Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 10.10.2013, 20:52   #1
lisithek
 
Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups - Standard

Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups



Hallo,

Mein Computer macht mir in letzter Zeit vermehr Probleme. Er braucht beim Hochfahren extrem lang, arbeitet ständig im Hintergrund und ich habe plötzlich sehr viele Popupfenster.

Ich habe mal Malwarebytes drüber laufen lassen und das Programm ist auf 3 infizierte Dateien. Könnt ihr mir bitte helfen?

Liebe Grüße

Lisi

Hier die entsprechende logfiles:

Malwarebytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4738

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.10.2010 12:23:30
mbam-log-2010-10-04 (12-23-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 311611
Laufzeit: 1 Stunde(n), 18 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\Lisi\AppData\Roaming\Winbooterr (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Users\Lisi\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
         
frst:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Lisi (administrator) on LISI-PC on 10-10-2013 21:10:13
Running from C:\Users\Lisi\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks) C:\Program Files\Dell DataSafe Local Backup\sftservice.exe
() C:\Program Files\Tor\tor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Lisi\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
(Dropbox, Inc.) C:\Users\Lisi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Lisi\Downloads\Defogger.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-11-04] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\ssmmgr.exe [688128 2011-07-06] ()
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_CURRENT_USER\Software\SearchProtect /f
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [SDP] - C:\Users\Lisi\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto 
HKCU\...\Run: [AppsHat] - C:\Users\Lisi\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] ()
HKCU\...\Runonce: [SpUninstallDeleteDir] - rmdir /s /q "C:\Users\Lisi\AppData\Roaming\SearchProtect"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=7C9B00265E229D7A&affID=125036&tl=4-8873-8580-170000001458206887-3576639764-1380648019-1383240019&tsp=5028
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7C9B00265E229D7A&affID=125036&tl=4-8873-8580-170000001458206887-3576639764-1380648019-1383240019&tsp=5028
SearchScopes: HKCU - {25A054D3-5A42-4E49-BAC5-5E52EEDF4812} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {998E1B5F-7737-4D44-B8D8-52D017C37939} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647&CUI=UN14568099452952924&UM=2
SearchScopes: HKCU - {9B133256-7713-42C0-B5F9-9E4C38DF013F} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.186.211.21 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default
FF user.js: detected! => C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\user.js
FF DefaultSearchEngine: Veoh Web Player Customized Web Search
FF SelectedSearchEngine: Veoh Web Player Customized Web Search
FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=7C9B00265E229D7A&affID=125036&tl=4-8873-8580-170000001458206887-3576639764-1380648019-1383240019&tsp=5028
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\blackle-deutschland.xml
FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\google-sterreich.xml
FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\searchgol.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Movie2kDownloader - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\movie2kdownloader@movie2kdownloader.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Google Toolbar for Firefox - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: AppsHat - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
FF Extension: WOT - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: FireFTP - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF Extension: uTorrentBar_DE  - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
FF Extension: movie2kdownloader - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi
FF Extension: support - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\support@wolfram.com.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [{b011b92d-cb28-4d63-9cb1-d844192476e0}] - C:\Program Files\a2zlyr\132.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.gym-gleisdorf.ac.at/
CHR RestoreOnStartup: "hxxp://www.gym-gleisdorf.ac.at/index.php"
CHR Plugin: (Shockwave Flash) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WOT) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0
CHR Extension: (YouTube) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Adblock Plus) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0
CHR Extension: (Google Search) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (DVDVideoSoft) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (ScriptSafe) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.16_0
CHR Extension: (Gmail) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx
CHR HKLM\...\Chrome\Extension: [ciljpgjahkpnilhbolpaphfjhlejnplm] - C:\Program Files\a2zlyr\132.crx
CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Lisi\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-12-08] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
S2 gupdate1ca8d7850e80a72; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-04] (Google Inc.)
R2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.exe [658656 2010-03-04] (SoftThinks)
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-03] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-03-04] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-25] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-03-04] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [77528 2013-09-03] (MalwareBytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-10] (Malwarebytes Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-09-11] (Samsung Electronics)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34016 2013-01-10] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Lisi\AppData\Local\Temp\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
S0 TfSysMon; system32\drivers\TfSysMon.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-10 21:09 - 2013-10-10 21:09 - 01087213 _____ (Farbar) C:\Users\Lisi\Downloads\FRST.exe
2013-10-10 21:08 - 2013-10-10 21:09 - 00000470 _____ C:\Users\Lisi\Downloads\defogger_disable.log
2013-10-10 21:08 - 2013-10-10 21:08 - 00050477 _____ C:\Users\Lisi\Downloads\Defogger.exe
2013-10-10 21:08 - 2013-10-10 21:08 - 00000000 _____ C:\Users\Lisi\defogger_reenable
2013-10-10 18:50 - 2013-10-10 18:53 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-10 18:50 - 2013-10-10 18:50 - 00001065 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-10 18:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\TuneUp Software
2013-10-07 19:06 - 2013-10-07 19:08 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-10-07 19:06 - 2013-10-07 19:06 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-07 19:05 - 2013-10-07 19:05 - 00002174 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-10-07 19:04 - 2013-10-07 19:05 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft
2013-10-07 19:04 - 2013-10-07 19:04 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\OpenCandy
2013-10-06 20:20 - 2013-10-06 20:24 - 59533004 _____ C:\Users\Lisi\Documents\mathm8sb_07112.zip
2013-10-06 20:19 - 2013-10-06 20:26 - 64768699 _____ C:\Users\Lisi\Documents\mathm7sb_07111.zip
2013-10-06 20:19 - 2013-10-06 20:25 - 64675764 _____ C:\Users\Lisi\Documents\mathm6sb_07044.zip
2013-10-06 20:19 - 2013-10-06 20:24 - 63764377 _____ C:\Users\Lisi\Documents\mathm5sb_07040.zip
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\MSDOS.SYS
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\IO.SYS
2013-10-02 22:22 - 2013-10-07 20:29 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\blaxxun interactive
2013-10-02 17:49 - 2013-10-10 18:45 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-02 17:49 - 2013-10-02 17:50 - 00000000 ____D C:\Users\Lisi\AppData\Local\CRE
2013-10-02 17:48 - 2013-10-10 18:43 - 00000000 ____D C:\Users\Lisi\AppData\Local\Conduit
2013-10-02 17:48 - 2013-10-02 17:49 - 00000000 ____D C:\Program Files\Conduit
2013-10-02 17:47 - 2013-10-02 17:47 - 00968592 _____ (BitTorrent, Inc.) C:\Users\Lisi\Desktop\utorrent-3.0-latest.x64.exe
2013-09-25 19:47 - 2013-09-25 19:56 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\PerformerSoft
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SpeedAnalysis2
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Babylon
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Local\avgchrome
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\Babylon
2013-09-25 19:47 - 2013-06-19 14:58 - 00017920 _____ (PerformerSoft LLC) C:\Windows\system32\roboot.exe
2013-09-25 19:46 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SeeSimilar02
2013-09-25 19:46 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\File Scout
2013-09-24 18:44 - 2013-10-06 20:32 - 00000000 ____D C:\Users\Lisi\Documents\Klett
2013-09-24 18:17 - 2013-10-06 20:29 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DUA
2013-09-24 18:09 - 2013-09-24 18:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 18:08 - 2013-09-24 18:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-24 18:08 - 2013-09-24 18:09 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 18:08 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iPod
2013-09-21 11:36 - 2013-09-21 11:36 - 00001095 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2013-09-21 11:36 - 2013-09-21 11:36 - 00001080 _____ C:\Users\Public\Desktop\DivX Player.lnk
2013-09-21 11:34 - 2013-09-21 11:34 - 00000000 _____ C:\END
2013-09-21 11:32 - 2013-10-10 20:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-21 11:24 - 2013-09-21 11:24 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-21 11:24 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-21 11:24 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-21 11:23 - 2013-09-21 11:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-21 11:23 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-21 11:22 - 2013-09-21 11:23 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-13 08:44 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 08:44 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 08:44 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 08:44 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 08:44 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 08:44 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 07:46 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 07:46 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 07:46 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 07:46 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 07:46 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 07:46 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 07:46 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 07:46 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-10 21:09 - 2013-10-10 21:09 - 01087213 _____ (Farbar) C:\Users\Lisi\Downloads\FRST.exe
2013-10-10 21:09 - 2013-10-10 21:08 - 00000470 _____ C:\Users\Lisi\Downloads\defogger_disable.log
2013-10-10 21:08 - 2013-10-10 21:08 - 00050477 _____ C:\Users\Lisi\Downloads\Defogger.exe
2013-10-10 21:08 - 2013-10-10 21:08 - 00000000 _____ C:\Users\Lisi\defogger_reenable
2013-10-10 21:08 - 2009-11-17 19:56 - 00000000 ____D C:\Users\Lisi
2013-10-10 20:45 - 2010-01-04 22:11 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-10 20:30 - 2011-12-12 18:57 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-5946700-4108168981-3792375673-1000UA.job
2013-10-10 20:22 - 2013-09-21 11:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-10 19:36 - 2012-03-10 10:48 - 01530439 _____ C:\Windows\WindowsUpdate.log
2013-10-10 18:53 - 2013-10-10 18:50 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-10 18:50 - 2013-10-10 18:50 - 00001065 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-10 18:50 - 2010-10-04 10:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-10 18:45 - 2013-10-02 17:49 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-10 18:45 - 2010-07-16 11:44 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\uTorrent
2013-10-10 18:43 - 2013-10-02 17:48 - 00000000 ____D C:\Users\Lisi\AppData\Local\Conduit
2013-10-10 17:30 - 2012-11-02 15:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-10 17:30 - 2009-10-13 12:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-10 17:22 - 2012-04-03 10:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-10 17:22 - 2011-06-22 07:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-10 17:13 - 2009-11-17 19:55 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-10 17:13 - 2009-11-17 19:55 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-10 17:08 - 2010-09-21 20:34 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Dropbox
2013-10-10 17:03 - 2010-09-21 20:35 - 00000000 ___RD C:\Users\Lisi\Documents\My Dropbox
2013-10-10 17:02 - 2013-08-11 12:00 - 00498268 _____ C:\Windows\setupact.log
2013-10-10 17:02 - 2010-01-04 22:11 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-10 17:02 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 21:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-08 18:44 - 2009-11-17 20:19 - 01632448 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-08 17:05 - 2013-09-03 14:15 - 00026482 _____ C:\Windows\PFRO.log
2013-10-07 20:29 - 2013-10-02 22:22 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\blaxxun interactive
2013-10-07 20:29 - 2009-10-08 14:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-07 20:29 - 2009-10-08 14:22 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\TuneUp Software
2013-10-07 19:08 - 2013-10-07 19:06 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-10-07 19:06 - 2013-10-07 19:06 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-07 19:05 - 2013-10-07 19:05 - 00002174 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-10-07 19:05 - 2013-10-07 19:04 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft
2013-10-07 19:05 - 2013-07-31 10:28 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-10-07 19:05 - 2013-07-31 10:28 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-10-07 19:04 - 2013-10-07 19:04 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\OpenCandy
2013-10-07 19:04 - 2013-02-26 21:48 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DVDVideoSoft
2013-10-06 20:32 - 2013-09-24 18:44 - 00000000 ____D C:\Users\Lisi\Documents\Klett
2013-10-06 20:29 - 2013-09-24 18:17 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DUA
2013-10-06 20:29 - 2013-08-29 11:31 - 00000000 ____D C:\Users\Lisi\Documents\zeitbilder_2
2013-10-06 20:26 - 2013-10-06 20:19 - 64768699 _____ C:\Users\Lisi\Documents\mathm7sb_07111.zip
2013-10-06 20:25 - 2013-10-06 20:19 - 64675764 _____ C:\Users\Lisi\Documents\mathm6sb_07044.zip
2013-10-06 20:24 - 2013-10-06 20:20 - 59533004 _____ C:\Users\Lisi\Documents\mathm8sb_07112.zip
2013-10-06 20:24 - 2013-10-06 20:19 - 63764377 _____ C:\Users\Lisi\Documents\mathm5sb_07040.zip
2013-10-05 14:30 - 2011-12-12 18:57 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-5946700-4108168981-3792375673-1000Core.job
2013-10-04 05:48 - 2011-12-12 18:58 - 00002358 _____ C:\Users\Lisi\Desktop\Google Chrome.lnk
2013-10-03 20:56 - 2010-01-06 20:30 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DivX
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\MSDOS.SYS
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\IO.SYS
2013-10-02 22:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-02 17:50 - 2013-10-02 17:49 - 00000000 ____D C:\Users\Lisi\AppData\Local\CRE
2013-10-02 17:49 - 2013-10-02 17:48 - 00000000 ____D C:\Program Files\Conduit
2013-10-02 17:47 - 2013-10-02 17:47 - 00968592 _____ (BitTorrent, Inc.) C:\Users\Lisi\Desktop\utorrent-3.0-latest.x64.exe
2013-09-25 20:19 - 2013-08-08 11:20 - 00000000 ____D C:\Program Files\JDownloader
2013-09-25 19:56 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\PerformerSoft
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SpeedAnalysis2
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Babylon
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Local\avgchrome
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\Babylon
2013-09-25 19:47 - 2013-09-25 19:46 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SeeSimilar02
2013-09-25 19:47 - 2013-09-25 19:46 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\File Scout
2013-09-24 18:09 - 2013-09-24 18:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 18:09 - 2013-09-24 18:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-24 18:09 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 18:08 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iPod
2013-09-24 18:08 - 2010-04-12 21:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-21 16:41 - 2009-11-17 20:22 - 00125336 _____ C:\Users\Lisi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-21 16:39 - 2009-07-14 06:33 - 00479752 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-21 15:00 - 2013-09-05 19:18 - 00000000 ____D C:\Users\Lisi\AppData\Local\FilesFrog Update Checker
2013-09-21 11:37 - 2010-11-15 17:23 - 00001583 _____ C:\Users\Lisi\Desktop\DivX Movies.lnk
2013-09-21 11:37 - 2010-06-12 15:13 - 00000000 ____D C:\ProgramData\DivX
2013-09-21 11:37 - 2010-01-06 19:42 - 00000000 ____D C:\Program Files\DivX
2013-09-21 11:36 - 2013-09-21 11:36 - 00001095 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2013-09-21 11:36 - 2013-09-21 11:36 - 00001080 _____ C:\Users\Public\Desktop\DivX Player.lnk
2013-09-21 11:36 - 2010-01-06 19:42 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-21 11:34 - 2013-09-21 11:34 - 00000000 _____ C:\END
2013-09-21 11:32 - 2012-11-24 13:29 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-21 11:30 - 2013-07-31 09:12 - 00000000 ____D C:\ProgramData\Avira
2013-09-21 11:24 - 2013-09-21 11:24 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-21 11:24 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-21 11:23 - 2013-09-21 11:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-21 11:23 - 2013-09-21 11:22 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-13 19:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-13 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-13 08:50 - 2009-10-08 14:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 21:07 - 2009-10-13 19:18 - 00000000 ____D C:\Users\Lisi\Documents\Schule

Some content of TEMP:
====================
C:\Users\Lisi\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Lisi\AppData\Local\Temp\DefaultTabSetup2.exe
C:\Users\Lisi\AppData\Local\Temp\DeltaTB.exe
C:\Users\Lisi\AppData\Local\Temp\fftF05A.tmp.exe
C:\Users\Lisi\AppData\Local\Temp\iet7936.tmp.exe
C:\Users\Lisi\AppData\Local\Temp\nsbC24A.exe
C:\Users\Lisi\AppData\Local\Temp\nsbCD45.exe
C:\Users\Lisi\AppData\Local\Temp\nsbF0FB.exe
C:\Users\Lisi\AppData\Local\Temp\nsl67BC.exe
C:\Users\Lisi\AppData\Local\Temp\nsl917D.exe
C:\Users\Lisi\AppData\Local\Temp\nsnC8DE.exe
C:\Users\Lisi\AppData\Local\Temp\nsvB5BC.exe
C:\Users\Lisi\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Lisi\AppData\Local\Temp\SPStub.exe
C:\Users\Lisi\AppData\Local\Temp\tbuTor.dll
C:\Users\Lisi\AppData\Local\Temp\uninst1.exe
C:\Users\Lisi\AppData\Local\Temp\utt3142.tmp.exe
C:\Users\Lisi\AppData\Local\Temp\Veoh383477.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 19:40

==================== End Of Log ============================
         
gmer.log:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-10 21:34:40
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-75A7B2 rev.01.03B01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Lisi\AppData\Local\Temp\pxldapod.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwAddBootEntry [0x90C4F610]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ZwAllocateVirtualMemory [0x90F885FA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwAssignProcessToJobObject [0x90C500E6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwCreateEvent [0x90C5BF18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwCreateEventPair [0x90C5BF64]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwCreateIoCompletion [0x90C5C0FE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwCreateMutant [0x90C5BE86]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ZwCreateSection [0x90F88992]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwCreateSemaphore [0x90C5BECE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwCreateThread [0x90C505E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwCreateThreadEx [0x90C50800]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwCreateTimer [0x90C5C0B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwDebugActiveProcess [0x90C50E9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwDeleteBootEntry [0x90C4F676]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwDuplicateObject [0x90C54596]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ZwFreeVirtualMemory [0x90F886C2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ZwLoadDriver [0x90F86C12]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwModifyBootEntry [0x90C4F6DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwNotifyChangeKey [0x90C5498C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwNotifyChangeMultipleKeys [0x90C5192C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwOpenEvent [0x90C5BF42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwOpenEventPair [0x90C5BF86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwOpenIoCompletion [0x90C5C122]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwOpenMutant [0x90C5BEAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwOpenProcess [0x90C53E78]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwOpenSection [0x90C5C036]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwOpenSemaphore [0x90C5BEF6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwOpenThread [0x90C5426E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwOpenTimer [0x90C5C0DC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ZwProtectVirtualMemory [0x90F88822]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwQueryObject [0x90C517F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwQueueApcThreadEx [0x90C51506]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwSetBootEntryOrder [0x90C4F742]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwSetBootOptions [0x90C4F7A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwSetContextThread [0x90C50D16]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwSetSystemInformation [0x90C4F2F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwSetSystemPowerState [0x90C4F4CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwShutdownSystem [0x90C4F45C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwSuspendProcess [0x90C51066]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwSuspendThread [0x90C511C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwSystemDebugControl [0x90C4F556]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ZwTerminateProcess [0x90F888EA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwTerminateThread [0x90C50CF6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ZwUnloadDriver [0x90F86C42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                               ZwVdmControl [0x90C4F80E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ZwWriteVirtualMemory [0x90F8876E]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ZwCreateProcessEx [0x90FA1E00]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                               ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                            83049A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                              83083212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                                 8308A460 4 Bytes  [10, F6, C4, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                                 8308A488 4 Bytes  [FA, 85, F8, 90] {CLI ; TEST EAX, EDI; NOP }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                 8308A4E8 4 Bytes  [E6, 00, C5, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                                 8308A53C 8 Bytes  [18, BF, C5, 90, 64, BF, C5, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                                 8308A548 4 Bytes  [FE, C0, C5, 90]
.text           ...                                                                                                                                 
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                                  83217D39 5 Bytes  JMP 90F9EC9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                                                    83230370 5 Bytes  JMP 90FA07CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                                         832454CF 4 Bytes  CALL 90C51FEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                                        8325F323 4 Bytes  CALL 90C52005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                                      832E926E 7 Bytes  JMP 90FA1E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                            section is writeable [0x9260A000, 0x2BFBF0, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                              section is writeable [0x9AD22000, 0xBB22, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                              section is writeable [0x9AE00300, 0x1BEE, 0xE8000020]
.text           kernel32.dll!GetBinaryTypeW + 70                                                                                                    774069E4 1 Byte  [62]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe[108] kernel32.dll!GetBinaryTypeW + 70                                                774069E4 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[444] kernel32.dll!GetBinaryTypeW + 70                                                                 774069E4 1 Byte  [62]
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[448] kernel32.dll!GetBinaryTypeW + 70        774069E4 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[524] kernel32.dll!GetBinaryTypeW + 70                                                               774069E4 1 Byte  [62]
.text           ...                                                                                                                                 
.text           C:\Windows\system32\taskhost.exe[4496] ntdll.dll!LdrUnloadDll                                                                       77D8C8DE 5 Bytes  JMP 001103FC 
.text           C:\Windows\system32\taskhost.exe[4496] ntdll.dll!LdrLoadDll                                                                         77D922AE 5 Bytes  JMP 001101F8 
.text           C:\Windows\system32\taskhost.exe[4496] KERNEL32.dll!GetBinaryTypeW + 70                                                             774069E4 1 Byte  [62]
.text           C:\Windows\system32\taskhost.exe[4496] USER32.dll!UnhookWindowsHookEx                                                               7622ADF9 5 Bytes  JMP 00130A08 
.text           C:\Windows\system32\taskhost.exe[4496] USER32.dll!UnhookWinEvent                                                                    7622B750 5 Bytes  JMP 001303FC 
.text           C:\Windows\system32\taskhost.exe[4496] USER32.dll!SetWindowsHookExW                                                                 7622E30C 5 Bytes  JMP 00130804 
.text           C:\Windows\system32\taskhost.exe[4496] USER32.dll!SetWinEventHook                                                                   762324DC 5 Bytes  JMP 001301F8 
.text           C:\Windows\system32\taskhost.exe[4496] USER32.dll!SetWindowsHookExA                                                                 76256D0C 5 Bytes  JMP 00130600 
.text           C:\Users\Lisi\Downloads\gmer_2.1.19163.exe[5220] kernel32.dll!GetBinaryTypeW + 70                                                   774069E4 1 Byte  [62]
.text           C:\Program Files\Java\jre7\bin\javaw.exe[5256] ntdll.dll!LdrUnloadDll                                                               77D8C8DE 5 Bytes  JMP 001303FC 
.text           C:\Program Files\Java\jre7\bin\javaw.exe[5256] ntdll.dll!LdrLoadDll                                                                 77D922AE 5 Bytes  JMP 001301F8 
.text           C:\Program Files\Java\jre7\bin\javaw.exe[5256] KERNEL32.dll!GetBinaryTypeW + 70                                                     774069E4 1 Byte  [62]
.text           C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!UnhookWindowsHookEx                                                       7622ADF9 5 Bytes  JMP 00250A08 
.text           C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!UnhookWinEvent                                                            7622B750 5 Bytes  JMP 002503FC 
.text           C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!SetWindowsHookExW                                                         7622E30C 5 Bytes  JMP 00250804 
.text           C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!SetWinEventHook                                                           762324DC 5 Bytes  JMP 002501F8 
.text           C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!SetWindowsHookExA                                                         76256D0C 5 Bytes  JMP 00250600 
.text           C:\Windows\System32\svchost.exe[5676] ntdll.dll!LdrUnloadDll                                                                        77D8C8DE 5 Bytes  JMP 000E03FC 
.text           C:\Windows\System32\svchost.exe[5676] ntdll.dll!LdrLoadDll                                                                          77D922AE 5 Bytes  JMP 000E01F8 
.text           C:\Windows\System32\svchost.exe[5676] KERNEL32.dll!GetBinaryTypeW + 70                                                              774069E4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[5676] user32.dll!UnhookWindowsHookEx                                                                7622ADF9 5 Bytes  JMP 00100A08 
.text           C:\Windows\System32\svchost.exe[5676] user32.dll!UnhookWinEvent                                                                     7622B750 5 Bytes  JMP 001003FC 
.text           C:\Windows\System32\svchost.exe[5676] user32.dll!SetWindowsHookExW                                                                  7622E30C 5 Bytes  JMP 00100804 
.text           C:\Windows\System32\svchost.exe[5676] user32.dll!SetWinEventHook                                                                    762324DC 5 Bytes  JMP 001001F8 
.text           C:\Windows\System32\svchost.exe[5676] user32.dll!SetWindowsHookExA                                                                  76256D0C 5 Bytes  JMP 00100600 
.text           C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] ntdll.dll!LdrUnloadDll            77D8C8DE 5 Bytes  JMP 000703FC 
.text           C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] ntdll.dll!LdrLoadDll              77D922AE 5 Bytes  JMP 000701F8 
.text           C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] KERNEL32.dll!GetBinaryTypeW + 70  774069E4 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!UnhookWindowsHookEx    7622ADF9 5 Bytes  JMP 00090A08 
.text           C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!UnhookWinEvent         7622B750 5 Bytes  JMP 000903FC 
.text           C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!SetWindowsHookExW      7622E30C 5 Bytes  JMP 00090804 
.text           C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!SetWinEventHook        762324DC 5 Bytes  JMP 000901F8 
.text           C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!SetWindowsHookExA      76256D0C 5 Bytes  JMP 00090600 

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                              aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                             aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                             aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 2.1 ----
         

 

Themen zu Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups
adblock, adobe, adware.widgitoolbar, backdoor.spynet.m, bifrose.trace, bonjour, browser, computer, desktop, farbar, farbar recovery scan tool, flash player, homepage, installation, ntdll.dll, pdfforge toolbar, photoshop, plug-in, plugin, programm, registry, scan, services.exe, software, svchost.exe, taskhost.exe, tracker, win32/adware.1clickdownload.aj, win32/speedingupmypc.b




Ähnliche Themen: Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups


  1. Windows 7: Vermehrte Werbung/Popups und Flash Aktualisierungsaufforderung in Chrome; Rechner generell verlangsamt
    Log-Analyse und Auswertung - 05.10.2014 (13)
  2. Windows 7; Malwarebytes findet täglich zw 150 und 200 infizierte Dateien
    Log-Analyse und Auswertung - 26.04.2014 (17)
  3. Malwarebytes findet 284 infizierte Dateien, Feven.A, SupTab.A,MediaPlayerplus.A,WebsSearches.A, etc.
    Log-Analyse und Auswertung - 13.04.2014 (3)
  4. Malwarebytes Anti-Malware findet infizierte Dateien, was tun?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2014 (9)
  5. Malwarebytes findet Infizierte Dateien/Registrierungsschlüssel/Registrierungswerte/Verzeichnisse!
    Log-Analyse und Auswertung - 28.01.2014 (13)
  6. Malwarebytes findet infizierte Dateien, die sich nicht entfernen lassen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2014 (20)
  7. Malwarebytes Anti-Malware findet 9 infizierte Dateien!Bitte um Hilfe
    Log-Analyse und Auswertung - 04.12.2013 (7)
  8. Malwarebytes findet 6 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 19.11.2013 (7)
  9. Windows7: Malwarebytes findet 8 infizierte Dateien
    Log-Analyse und Auswertung - 19.09.2013 (9)
  10. Malwarebytes findet über 500 infizierte Dateien - Internetschadensfall Telekom Onlinespiel
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (14)
  11. Malwarebytes findet üb45 40 infizierte Dateien
    Log-Analyse und Auswertung - 05.08.2013 (11)
  12. Malwarebytes findet 18 infizierte Dateien: Pup.VShareRedir - was tun?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (10)
  13. Malwarebytes findet 18 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (22)
  14. AntiVir findet nichts doch Malwarebytes findet 22 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (21)
  15. malwarebytes findet ucash - infizierte Dateien nicht mehr
    Log-Analyse und Auswertung - 20.07.2012 (3)
  16. Malwarebytes findet 3 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (14)
  17. Malwarebytes findet 10 infizierte Dateien!
    Antiviren-, Firewall- und andere Schutzprogramme - 23.05.2010 (2)

Zum Thema Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups - Hallo, Mein Computer macht mir in letzter Zeit vermehr Probleme. Er braucht beim Hochfahren extrem lang, arbeitet ständig im Hintergrund und ich habe plötzlich sehr viele Popupfenster. Ich habe mal - Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups...
Archiv
Du betrachtest: Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.