 2013-09-18 12:21 - 01124243 _____ C:\Users\Gerhard\Downloads\projplan.exe
2013-09-18 12:21 - 2013-09-18 12:21 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\SmartTools
2013-09-18 12:17 - 2013-09-18 12:17 - 00015918 _____ C:\Users\Gerhard\Documents\Projektplan klein.xlsx
2013-09-18 11:26 - 2012-11-01 21:21 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Facebook
2013-09-17 19:27 - 2013-09-17 19:26 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\The Hobbit
2013-09-17 19:25 - 2012-03-10 09:47 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-17 19:19 - 2010-01-31 15:33 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-17 19:18 - 2013-09-17 19:18 - 00002019 _____ C:\Users\Public\Desktop\DER HOBBIT spielen.lnk
2013-09-17 18:23 - 2013-09-17 18:23 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 15:02 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-17 14:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-16 15:32 - 2013-09-16 15:32 - 00042019 _____ C:\Users\Gerhard\Downloads\FRST.txt
2013-09-16 15:32 - 2013-09-16 15:31 - 00025506 _____ C:\Users\Gerhard\Downloads\Addition.txt
2013-09-16 15:30 - 2013-09-16 15:30 - 00000000 ____D C:\FRST
2013-09-16 15:29 - 2013-09-21 08:52 - 01084083 _____ (Farbar) C:\Users\Gerhard\FRST.exe
2013-09-16 15:29 - 2013-09-16 15:29 - 01084083 _____ (Farbar) C:\Users\Gerhard\Desktop\FRST.exe
2013-09-13 16:13 - 2013-09-21 08:47 - 00000000 ____D C:\Users\Gerhard\Downloads\moodle
2013-09-13 06:43 - 2010-01-31 21:05 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 06:42 - 2010-06-15 09:12 - 00000000 ____D C:\Users\Gerhard\.gimp-2.6
2013-09-13 06:35 - 2013-09-13 06:35 - 00003429 _____ C:\Users\Gerhard\.recently-used.xbel
2013-09-13 06:35 - 2010-06-15 09:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\gtk-2.0
2013-09-12 14:58 - 2013-08-19 08:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-09-11 18:29 - 2013-09-11 18:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 18:29 - 2013-09-11 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 18:29 - 2013-08-19 08:08 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-11 18:28 - 2010-04-13 08:12 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Adobe
2013-09-11 18:19 - 2012-04-01 07:13 - 00000000 ____D C:\Program Files\gs
2013-09-11 18:17 - 2012-02-13 21:17 - 00000000 ____D C:\Program Files\NCH Software
2013-09-11 18:12 - 2010-11-17 20:46 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-09-11 18:09 - 2012-02-12 10:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Electronic Arts
2013-09-11 18:09 - 2012-02-12 10:46 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-09-11 18:09 - 2012-02-12 10:27 - 00000000 ____D C:\Program Files\Electronic Arts
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-11 17:36 - 2013-03-25 13:51 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-09-11 14:54 - 2013-09-11 14:54 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT (1).exe
2013-09-11 14:53 - 2013-09-11 14:53 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT.exe
2013-09-11 14:53 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-11 14:41 - 2013-09-11 14:39 - 00008704 ___SH C:\Users\Gerhard\Thumbs.db
2013-09-11 14:17 - 2009-07-14 06:33 - 00437440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 14:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 13:18 - 2013-08-01 14:38 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 13:16 - 2011-12-30 09:41 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 11:50 - 2010-04-13 08:11 - 00000000 ____D C:\Program Files\Google
2013-09-11 11:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 10:51 - 2011-12-18 16:39 - 00001608 _____ C:\Users\Christoph\Desktop\gothic2-artwork_008 - Verknüpfung.lnk
2013-09-11 10:39 - 2012-06-09 15:12 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-11 10:37 - 2013-09-11 10:37 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Gerhard\Downloads\SpyHunter-Installer.exe
2013-09-11 09:29 - 2013-09-11 09:29 - 00001126 _____ C:\Users\Public\Desktop\Opera.lnk
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Program Files\Opera
2013-09-11 09:28 - 2013-09-11 09:27 - 32093736 _____ (Opera Software ASA) C:\Users\Gerhard\Downloads\Opera_16.0.1196.73_Setup.exe
2013-09-11 09:14 - 2010-04-13 08:32 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Google
2013-09-11 09:14 - 2010-04-13 08:11 - 00000000 ____D C:\ProgramData\Google
2013-09-11 08:38 - 2013-09-03 18:58 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-11 08:15 - 2013-09-11 08:15 - 01037278 _____ C:\Users\Gerhard\Downloads\adwcleaner.exe
2013-09-09 16:39 - 2011-09-13 13:51 - 00000000 ____D C:\Windows\pss
2013-09-09 16:33 - 2012-10-29 17:03 - 00000000 ___RD C:\Users\Gerhard\Dropbox
2013-09-09 16:33 - 2012-10-29 16:46 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Dropbox
2013-09-09 16:31 - 2010-01-31 15:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-09 16:31 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 16:11 - 2013-09-03 19:01 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Freemium
2013-09-09 15:55 - 2013-09-09 15:55 - 00000596 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-09 15:47 - 2013-09-09 15:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Software Updater
2013-09-09 15:43 - 2013-09-09 15:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 15:57 - 2013-09-08 15:57 - 00001104 _____ C:\Users\Gerhard\Desktop\appsmaker OptimalPC.lnk
2013-09-08 10:27 - 2013-02-24 19:59 - 00000000 ____D C:\Users\Gerhard\Documents\Eigene Scans
2013-09-08 10:27 - 2013-02-10 11:36 - 00000000 ____D C:\xampp
2013-09-08 10:27 - 2013-01-02 14:54 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\.minecraft
2013-09-08 10:27 - 2012-12-08 19:18 - 00000000 ____D C:\Users\Sandra\AppData\Local\LogMeIn Hamachi
2013-09-08 10:27 - 2012-11-28 17:18 - 00000000 ____D C:\Users\Christoph\AppData\Local\LogMeIn Hamachi
2013-09-08 10:27 - 2012-11-28 15:02 - 00000000 ____D C:\Users\Gerhard\Downloads\Minecraft Server
2013-09-08 10:27 - 2012-05-01 15:54 - 00000000 ____D C:\Users\Sandra\Documents\Samsung Galaxy Mini
2013-09-08 10:27 - 2012-04-29 16:23 - 00000000 ____D C:\Users\Christoph\Documents\Galaxy S2
2013-09-08 10:27 - 2012-01-31 16:58 - 00000000 ____D C:\Users\Christoph\Documents\DVDVideoSoft
2013-09-08 10:27 - 2011-07-02 20:05 - 00000000 ____D C:\Program Files\Palm
2013-09-08 10:27 - 2010-11-30 19:49 - 00000000 ____D C:\Users\Gerhard\Documents\Add-in Express
2013-09-08 10:27 - 2010-01-31 20:45 - 00000000 ____D C:\Windows\Panther
2013-09-08 10:27 - 2010-01-31 14:55 - 00000000 ____D C:\Users\Gerhard\AppData\Local\VirtualStore
2013-09-08 10:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Msdtc
2013-09-08 07:26 - 2013-09-08 07:26 - 00001144 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-08 07:26 - 2013-02-07 08:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-03 19:09 - 2010-12-01 20:32 - 00000000 ____D C:\Windows\Minidump
2013-09-03 18:58 - 2013-09-03 18:58 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-09-03 18:55 - 2013-09-03 18:55 - 00444408 _____ C:\Users\Gerhard\Downloads\free-system-utilities-DE.exe
2013-09-01 08:35 - 2013-09-01 08:35 - 22240760 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox_Setup_23.0.1.exe
2013-08-30 09:48 - 2013-09-11 14:53 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-11 14:53 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2012-12-26 08:37 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2012-06-14 07:12 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2011-02-03 21:38 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 09:47 - 2010-02-01 14:55 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-24 18:36 - 2010-02-01 14:56 - 00002085 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-24 18:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-08-24 18:32 - 2010-04-13 08:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-24 18:32 - 2010-04-13 08:14 - 00000000 ____D C:\Program Files\Adobe
2013-08-24 18:32 - 2010-02-11 18:48 - 00000000 ____D C:\Users\Sandra
2013-08-24 18:32 - 2010-02-01 20:20 - 00000000 ____D C:\Users\Christoph
2013-08-24 18:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-08-24 18:29 - 2010-01-31 16:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Adobe

Files to move or delete:
====================
C:\Users\Gerhard\FRST.exe
C:\Users\Gerhard\nitro_pdf_professional6_de.exe
C:\Users\Public\[freeware.de]Core-Temp-setup.exe


Some content of TEMP:
====================
C:\Users\Gerhard\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntf16.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntf32.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntfNT.dll
C:\Users\Sandra\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Sandra\AppData\Local\Temp\SIntf16.dll
C:\Users\Sandra\AppData\Local\Temp\SIntf32.dll
C:\Users\Sandra\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-18 13:20

==================== End Of Log ============================
--- --- ---


Danke an alle die mir geholfen haben!

Alt 21.09.2013, 16:19   #11
Bootsektor
Ruhe in Frieden
† 2019
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hallo ghackl,
dein Log ist noch nicht ganz sauber, es befinden sich noch Reste von adware darauf.

Schritt 1
Bitte deinstalliere folgendes Programm:
Skype Toolbars
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Schritt 2
Bitte führe noch folgenden Fix durch.
Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=12180030673B53CE&affID=121240&tsp=5002
SearchScopes: HKCU - {2106394C-51CA-44D0-8605-33CABCB2F0FA} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {32882D0E-3D83-453C-9A27-040D73F4C672} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {5526EAEE-2E41-42FE-B997-C268A3D3C840} URL = hxxp://at.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F61742E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D39333738313126703D7B7365617263685465726D737D&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {58E9CEE7-94AA-4E1F-B12F-33B83D06FC72} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6995AFC5-C518-4CE0-8337-15E96A030491} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937414452415F6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {99F93A0D-98C3-4FF9-8564-34D1BD090F74} URL = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432323639303530&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {CF4DFCC6-8A1C-41CA-B6EC-FFA355D191C8} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {E1418032-0EE4-454A-8419-60680FD2DA78} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {F335605E-9705-4F57-84D7-89DA79B85F97} URL = hxxp://search.softonic.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E736F66746F6E69632E636F6D2F4D4F4E30303031352F74625F76313F713D7B7365617263685465726D737D26536561726368536F757263653D342663633D26723D393834&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
Schritt 3
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
Alt 22.09.2013, 10:35   #12
ghackl
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Danke für dein Bemühen!

Hier die logdatei:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-09-2013
Ran by Gerhard (administrator) on ASTERIX on 22-09-2013 11:32:42
Running from C:\Users\Gerhard\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Dropbox, Inc.) C:\Users\Gerhard\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
() C:\Program Files\Opera\16.0.1196.73\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Gerhard\Desktop\FRST (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Christoph\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Christoph\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\Christoph\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe -update plugin
HKU\Christoph\...\Policies\system: [LogonHoursAction] 2
HKU\Christoph\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sandra\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Sandra\...\Policies\system: [LogonHoursAction] 2
HKU\Sandra\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gerhard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=12180030673B53CE&affID=121240&tsp=5002
SearchScopes: HKCU - {2106394C-51CA-44D0-8605-33CABCB2F0FA} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {32882D0E-3D83-453C-9A27-040D73F4C672} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {5526EAEE-2E41-42FE-B997-C268A3D3C840} URL = hxxp://at.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F61742E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D39333738313126703D7B7365617263685465726D737D&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {58E9CEE7-94AA-4E1F-B12F-33B83D06FC72} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6995AFC5-C518-4CE0-8337-15E96A030491} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937414452415F6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {99F93A0D-98C3-4FF9-8564-34D1BD090F74} URL = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432323639303530&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {CF4DFCC6-8A1C-41CA-B6EC-FFA355D191C8} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {E1418032-0EE4-454A-8419-60680FD2DA78} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {F335605E-9705-4F57-84D7-89DA79B85F97} URL = hxxp://search.softonic.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E736F66746F6E69632E636F6D2F4D4F4E30303031352F74625F76313F713D7B7365617263685465726D737D26536561726368536F757263653D342663633D26723D393834&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426
FF user.js: detected! => C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\user.js
FF Homepage: https://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gerhard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 dgdersvc; C:\Windows\system32\dgdersvc.exe [95568 2009-12-22] (Devguru Co., Ltd.)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [108032 2013-08-09] (Microsoft Corporation)
S4 AMOptimalDiskService; C:\Program Files\Common Files\OptimalSuite Common\AMDSrv.exe [x]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [x]
S4 SpeedBoosterSvc; C:\Program Files\Common Files\OptimalSuite Common\BoostService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
S3 Cardex; C:\Windows\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 Edspport; C:\Windows\System32\DRIVERS\es56tpi.sys [450892 2001-10-19] (Creative Labs,Inc.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2009-12-22] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 mbmiodrvr; C:\Windows\system32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Gerhard\AppData\Local\Temp\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-22 11:30 - 2013-09-22 11:30 - 01089757 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST (2).exe
2013-09-22 11:29 - 2013-09-22 11:30 - 01089757 _____ (Farbar) C:\Users\Gerhard\Desktop\FRST (1).exe
2013-09-22 11:29 - 2013-09-22 11:29 - 01089757 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST.exe
2013-09-22 08:24 - 2013-09-22 08:25 - 32966136 _____ (Dropbox, Inc.) C:\Users\Gerhard\Downloads\Dropbox 2.0.26(1).exe
2013-09-22 08:23 - 2013-09-22 08:24 - 32966136 _____ (Dropbox, Inc.) C:\Users\Gerhard\Downloads\Dropbox 2.0.26.exe
2013-09-21 12:50 - 2013-09-21 12:51 - 00000000 ____D C:\Users\Gerhard\Downloads\moodle1
2013-09-21 08:52 - 2013-09-16 15:29 - 01084083 _____ (Farbar) C:\Users\Gerhard\FRST.exe
2013-09-21 08:47 - 2013-05-21 17:05 - 00000000 ____D C:\Users\Gerhard\Downloads\moodle
2013-09-21 07:34 - 2013-09-21 07:36 - 40718902 _____ C:\Users\Gerhard\Downloads\moodle-latest-25.zip
2013-09-21 06:41 - 2013-09-21 06:41 - 02347384 _____ (ESET) C:\Users\Gerhard\Downloads\esetsmartinstaller_enu.exe
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit 
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit 
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit
2013-09-19 19:26 - 2013-09-19 19:27 - 01039554 _____ C:\Users\Gerhard\Downloads\adwcleaner (1).exe
2013-09-19 19:21 - 2013-09-19 19:21 - 00024708 _____ C:\ComboFix.txt
2013-09-19 18:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-18 16:20 - 2013-09-18 16:27 - 00003525 _____ C:\Users\Gerhard\.ganttproject
2013-09-18 16:17 - 2013-09-18 16:17 - 00003272 _____ C:\Users\Gerhard\Documents\Tag der  yyyy.gan
2013-09-18 16:14 - 2013-09-18 16:27 - 00001523 _____ C:\Users\Gerhard\ganttproject.log
2013-09-18 16:14 - 2013-09-18 16:14 - 00001982 _____ C:\Users\Public\Desktop\GanttProject.lnk
2013-09-18 16:14 - 2013-09-18 16:14 - 00000000 ____D C:\Program Files\GanttProject-2.6
2013-09-18 16:13 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473(1).exe
2013-09-18 16:12 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473.exe
2013-09-18 14:25 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\The Hobbit
2013-09-18 14:25 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-18 12:25 - 2013-09-18 12:25 - 00079360 _____ C:\Users\Gerhard\Downloads\Project_Planning.xls
2013-09-18 12:21 - 2013-09-18 12:21 - 01124243 _____ C:\Users\Gerhard\Downloads\projplan.exe
2013-09-18 12:21 - 2013-09-18 12:21 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\SmartTools
2013-09-18 12:17 - 2013-09-18 12:17 - 00015918 _____ C:\Users\Gerhard\Documents\Projektplan klein.xlsx
2013-09-17 19:26 - 2013-09-17 19:27 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\The Hobbit
2013-09-17 19:18 - 2013-09-17 19:18 - 00002019 _____ C:\Users\Public\Desktop\DER HOBBIT spielen.lnk
2013-09-17 18:23 - 2013-09-17 18:23 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 14:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 14:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 14:35 - 2013-09-19 19:21 - 00000000 ____D C:\Qoobox
2013-09-17 14:34 - 2013-09-19 18:58 - 00000000 ____D C:\Windows\erdnt
2013-09-16 15:32 - 2013-09-16 15:32 - 00042019 _____ C:\Users\Gerhard\Downloads\FRST.txt
2013-09-16 15:31 - 2013-09-16 15:32 - 00025506 _____ C:\Users\Gerhard\Downloads\Addition.txt
2013-09-16 15:30 - 2013-09-16 15:30 - 00000000 ____D C:\FRST
2013-09-13 06:35 - 2013-09-13 06:35 - 00003429 _____ C:\Users\Gerhard\.recently-used.xbel
2013-09-11 18:29 - 2013-09-22 08:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 18:29 - 2013-09-11 18:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 18:29 - 2013-09-11 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-11 14:54 - 2013-09-11 14:54 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT (1).exe
2013-09-11 14:53 - 2013-09-11 14:53 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT.exe
2013-09-11 14:53 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-11 14:53 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-11 14:39 - 2013-09-11 14:41 - 00008704 ___SH C:\Users\Gerhard\Thumbs.db
2013-09-11 13:19 - 2013-08-07 06:30 - 02724352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 13:19 - 2013-08-07 06:10 - 16981504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 13:19 - 2013-08-07 05:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 13:19 - 2013-08-07 05:47 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 13:19 - 2013-08-07 04:54 - 04247040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 13:19 - 2013-08-07 04:28 - 11087360 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 13:19 - 2013-08-07 03:50 - 01788928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 13:19 - 2013-08-07 03:49 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 11:50 - 2013-09-20 22:19 - 00243742 _____ C:\Windows\PFRO.log
2013-09-11 11:12 - 2013-09-22 11:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 10:37 - 2013-09-11 10:37 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Gerhard\Downloads\SpyHunter-Installer.exe
2013-09-11 09:29 - 2013-09-11 09:29 - 00001126 _____ C:\Users\Public\Desktop\Opera.lnk
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Program Files\Opera
2013-09-11 09:27 - 2013-09-11 09:28 - 32093736 _____ (Opera Software ASA) C:\Users\Gerhard\Downloads\Opera_16.0.1196.73_Setup.exe
2013-09-11 09:03 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:03 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:03 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:03 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:03 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:03 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:03 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:03 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:15 - 2013-09-19 19:29 - 00000000 ____D C:\AdwCleaner
2013-09-11 08:15 - 2013-09-11 08:15 - 01037278 _____ C:\Users\Gerhard\Downloads\adwcleaner.exe
2013-09-09 15:55 - 2013-09-09 15:55 - 00000596 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-09 15:47 - 2013-09-09 15:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Software Updater
2013-09-09 15:43 - 2013-09-22 11:23 - 00875785 _____ C:\Windows\setupact.log
2013-09-09 15:43 - 2013-09-09 15:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 15:57 - 2013-09-08 15:57 - 00001104 _____ C:\Users\Gerhard\Desktop\appsmaker OptimalPC.lnk
2013-09-08 07:26 - 2013-09-08 07:26 - 00001144 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-03 19:01 - 2013-09-09 16:11 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Freemium
2013-09-03 18:59 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-09-03 18:58 - 2013-09-11 08:38 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-03 18:58 - 2013-09-03 18:58 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-09-03 18:55 - 2013-09-03 18:55 - 00444408 _____ C:\Users\Gerhard\Downloads\free-system-utilities-DE.exe
2013-09-03 18:39 - 2012-09-18 15:26 - 00365568 _____ C:\Windows\system32\ZSHP1020.EXE
2013-09-03 18:39 - 2012-09-18 15:26 - 00169472 _____ C:\Windows\system32\ZLhp1020.DLL
2013-09-03 18:34 - 2006-07-30 19:00 - 00028672 _____ (Zenographics, Inc.) C:\Windows\system32\IMF32.DLL
2013-09-03 18:34 - 2006-07-30 19:00 - 00024576 _____ (Zenographics, Inc.) C:\Windows\system32\ZTAG32.DLL
2013-09-01 08:35 - 2013-09-01 08:35 - 22240760 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox_Setup_23.0.1.exe
2013-08-25 18:13 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-25 18:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-25 18:13 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-25 18:13 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-25 18:12 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-25 18:12 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-25 18:12 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-25 18:12 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-25 18:12 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-25 18:12 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-22 11:32 - 2010-01-31 20:49 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-22 11:32 - 2010-01-31 20:49 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-22 11:30 - 2013-09-22 11:30 - 01089757 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST (2).exe
2013-09-22 11:30 - 2013-09-22 11:29 - 01089757 _____ (Farbar) C:\Users\Gerhard\Desktop\FRST (1).exe
2013-09-22 11:29 - 2013-09-22 11:29 - 01089757 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST.exe
2013-09-22 11:25 - 2012-10-29 17:03 - 00000000 ___RD C:\Users\Gerhard\Dropbox
2013-09-22 11:25 - 2012-10-29 16:46 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Dropbox
2013-09-22 11:23 - 2013-09-09 15:43 - 00875785 _____ C:\Windows\setupact.log
2013-09-22 11:23 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-22 11:22 - 2013-09-11 11:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-22 09:09 - 2010-01-31 20:58 - 01993967 _____ C:\Windows\WindowsUpdate.log
2013-09-22 08:56 - 2013-09-11 18:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-22 08:27 - 2010-08-29 16:20 - 00000000 ___RD C:\Program Files\Skype
2013-09-22 08:25 - 2013-09-22 08:24 - 32966136 _____ (Dropbox, Inc.) C:\Users\Gerhard\Downloads\Dropbox 2.0.26(1).exe
2013-09-22 08:24 - 2013-09-22 08:23 - 32966136 _____ (Dropbox, Inc.) C:\Users\Gerhard\Downloads\Dropbox 2.0.26.exe
2013-09-21 14:09 - 2010-02-11 15:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\FileZilla
2013-09-21 12:51 - 2013-09-21 12:50 - 00000000 ____D C:\Users\Gerhard\Downloads\moodle1
2013-09-21 08:52 - 2010-01-31 20:50 - 00000000 ____D C:\Users\Gerhard
2013-09-21 07:36 - 2013-09-21 07:34 - 40718902 _____ C:\Users\Gerhard\Downloads\moodle-latest-25.zip
2013-09-21 06:41 - 2013-09-21 06:41 - 02347384 _____ (ESET) C:\Users\Gerhard\Downloads\esetsmartinstaller_enu.exe
2013-09-20 22:19 - 2013-09-11 11:50 - 00243742 _____ C:\Windows\PFRO.log
2013-09-20 20:49 - 2010-01-31 21:19 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Microsoft Help
2013-09-20 20:34 - 2011-02-28 12:45 - 00000000 ____D C:\Users\Gerhard\Desktop\für Schulwebseite
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit 
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit 
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit
2013-09-19 20:54 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-19 20:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-19 19:29 - 2013-09-11 08:15 - 00000000 ____D C:\AdwCleaner
2013-09-19 19:27 - 2013-09-19 19:26 - 01039554 _____ C:\Users\Gerhard\Downloads\adwcleaner (1).exe
2013-09-19 19:21 - 2013-09-19 19:21 - 00024708 _____ C:\ComboFix.txt
2013-09-19 19:21 - 2013-09-17 14:35 - 00000000 ____D C:\Qoobox
2013-09-19 19:18 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-19 18:58 - 2013-09-17 14:34 - 00000000 ____D C:\Windows\erdnt
2013-09-18 16:27 - 2013-09-18 16:20 - 00003525 _____ C:\Users\Gerhard\.ganttproject
2013-09-18 16:27 - 2013-09-18 16:14 - 00001523 _____ C:\Users\Gerhard\ganttproject.log
2013-09-18 16:17 - 2013-09-18 16:17 - 00003272 _____ C:\Users\Gerhard\Documents\Tag der  yyyy.gan
2013-09-18 16:14 - 2013-09-18 16:14 - 00001982 _____ C:\Users\Public\Desktop\GanttProject.lnk
2013-09-18 16:14 - 2013-09-18 16:14 - 00000000 ____D C:\Program Files\GanttProject-2.6
2013-09-18 16:13 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473(1).exe
2013-09-18 16:13 - 2013-09-18 16:12 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473.exe
2013-09-18 15:48 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\The Hobbit
2013-09-18 14:25 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-18 12:25 - 2013-09-18 12:25 - 00079360 _____ C:\Users\Gerhard\Downloads\Project_Planning.xls
2013-09-18 12:21 - 2013-09-18 12:21 - 01124243 _____ C:\Users\Gerhard\Downloads\projplan.exe
2013-09-18 12:21 - 2013-09-18 12:21 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\SmartTools
2013-09-18 12:17 - 2013-09-18 12:17 - 00015918 _____ C:\Users\Gerhard\Documents\Projektplan klein.xlsx
2013-09-18 11:26 - 2012-11-01 21:21 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Facebook
2013-09-17 19:27 - 2013-09-17 19:26 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\The Hobbit
2013-09-17 19:25 - 2012-03-10 09:47 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-17 19:19 - 2010-01-31 15:33 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-17 19:18 - 2013-09-17 19:18 - 00002019 _____ C:\Users\Public\Desktop\DER HOBBIT spielen.lnk
2013-09-17 18:23 - 2013-09-17 18:23 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 15:02 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-17 14:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-16 15:32 - 2013-09-16 15:32 - 00042019 _____ C:\Users\Gerhard\Downloads\FRST.txt
2013-09-16 15:32 - 2013-09-16 15:31 - 00025506 _____ C:\Users\Gerhard\Downloads\Addition.txt
2013-09-16 15:30 - 2013-09-16 15:30 - 00000000 ____D C:\FRST
2013-09-16 15:29 - 2013-09-21 08:52 - 01084083 _____ (Farbar) C:\Users\Gerhard\FRST.exe
2013-09-13 06:43 - 2010-01-31 21:05 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 06:42 - 2010-06-15 09:12 - 00000000 ____D C:\Users\Gerhard\.gimp-2.6
2013-09-13 06:35 - 2013-09-13 06:35 - 00003429 _____ C:\Users\Gerhard\.recently-used.xbel
2013-09-13 06:35 - 2010-06-15 09:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\gtk-2.0
2013-09-12 14:58 - 2013-08-19 08:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-09-11 18:29 - 2013-09-11 18:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 18:29 - 2013-09-11 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 18:29 - 2013-08-19 08:08 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-11 18:28 - 2010-04-13 08:12 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Adobe
2013-09-11 18:19 - 2012-04-01 07:13 - 00000000 ____D C:\Program Files\gs
2013-09-11 18:17 - 2012-02-13 21:17 - 00000000 ____D C:\Program Files\NCH Software
2013-09-11 18:12 - 2010-11-17 20:46 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-09-11 18:09 - 2012-02-12 10:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Electronic Arts
2013-09-11 18:09 - 2012-02-12 10:46 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-09-11 18:09 - 2012-02-12 10:27 - 00000000 ____D C:\Program Files\Electronic Arts
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-11 17:36 - 2013-03-25 13:51 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-09-11 14:54 - 2013-09-11 14:54 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT (1).exe
2013-09-11 14:53 - 2013-09-11 14:53 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT.exe
2013-09-11 14:53 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-11 14:41 - 2013-09-11 14:39 - 00008704 ___SH C:\Users\Gerhard\Thumbs.db
2013-09-11 14:17 - 2009-07-14 06:33 - 00437440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 14:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 13:18 - 2013-08-01 14:38 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 13:16 - 2011-12-30 09:41 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 11:50 - 2010-04-13 08:11 - 00000000 ____D C:\Program Files\Google
2013-09-11 11:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 10:51 - 2011-12-18 16:39 - 00001608 _____ C:\Users\Christoph\Desktop\gothic2-artwork_008 - Verknüpfung.lnk
2013-09-11 10:39 - 2012-06-09 15:12 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-11 10:37 - 2013-09-11 10:37 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Gerhard\Downloads\SpyHunter-Installer.exe
2013-09-11 09:29 - 2013-09-11 09:29 - 00001126 _____ C:\Users\Public\Desktop\Opera.lnk
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Program Files\Opera
2013-09-11 09:28 - 2013-09-11 09:27 - 32093736 _____ (Opera Software ASA) C:\Users\Gerhard\Downloads\Opera_16.0.1196.73_Setup.exe
2013-09-11 09:14 - 2010-04-13 08:32 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Google
2013-09-11 09:14 - 2010-04-13 08:11 - 00000000 ____D C:\ProgramData\Google
2013-09-11 08:38 - 2013-09-03 18:58 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-11 08:15 - 2013-09-11 08:15 - 01037278 _____ C:\Users\Gerhard\Downloads\adwcleaner.exe
2013-09-09 16:39 - 2011-09-13 13:51 - 00000000 ____D C:\Windows\pss
2013-09-09 16:31 - 2010-01-31 15:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-09 16:31 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 16:11 - 2013-09-03 19:01 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Freemium
2013-09-09 15:55 - 2013-09-09 15:55 - 00000596 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-09 15:47 - 2013-09-09 15:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Software Updater
2013-09-09 15:43 - 2013-09-09 15:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 15:57 - 2013-09-08 15:57 - 00001104 _____ C:\Users\Gerhard\Desktop\appsmaker OptimalPC.lnk
2013-09-08 10:27 - 2013-02-24 19:59 - 00000000 ____D C:\Users\Gerhard\Documents\Eigene Scans
2013-09-08 10:27 - 2013-02-10 11:36 - 00000000 ____D C:\xampp
2013-09-08 10:27 - 2013-01-02 14:54 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\.minecraft
2013-09-08 10:27 - 2012-12-08 19:18 - 00000000 ____D C:\Users\Sandra\AppData\Local\LogMeIn Hamachi
2013-09-08 10:27 - 2012-11-28 17:18 - 00000000 ____D C:\Users\Christoph\AppData\Local\LogMeIn Hamachi
2013-09-08 10:27 - 2012-11-28 15:02 - 00000000 ____D C:\Users\Gerhard\Downloads\Minecraft Server
2013-09-08 10:27 - 2012-05-01 15:54 - 00000000 ____D C:\Users\Sandra\Documents\Samsung Galaxy Mini
2013-09-08 10:27 - 2012-04-29 16:23 - 00000000 ____D C:\Users\Christoph\Documents\Galaxy S2
2013-09-08 10:27 - 2012-01-31 16:58 - 00000000 ____D C:\Users\Christoph\Documents\DVDVideoSoft
2013-09-08 10:27 - 2011-07-02 20:05 - 00000000 ____D C:\Program Files\Palm
2013-09-08 10:27 - 2010-11-30 19:49 - 00000000 ____D C:\Users\Gerhard\Documents\Add-in Express
2013-09-08 10:27 - 2010-01-31 20:45 - 00000000 ____D C:\Windows\Panther
2013-09-08 10:27 - 2010-01-31 14:55 - 00000000 ____D C:\Users\Gerhard\AppData\Local\VirtualStore
2013-09-08 10:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Msdtc
2013-09-08 07:26 - 2013-09-08 07:26 - 00001144 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-08 07:26 - 2013-02-07 08:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-03 19:09 - 2010-12-01 20:32 - 00000000 ____D C:\Windows\Minidump
2013-09-03 18:58 - 2013-09-03 18:58 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-09-03 18:55 - 2013-09-03 18:55 - 00444408 _____ C:\Users\Gerhard\Downloads\free-system-utilities-DE.exe
2013-09-01 08:35 - 2013-09-01 08:35 - 22240760 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox_Setup_23.0.1.exe
2013-08-30 09:48 - 2013-09-11 14:53 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-11 14:53 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2012-12-26 08:37 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2012-06-14 07:12 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2011-02-03 21:38 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 09:47 - 2010-02-01 14:55 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-24 18:36 - 2010-02-01 14:56 - 00002085 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-24 18:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-08-24 18:32 - 2010-04-13 08:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-24 18:32 - 2010-04-13 08:14 - 00000000 ____D C:\Program Files\Adobe
2013-08-24 18:32 - 2010-02-11 18:48 - 00000000 ____D C:\Users\Sandra
2013-08-24 18:32 - 2010-02-01 20:20 - 00000000 ____D C:\Users\Christoph
2013-08-24 18:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-08-24 18:29 - 2010-01-31 16:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Adobe

Files to move or delete:
====================
C:\Users\Gerhard\FRST.exe
C:\Users\Gerhard\nitro_pdf_professional6_de.exe
C:\Users\Public\[freeware.de]Core-Temp-setup.exe


Some content of TEMP:
====================
C:\Users\Gerhard\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntf16.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntf32.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntfNT.dll
C:\Users\Sandra\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Sandra\AppData\Local\Temp\SIntf16.dll
C:\Users\Sandra\AppData\Local\Temp\SIntf32.dll
C:\Users\Sandra\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 09:19

==================== End Of Log ============================
--- --- ---
Alt 22.09.2013, 14:22   #13
Bootsektor
Ruhe in Frieden
† 2019
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hallo ghackl,
es sieht so aus, als hättest Du meinen zweiten Schritt nicht ausgeführt, mache dies bitte, poste mir davon unbedingt auch das FixLog und danach brauche ich nochmal ein neues Log von FRST. Danke.

Alt 22.09.2013, 17:42   #14
ghackl
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Ok, ich denke jetzt habe ich es.

fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-09-2013
Ran by Gerhard at 2013-09-22 18:41:12 Run:1
Running from C:\Users\Gerhard\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SSearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=12180030673B53CE&affID=121240&tsp=5002
SearchScopes: HKCU - {2106394C-51CA-44D0-8605-33CABCB2F0FA} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {32882D0E-3D83-453C-9A27-040D73F4C672} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {5526EAEE-2E41-42FE-B997-C268A3D3C840} URL = hxxp://at.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F61742E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D39333738313126703D7B7365617263685465726D737D&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {58E9CEE7-94AA-4E1F-B12F-33B83D06FC72} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6995AFC5-C518-4CE0-8337-15E96A030491} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937414452415F6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {99F93A0D-98C3-4FF9-8564-34D1BD090F74} URL = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435432323639303530&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
SearchScopes: HKCU - {CF4DFCC6-8A1C-41CA-B6EC-FFA355D191C8} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {E1418032-0EE4-454A-8419-60680FD2DA78} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {F335605E-9705-4F57-84D7-89DA79B85F97} URL = hxxp://search.softonic.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E736F66746F6E69632E636F6D2F4D4F4E30303031352F74625F76313F713D7B7365617263685465726D737D26536561726368536F757263653D342663633D26723D393834&st={searchTerms}&clid=cd46b9e0-beab-4504-97b7-7f4a31ea8960&pid=ccleanerde&k=0
         
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2106394C-51CA-44D0-8605-33CABCB2F0FA} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2106394C-51CA-44D0-8605-33CABCB2F0FA} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32882D0E-3D83-453C-9A27-040D73F4C672} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{32882D0E-3D83-453C-9A27-040D73F4C672} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5526EAEE-2E41-42FE-B997-C268A3D3C840} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5526EAEE-2E41-42FE-B997-C268A3D3C840} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{58E9CEE7-94AA-4E1F-B12F-33B83D06FC72} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{58E9CEE7-94AA-4E1F-B12F-33B83D06FC72} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6995AFC5-C518-4CE0-8337-15E96A030491} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6995AFC5-C518-4CE0-8337-15E96A030491} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{99F93A0D-98C3-4FF9-8564-34D1BD090F74} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{99F93A0D-98C3-4FF9-8564-34D1BD090F74} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF4DFCC6-8A1C-41CA-B6EC-FFA355D191C8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CF4DFCC6-8A1C-41CA-B6EC-FFA355D191C8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1418032-0EE4-454A-8419-60680FD2DA78} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E1418032-0EE4-454A-8419-60680FD2DA78} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F335605E-9705-4F57-84D7-89DA79B85F97} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F335605E-9705-4F57-84D7-89DA79B85F97} => Key not found.

==== End of Fixlog ====
und log vom scan

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-09-2013
Ran by Gerhard (administrator) on ASTERIX on 22-09-2013 18:41:31
Running from C:\Users\Gerhard\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Dropbox, Inc.) C:\Users\Gerhard\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
() C:\Program Files\Opera\16.0.1196.73\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Opera Software) C:\Program Files\Opera\16.0.1196.73\opera.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Gerhard\Desktop\FRST (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Christoph\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Christoph\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\Christoph\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe -update plugin
HKU\Christoph\...\Policies\system: [LogonHoursAction] 2
HKU\Christoph\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Sandra\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Sandra\...\Policies\system: [LogonHoursAction] 2
HKU\Sandra\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gerhard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM -  No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426
FF user.js: detected! => C:\Users\Gerhard\AppData\Roaming\Mozilla\Firefox\Profiles\zllinfs2.default-1378904439426\user.js
FF Homepage: https://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gerhard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 dgdersvc; C:\Windows\system32\dgdersvc.exe [95568 2009-12-22] (Devguru Co., Ltd.)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [108032 2013-08-09] (Microsoft Corporation)
S4 AMOptimalDiskService; C:\Program Files\Common Files\OptimalSuite Common\AMDSrv.exe [x]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [x]
S4 SpeedBoosterSvc; C:\Program Files\Common Files\OptimalSuite Common\BoostService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
S3 Cardex; C:\Windows\system32\drivers\TBPANEL.SYS [12256 2007-03-16] (Windows (R) 2000 DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 Edspport; C:\Windows\System32\DRIVERS\es56tpi.sys [450892 2001-10-19] (Creative Labs,Inc.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2009-12-22] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 mbmiodrvr; C:\Windows\system32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 TBPanel; C:\Windows\System32\Drivers\TBPanel.sys [12256 2007-03-16] (Windows (R) 2000 DDK provider)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Gerhard\AppData\Local\Temp\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-22 11:30 - 2013-09-22 11:30 - 01089757 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST (2).exe
2013-09-22 11:29 - 2013-09-22 11:30 - 01089757 _____ (Farbar) C:\Users\Gerhard\Desktop\FRST (1).exe
2013-09-22 11:29 - 2013-09-22 11:29 - 01089757 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST.exe
2013-09-22 08:24 - 2013-09-22 08:25 - 32966136 _____ (Dropbox, Inc.) C:\Users\Gerhard\Downloads\Dropbox 2.0.26(1).exe
2013-09-22 08:23 - 2013-09-22 08:24 - 32966136 _____ (Dropbox, Inc.) C:\Users\Gerhard\Downloads\Dropbox 2.0.26.exe
2013-09-21 12:50 - 2013-09-21 12:51 - 00000000 ____D C:\Users\Gerhard\Downloads\moodle1
2013-09-21 08:52 - 2013-09-16 15:29 - 01084083 _____ (Farbar) C:\Users\Gerhard\FRST.exe
2013-09-21 08:47 - 2013-05-21 17:05 - 00000000 ____D C:\Users\Gerhard\Downloads\moodle
2013-09-21 07:34 - 2013-09-21 07:36 - 40718902 _____ C:\Users\Gerhard\Downloads\moodle-latest-25.zip
2013-09-21 06:41 - 2013-09-21 06:41 - 02347384 _____ (ESET) C:\Users\Gerhard\Downloads\esetsmartinstaller_enu.exe
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit 
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit 
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit
2013-09-19 19:26 - 2013-09-19 19:27 - 01039554 _____ C:\Users\Gerhard\Downloads\adwcleaner (1).exe
2013-09-19 19:21 - 2013-09-19 19:21 - 00024708 _____ C:\ComboFix.txt
2013-09-19 18:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-18 16:20 - 2013-09-18 16:27 - 00003525 _____ C:\Users\Gerhard\.ganttproject
2013-09-18 16:17 - 2013-09-18 16:17 - 00003272 _____ C:\Users\Gerhard\Documents\Tag der  yyyy.gan
2013-09-18 16:14 - 2013-09-18 16:27 - 00001523 _____ C:\Users\Gerhard\ganttproject.log
2013-09-18 16:14 - 2013-09-18 16:14 - 00001982 _____ C:\Users\Public\Desktop\GanttProject.lnk
2013-09-18 16:14 - 2013-09-18 16:14 - 00000000 ____D C:\Program Files\GanttProject-2.6
2013-09-18 16:13 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473(1).exe
2013-09-18 16:12 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473.exe
2013-09-18 14:25 - 2013-09-18 15:48 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\The Hobbit
2013-09-18 14:25 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-18 12:25 - 2013-09-18 12:25 - 00079360 _____ C:\Users\Gerhard\Downloads\Project_Planning.xls
2013-09-18 12:21 - 2013-09-18 12:21 - 01124243 _____ C:\Users\Gerhard\Downloads\projplan.exe
2013-09-18 12:21 - 2013-09-18 12:21 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\SmartTools
2013-09-18 12:17 - 2013-09-18 12:17 - 00015918 _____ C:\Users\Gerhard\Documents\Projektplan klein.xlsx
2013-09-17 19:26 - 2013-09-17 19:27 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\The Hobbit
2013-09-17 19:18 - 2013-09-17 19:18 - 00002019 _____ C:\Users\Public\Desktop\DER HOBBIT spielen.lnk
2013-09-17 18:23 - 2013-09-17 18:23 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 14:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-17 14:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-17 14:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-17 14:35 - 2013-09-19 19:21 - 00000000 ____D C:\Qoobox
2013-09-17 14:34 - 2013-09-19 18:58 - 00000000 ____D C:\Windows\erdnt
2013-09-16 15:32 - 2013-09-16 15:32 - 00042019 _____ C:\Users\Gerhard\Downloads\FRST.txt
2013-09-16 15:31 - 2013-09-16 15:32 - 00025506 _____ C:\Users\Gerhard\Downloads\Addition.txt
2013-09-16 15:30 - 2013-09-16 15:30 - 00000000 ____D C:\FRST
2013-09-13 06:35 - 2013-09-13 06:35 - 00003429 _____ C:\Users\Gerhard\.recently-used.xbel
2013-09-11 18:29 - 2013-09-22 16:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 18:29 - 2013-09-11 18:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 18:29 - 2013-09-11 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-11 14:54 - 2013-09-11 14:54 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT (1).exe
2013-09-11 14:53 - 2013-09-11 14:53 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT.exe
2013-09-11 14:53 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-11 14:53 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-11 14:39 - 2013-09-11 14:41 - 00008704 ___SH C:\Users\Gerhard\Thumbs.db
2013-09-11 13:19 - 2013-08-07 06:30 - 02724352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 13:19 - 2013-08-07 06:10 - 16981504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 13:19 - 2013-08-07 05:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 13:19 - 2013-08-07 05:47 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 13:19 - 2013-08-07 04:54 - 04247040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 13:19 - 2013-08-07 04:28 - 11087360 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 13:19 - 2013-08-07 03:50 - 01788928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 13:19 - 2013-08-07 03:49 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 11:50 - 2013-09-20 22:19 - 00243742 _____ C:\Windows\PFRO.log
2013-09-11 11:12 - 2013-09-22 11:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 10:37 - 2013-09-11 10:37 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Gerhard\Downloads\SpyHunter-Installer.exe
2013-09-11 09:29 - 2013-09-11 09:29 - 00001126 _____ C:\Users\Public\Desktop\Opera.lnk
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Program Files\Opera
2013-09-11 09:27 - 2013-09-11 09:28 - 32093736 _____ (Opera Software ASA) C:\Users\Gerhard\Downloads\Opera_16.0.1196.73_Setup.exe
2013-09-11 09:03 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:03 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:03 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:03 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:03 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:03 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:03 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:03 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:03 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:15 - 2013-09-19 19:29 - 00000000 ____D C:\AdwCleaner
2013-09-11 08:15 - 2013-09-11 08:15 - 01037278 _____ C:\Users\Gerhard\Downloads\adwcleaner.exe
2013-09-09 15:55 - 2013-09-09 15:55 - 00000596 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-09 15:47 - 2013-09-09 15:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Software Updater
2013-09-09 15:43 - 2013-09-22 17:56 - 00944863 _____ C:\Windows\setupact.log
2013-09-09 15:43 - 2013-09-09 15:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 15:57 - 2013-09-08 15:57 - 00001104 _____ C:\Users\Gerhard\Desktop\appsmaker OptimalPC.lnk
2013-09-08 07:26 - 2013-09-08 07:26 - 00001144 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-03 19:01 - 2013-09-09 16:11 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Freemium
2013-09-03 18:59 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-09-03 18:58 - 2013-09-11 08:38 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-03 18:58 - 2013-09-03 18:58 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-09-03 18:55 - 2013-09-03 18:55 - 00444408 _____ C:\Users\Gerhard\Downloads\free-system-utilities-DE.exe
2013-09-03 18:39 - 2012-09-18 15:26 - 00365568 _____ C:\Windows\system32\ZSHP1020.EXE
2013-09-03 18:39 - 2012-09-18 15:26 - 00169472 _____ C:\Windows\system32\ZLhp1020.DLL
2013-09-03 18:34 - 2006-07-30 19:00 - 00028672 _____ (Zenographics, Inc.) C:\Windows\system32\IMF32.DLL
2013-09-03 18:34 - 2006-07-30 19:00 - 00024576 _____ (Zenographics, Inc.) C:\Windows\system32\ZTAG32.DLL
2013-09-01 08:35 - 2013-09-01 08:35 - 22240760 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox_Setup_23.0.1.exe
2013-08-25 18:13 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-25 18:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-25 18:13 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-25 18:13 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-25 18:13 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-25 18:12 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-25 18:12 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-25 18:12 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-25 18:12 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-25 18:12 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-25 18:12 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-22 18:28 - 2012-10-29 17:03 - 00000000 ___RD C:\Users\Gerhard\Dropbox
2013-09-22 18:28 - 2012-10-29 16:46 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Dropbox
2013-09-22 18:04 - 2010-01-31 20:49 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-22 18:04 - 2010-01-31 20:49 - 00010048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-22 17:56 - 2013-09-09 15:43 - 00944863 _____ C:\Windows\setupact.log
2013-09-22 17:56 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-22 17:53 - 2010-01-31 20:58 - 02005623 _____ C:\Windows\WindowsUpdate.log
2013-09-22 16:56 - 2013-09-11 18:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-22 11:30 - 2013-09-22 11:30 - 01089757 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST (2).exe
2013-09-22 11:30 - 2013-09-22 11:29 - 01089757 _____ (Farbar) C:\Users\Gerhard\Desktop\FRST (1).exe
2013-09-22 11:29 - 2013-09-22 11:29 - 01089757 _____ (Farbar) C:\Users\Gerhard\Downloads\FRST.exe
2013-09-22 11:22 - 2013-09-11 11:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-22 08:27 - 2010-08-29 16:20 - 00000000 ___RD C:\Program Files\Skype
2013-09-22 08:25 - 2013-09-22 08:24 - 32966136 _____ (Dropbox, Inc.) C:\Users\Gerhard\Downloads\Dropbox 2.0.26(1).exe
2013-09-22 08:24 - 2013-09-22 08:23 - 32966136 _____ (Dropbox, Inc.) C:\Users\Gerhard\Downloads\Dropbox 2.0.26.exe
2013-09-21 14:09 - 2010-02-11 15:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\FileZilla
2013-09-21 12:51 - 2013-09-21 12:50 - 00000000 ____D C:\Users\Gerhard\Downloads\moodle1
2013-09-21 08:52 - 2010-01-31 20:50 - 00000000 ____D C:\Users\Gerhard
2013-09-21 07:36 - 2013-09-21 07:34 - 40718902 _____ C:\Users\Gerhard\Downloads\moodle-latest-25.zip
2013-09-21 06:41 - 2013-09-21 06:41 - 02347384 _____ (ESET) C:\Users\Gerhard\Downloads\esetsmartinstaller_enu.exe
2013-09-20 22:19 - 2013-09-11 11:50 - 00243742 _____ C:\Windows\PFRO.log
2013-09-20 20:49 - 2010-01-31 21:19 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Microsoft Help
2013-09-20 20:34 - 2011-02-28 12:45 - 00000000 ____D C:\Users\Gerhard\Desktop\für Schulwebseite
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit 
2013-09-20 15:28 - 2013-09-20 15:28 - 00000000 ____D C:\Users\Gerhard\Documents\Der Hobbit
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit 
2013-09-20 13:54 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Sandra\Documents\Der Hobbit
2013-09-19 20:54 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-19 20:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-19 19:29 - 2013-09-11 08:15 - 00000000 ____D C:\AdwCleaner
2013-09-19 19:27 - 2013-09-19 19:26 - 01039554 _____ C:\Users\Gerhard\Downloads\adwcleaner (1).exe
2013-09-19 19:21 - 2013-09-19 19:21 - 00024708 _____ C:\ComboFix.txt
2013-09-19 19:21 - 2013-09-17 14:35 - 00000000 ____D C:\Qoobox
2013-09-19 19:18 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-19 18:58 - 2013-09-17 14:34 - 00000000 ____D C:\Windows\erdnt
2013-09-18 16:27 - 2013-09-18 16:20 - 00003525 _____ C:\Users\Gerhard\.ganttproject
2013-09-18 16:27 - 2013-09-18 16:14 - 00001523 _____ C:\Users\Gerhard\ganttproject.log
2013-09-18 16:17 - 2013-09-18 16:17 - 00003272 _____ C:\Users\Gerhard\Documents\Tag der  yyyy.gan
2013-09-18 16:14 - 2013-09-18 16:14 - 00001982 _____ C:\Users\Public\Desktop\GanttProject.lnk
2013-09-18 16:14 - 2013-09-18 16:14 - 00000000 ____D C:\Program Files\GanttProject-2.6
2013-09-18 16:13 - 2013-09-18 16:13 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473(1).exe
2013-09-18 16:13 - 2013-09-18 16:12 - 13776779 _____ C:\Users\Gerhard\Downloads\ganttproject-2.6-r1473.exe
2013-09-18 15:48 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\The Hobbit
2013-09-18 14:25 - 2013-09-18 14:25 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-18 12:25 - 2013-09-18 12:25 - 00079360 _____ C:\Users\Gerhard\Downloads\Project_Planning.xls
2013-09-18 12:21 - 2013-09-18 12:21 - 01124243 _____ C:\Users\Gerhard\Downloads\projplan.exe
2013-09-18 12:21 - 2013-09-18 12:21 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\SmartTools
2013-09-18 12:17 - 2013-09-18 12:17 - 00015918 _____ C:\Users\Gerhard\Documents\Projektplan klein.xlsx
2013-09-18 11:26 - 2012-11-01 21:21 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Facebook
2013-09-17 19:27 - 2013-09-17 19:26 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\The Hobbit
2013-09-17 19:25 - 2012-03-10 09:47 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-17 19:19 - 2010-01-31 15:33 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-17 19:18 - 2013-09-17 19:18 - 00002019 _____ C:\Users\Public\Desktop\DER HOBBIT spielen.lnk
2013-09-17 18:23 - 2013-09-17 18:23 - 00000000 ____D C:\Program Files\Sierra
2013-09-17 15:02 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-17 14:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-16 15:32 - 2013-09-16 15:32 - 00042019 _____ C:\Users\Gerhard\Downloads\FRST.txt
2013-09-16 15:32 - 2013-09-16 15:31 - 00025506 _____ C:\Users\Gerhard\Downloads\Addition.txt
2013-09-16 15:30 - 2013-09-16 15:30 - 00000000 ____D C:\FRST
2013-09-16 15:29 - 2013-09-21 08:52 - 01084083 _____ (Farbar) C:\Users\Gerhard\FRST.exe
2013-09-13 06:43 - 2010-01-31 21:05 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 06:42 - 2010-06-15 09:12 - 00000000 ____D C:\Users\Gerhard\.gimp-2.6
2013-09-13 06:35 - 2013-09-13 06:35 - 00003429 _____ C:\Users\Gerhard\.recently-used.xbel
2013-09-13 06:35 - 2010-06-15 09:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\gtk-2.0
2013-09-12 14:58 - 2013-08-19 08:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-09-11 18:29 - 2013-09-11 18:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 18:29 - 2013-09-11 18:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 18:29 - 2013-08-19 08:08 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-11 18:28 - 2010-04-13 08:12 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Adobe
2013-09-11 18:19 - 2012-04-01 07:13 - 00000000 ____D C:\Program Files\gs
2013-09-11 18:17 - 2012-02-13 21:17 - 00000000 ____D C:\Program Files\NCH Software
2013-09-11 18:12 - 2010-11-17 20:46 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-09-11 18:09 - 2012-02-12 10:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Electronic Arts
2013-09-11 18:09 - 2012-02-12 10:46 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-09-11 18:09 - 2012-02-12 10:27 - 00000000 ____D C:\Program Files\Electronic Arts
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\searchplugins
2013-09-11 18:05 - 2013-09-11 18:05 - 00000000 ____D C:\Windows\system32\Extensions
2013-09-11 17:36 - 2013-03-25 13:51 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-09-11 14:54 - 2013-09-11 14:54 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT (1).exe
2013-09-11 14:53 - 2013-09-11 14:53 - 01029490 _____ (Thisisu) C:\Users\Gerhard\Downloads\JRT.exe
2013-09-11 14:53 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-11 14:41 - 2013-09-11 14:39 - 00008704 ___SH C:\Users\Gerhard\Thumbs.db
2013-09-11 14:17 - 2009-07-14 06:33 - 00437440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 14:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 13:18 - 2013-08-01 14:38 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 13:16 - 2011-12-30 09:41 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 11:50 - 2010-04-13 08:11 - 00000000 ____D C:\Program Files\Google
2013-09-11 11:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Malwarebytes
2013-09-11 11:12 - 2013-09-11 11:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 10:51 - 2011-12-18 16:39 - 00001608 _____ C:\Users\Christoph\Desktop\gothic2-artwork_008 - Verknüpfung.lnk
2013-09-11 10:39 - 2012-06-09 15:12 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-09-11 10:37 - 2013-09-11 10:37 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Gerhard\Downloads\SpyHunter-Installer.exe
2013-09-11 09:29 - 2013-09-11 09:29 - 00001126 _____ C:\Users\Public\Desktop\Opera.lnk
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Opera Software
2013-09-11 09:29 - 2013-09-11 09:29 - 00000000 ____D C:\Program Files\Opera
2013-09-11 09:28 - 2013-09-11 09:27 - 32093736 _____ (Opera Software ASA) C:\Users\Gerhard\Downloads\Opera_16.0.1196.73_Setup.exe
2013-09-11 09:14 - 2010-04-13 08:32 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Google
2013-09-11 09:14 - 2010-04-13 08:11 - 00000000 ____D C:\ProgramData\Google
2013-09-11 08:38 - 2013-09-03 18:58 - 00000000 ____D C:\Program Files\Covus Freemium
2013-09-11 08:15 - 2013-09-11 08:15 - 01037278 _____ C:\Users\Gerhard\Downloads\adwcleaner.exe
2013-09-09 16:39 - 2011-09-13 13:51 - 00000000 ____D C:\Windows\pss
2013-09-09 16:31 - 2010-01-31 15:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-09 16:31 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 16:11 - 2013-09-03 19:01 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Freemium
2013-09-09 15:55 - 2013-09-09 15:55 - 00000596 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-09-09 15:47 - 2013-09-09 15:47 - 00000000 ____D C:\Users\Gerhard\AppData\Local\Software Updater
2013-09-09 15:43 - 2013-09-09 15:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-08 15:57 - 2013-09-08 15:57 - 00001104 _____ C:\Users\Gerhard\Desktop\appsmaker OptimalPC.lnk
2013-09-08 10:27 - 2013-02-24 19:59 - 00000000 ____D C:\Users\Gerhard\Documents\Eigene Scans
2013-09-08 10:27 - 2013-02-10 11:36 - 00000000 ____D C:\xampp
2013-09-08 10:27 - 2013-01-02 14:54 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\.minecraft
2013-09-08 10:27 - 2012-12-08 19:18 - 00000000 ____D C:\Users\Sandra\AppData\Local\LogMeIn Hamachi
2013-09-08 10:27 - 2012-11-28 17:18 - 00000000 ____D C:\Users\Christoph\AppData\Local\LogMeIn Hamachi
2013-09-08 10:27 - 2012-11-28 15:02 - 00000000 ____D C:\Users\Gerhard\Downloads\Minecraft Server
2013-09-08 10:27 - 2012-05-01 15:54 - 00000000 ____D C:\Users\Sandra\Documents\Samsung Galaxy Mini
2013-09-08 10:27 - 2012-04-29 16:23 - 00000000 ____D C:\Users\Christoph\Documents\Galaxy S2
2013-09-08 10:27 - 2012-01-31 16:58 - 00000000 ____D C:\Users\Christoph\Documents\DVDVideoSoft
2013-09-08 10:27 - 2011-07-02 20:05 - 00000000 ____D C:\Program Files\Palm
2013-09-08 10:27 - 2010-11-30 19:49 - 00000000 ____D C:\Users\Gerhard\Documents\Add-in Express
2013-09-08 10:27 - 2010-01-31 20:45 - 00000000 ____D C:\Windows\Panther
2013-09-08 10:27 - 2010-01-31 14:55 - 00000000 ____D C:\Users\Gerhard\AppData\Local\VirtualStore
2013-09-08 10:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Msdtc
2013-09-08 07:26 - 2013-09-08 07:26 - 00001144 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-08 07:26 - 2013-02-07 08:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-03 19:09 - 2010-12-01 20:32 - 00000000 ____D C:\Windows\Minidump
2013-09-03 18:58 - 2013-09-03 18:58 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-09-03 18:55 - 2013-09-03 18:55 - 00444408 _____ C:\Users\Gerhard\Downloads\free-system-utilities-DE.exe
2013-09-01 08:35 - 2013-09-01 08:35 - 22240760 _____ (Mozilla) C:\Users\Gerhard\Downloads\Firefox_Setup_23.0.1.exe
2013-08-30 09:48 - 2013-09-11 14:53 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-11 14:53 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2012-12-26 08:37 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2012-06-14 07:12 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2010-02-01 14:56 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2011-02-03 21:38 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 09:47 - 2010-02-01 14:55 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-24 18:36 - 2010-02-01 14:56 - 00002085 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-24 18:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-08-24 18:32 - 2010-04-13 08:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-24 18:32 - 2010-04-13 08:14 - 00000000 ____D C:\Program Files\Adobe
2013-08-24 18:32 - 2010-02-11 18:48 - 00000000 ____D C:\Users\Sandra
2013-08-24 18:32 - 2010-02-01 20:20 - 00000000 ____D C:\Users\Christoph
2013-08-24 18:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-08-24 18:29 - 2010-01-31 16:18 - 00000000 ____D C:\Users\Gerhard\AppData\Roaming\Adobe

Files to move or delete:
====================
C:\Users\Gerhard\FRST.exe
C:\Users\Gerhard\nitro_pdf_professional6_de.exe
C:\Users\Public\[freeware.de]Core-Temp-setup.exe


Some content of TEMP:
====================
C:\Users\Gerhard\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntf16.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntf32.dll
C:\Users\Gerhard\AppData\Local\Temp\SIntfNT.dll
C:\Users\Sandra\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Sandra\AppData\Local\Temp\SIntf16.dll
C:\Users\Sandra\AppData\Local\Temp\SIntf32.dll
C:\Users\Sandra\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 09:19

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Danke!

Alt 23.09.2013, 10:35   #15
Bootsektor
Ruhe in Frieden
† 2019
 
Werde MonsterMarketplace nicht los. - Standard

Werde MonsterMarketplace nicht los.


Hallo ghackl,
super! Und da das so gut geklappt hat, machen wir nochmal einen Fix

Schritt 1
Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL =
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Schritt 2
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
Antwort
Seite 1 von 2 1 2

Themen zu Werde MonsterMarketplace nicht los.
32 bit, anwendungen, dankbar, explorer, installier, installiert, interne, internet, internet explorer, internet explorer 11, monstermarketplace.com, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.ibryte, pup.optional.optimizerpro.a, software, windows, windows 7, windows 7 32 bit


« Ultrabook einige infizierte Objekte | Windows 7: Ist mein TCP-Verbindungs Wert zu hoch? Hab ich einen Virus? »


Ähnliche Themen: Werde MonsterMarketplace nicht los.


  1. Monstermarketplace / deltatoolbar
    Log-Analyse und Auswertung - 23.10.2013 (20)
  2. Problem mit Trojaner Monstermarketplace
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (27)
  3. MonsterMarketplace.com in Browser
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (35)
  4. kann Monstermarketplace nicht löschen
    Log-Analyse und Auswertung - 15.10.2013 (9)
  5. habe Probleme mit MonsterMarketplace.com
    Plagegeister aller Art und deren Bekämpfung - 11.10.2013 (9)
  6. MonsterMarketplace.com-Fenster poppt auf!
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (14)
  7. MonsterMarketplace lässt sich nicht entfernen.
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (5)
  8. Direktlinks auf Internetseiten von Monstermarketplace (Trojaner?)
    Log-Analyse und Auswertung - 25.09.2013 (3)
  9. Windows XP bootet, Programme starten nicht (MonsterMarketPlace.com)
    Plagegeister aller Art und deren Bekämpfung - 15.09.2013 (27)
  10. Win7 : Monstermarketplace-Weiterleitung in websites
    Log-Analyse und Auswertung - 11.09.2013 (9)
  11. Win7 - Monstermarketplace Umleitung
    Log-Analyse und Auswertung - 11.09.2013 (7)
  12. Monstermarketplace.com - Grüne Wörter mit Verlinkungen Monstermarketplace.com - Grüne Wörter mit Verlinkungen
    Log-Analyse und Auswertung - 06.09.2013 (16)
  13. Problem mit MonsterMarketPlace
    Plagegeister aller Art und deren Bekämpfung - 27.08.2013 (3)
  14. Monstermarketplace.com - Grüne Wörter mit Verlinkungen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (3)
  15. Monstermarketplace
    Log-Analyse und Auswertung - 15.08.2013 (9)
  16. Monstermarketplace.com: Google Chrome Problem!
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (19)
  17. Webcake und Monstermarketplace Befall
    Log-Analyse und Auswertung - 04.08.2013 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Werde MonsterMarketplace nicht los. - Hallo! Ich bin neu hier. Vielleicht kann mir jemand bei meinem Problem helfen. Ich verwende Windows 7 32 bit, Internet Explorer 11 und Firefox 23. Meine Kinderlein haben ein wenig - Werde MonsterMarketplace nicht los....
Archiv
Du betrachtest: Werde MonsterMarketplace nicht los. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55