| |
| |||||||
Log-Analyse und Auswertung: Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte PopupsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.10.2013, 20:52
| #1 |
 |  Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups Hallo, Mein Computer macht mir in letzter Zeit vermehr Probleme. Er braucht beim Hochfahren extrem lang, arbeitet ständig im Hintergrund und ich habe plötzlich sehr viele Popupfenster. Ich habe mal Malwarebytes drüber laufen lassen und das Programm ist auf 3 infizierte Dateien. Könnt ihr mir bitte helfen? Liebe Grüße Lisi Hier die entsprechende logfiles: Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4738
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
04.10.2010 12:23:30
mbam-log-2010-10-04 (12-23-30).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 311611
Laufzeit: 1 Stunde(n), 18 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Users\Lisi\AppData\Roaming\Winbooterr (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Users\Lisi\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by Lisi (administrator) on LISI-PC on 10-10-2013 21:10:13 Running from C:\Users\Lisi\Downloads Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\system32\atiesrxx.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (Adobe Systems Incorporated) c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SoftThinks) C:\Program Files\Dell DataSafe Local Backup\sftservice.exe () C:\Program Files\Tor\tor.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Users\Lisi\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (Dropbox, Inc.) C:\Users\Lisi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Users\Lisi\Downloads\Defogger.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-11-04] (Realtek Semiconductor) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\ssmmgr.exe [688128 2011-07-06] () HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_CURRENT_USER\Software\SearchProtect /f HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [SDP] - C:\Users\Lisi\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto HKCU\...\Run: [AppsHat] - C:\Users\Lisi\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] () HKCU\...\Runonce: [SpUninstallDeleteDir] - rmdir /s /q "C:\Users\Lisi\AppData\Roaming\SearchProtect" Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Lisi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=7C9B00265E229D7A&affID=125036&tl=4-8873-8580-170000001458206887-3576639764-1380648019-1383240019&tsp=5028 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7C9B00265E229D7A&affID=125036&tl=4-8873-8580-170000001458206887-3576639764-1380648019-1383240019&tsp=5028 SearchScopes: HKCU - {25A054D3-5A42-4E49-BAC5-5E52EEDF4812} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {998E1B5F-7737-4D44-B8D8-52D017C37939} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647&CUI=UN14568099452952924&UM=2 SearchScopes: HKCU - {9B133256-7713-42C0-B5F9-9E4C38DF013F} URL = hxxp://www.google.de/search?q={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 212.186.211.21 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default FF user.js: detected! => C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\user.js FF DefaultSearchEngine: Veoh Web Player Customized Web Search FF SelectedSearchEngine: Veoh Web Player Customized Web Search FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=7C9B00265E229D7A&affID=125036&tl=4-8873-8580-170000001458206887-3576639764-1380648019-1383240019&tsp=5028 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\blackle-deutschland.xml FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\google-sterreich.xml FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\searchgol.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Movie2kDownloader - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\movie2kdownloader@movie2kdownloader.com FF Extension: Microsoft .NET Framework Assistant - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Google Toolbar for Firefox - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: AppsHat - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} FF Extension: WOT - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: FireFTP - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} FF Extension: uTorrentBar_DE - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} FF Extension: movie2kdownloader - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi FF Extension: support - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\support@wolfram.com.xpi FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: No Name - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF HKCU\...\Firefox\Extensions: [{b011b92d-cb28-4d63-9cb1-d844192476e0}] - C:\Program Files\a2zlyr\132.xpi Chrome: ======= CHR HomePage: hxxp://www.gym-gleisdorf.ac.at/ CHR RestoreOnStartup: "hxxp://www.gym-gleisdorf.ac.at/index.php" CHR Plugin: (Shockwave Flash) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll () CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (WOT) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0 CHR Extension: (YouTube) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 CHR Extension: (Adblock Plus) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0 CHR Extension: (Google Search) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 CHR Extension: (DVDVideoSoft) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_1 CHR Extension: (Chrome In-App Payments service) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1 CHR Extension: (ScriptSafe) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.16_0 CHR Extension: (Gmail) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2 CHR HKLM\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx CHR HKLM\...\Chrome\Extension: [ciljpgjahkpnilhbolpaphfjhlejnplm] - C:\Program Files\a2zlyr\132.crx CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Lisi\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx CHR StartMenuInternet: Google Chrome - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor7.0; c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-12-08] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) S2 gupdate1ca8d7850e80a72; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-04] (Google Inc.) R2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.exe [658656 2010-03-04] (SoftThinks) R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-03] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-03-04] () R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-25] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-03-04] () S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [77528 2013-09-03] (MalwareBytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-10] (Malwarebytes Corporation) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-09-11] (Samsung Electronics) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34016 2013-01-10] (The OpenVPN Project) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Lisi\AppData\Local\Temp\catchme.sys [x] S3 dgderdrv; System32\drivers\dgderdrv.sys [x] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x] S0 TfFsMon; system32\drivers\TfFsMon.sys [x] S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x] S0 TfSysMon; system32\drivers\TfSysMon.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-10 21:09 - 2013-10-10 21:09 - 01087213 _____ (Farbar) C:\Users\Lisi\Downloads\FRST.exe 2013-10-10 21:08 - 2013-10-10 21:09 - 00000470 _____ C:\Users\Lisi\Downloads\defogger_disable.log 2013-10-10 21:08 - 2013-10-10 21:08 - 00050477 _____ C:\Users\Lisi\Downloads\Defogger.exe 2013-10-10 21:08 - 2013-10-10 21:08 - 00000000 _____ C:\Users\Lisi\defogger_reenable 2013-10-10 18:50 - 2013-10-10 18:53 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-10-10 18:50 - 2013-10-10 18:50 - 00001065 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-10 18:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\TuneUp Software 2013-10-07 19:06 - 2013-10-07 19:08 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-10-07 19:06 - 2013-10-07 19:06 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2013-10-07 19:05 - 2013-10-07 19:05 - 00002174 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk 2013-10-07 19:04 - 2013-10-07 19:05 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft 2013-10-07 19:04 - 2013-10-07 19:04 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\OpenCandy 2013-10-06 20:20 - 2013-10-06 20:24 - 59533004 _____ C:\Users\Lisi\Documents\mathm8sb_07112.zip 2013-10-06 20:19 - 2013-10-06 20:26 - 64768699 _____ C:\Users\Lisi\Documents\mathm7sb_07111.zip 2013-10-06 20:19 - 2013-10-06 20:25 - 64675764 _____ C:\Users\Lisi\Documents\mathm6sb_07044.zip 2013-10-06 20:19 - 2013-10-06 20:24 - 63764377 _____ C:\Users\Lisi\Documents\mathm5sb_07040.zip 2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\MSDOS.SYS 2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\IO.SYS 2013-10-02 22:22 - 2013-10-07 20:29 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\blaxxun interactive 2013-10-02 17:49 - 2013-10-10 18:45 - 00000000 ____D C:\Program Files\SearchProtect 2013-10-02 17:49 - 2013-10-02 17:50 - 00000000 ____D C:\Users\Lisi\AppData\Local\CRE 2013-10-02 17:48 - 2013-10-10 18:43 - 00000000 ____D C:\Users\Lisi\AppData\Local\Conduit 2013-10-02 17:48 - 2013-10-02 17:49 - 00000000 ____D C:\Program Files\Conduit 2013-10-02 17:47 - 2013-10-02 17:47 - 00968592 _____ (BitTorrent, Inc.) C:\Users\Lisi\Desktop\utorrent-3.0-latest.x64.exe 2013-09-25 19:47 - 2013-09-25 19:56 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\PerformerSoft 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SpeedAnalysis2 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Babylon 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Local\avgchrome 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\IBUpdaterService 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\Babylon 2013-09-25 19:47 - 2013-06-19 14:58 - 00017920 _____ (PerformerSoft LLC) C:\Windows\system32\roboot.exe 2013-09-25 19:46 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SeeSimilar02 2013-09-25 19:46 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\File Scout 2013-09-24 18:44 - 2013-10-06 20:32 - 00000000 ____D C:\Users\Lisi\Documents\Klett 2013-09-24 18:17 - 2013-10-06 20:29 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DUA 2013-09-24 18:09 - 2013-09-24 18:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-24 18:08 - 2013-09-24 18:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-09-24 18:08 - 2013-09-24 18:09 - 00000000 ____D C:\Program Files\iTunes 2013-09-24 18:08 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iPod 2013-09-21 11:36 - 2013-09-21 11:36 - 00001095 _____ C:\Users\Public\Desktop\DivX Converter.lnk 2013-09-21 11:36 - 2013-09-21 11:36 - 00001080 _____ C:\Users\Public\Desktop\DivX Player.lnk 2013-09-21 11:34 - 2013-09-21 11:34 - 00000000 _____ C:\END 2013-09-21 11:32 - 2013-10-10 20:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-21 11:24 - 2013-09-21 11:24 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-21 11:24 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-09-21 11:24 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-09-21 11:23 - 2013-09-21 11:23 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-21 11:23 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-09-21 11:22 - 2013-09-21 11:23 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll 2013-09-13 08:44 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-13 08:44 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-13 08:44 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-13 08:44 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-13 08:44 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-13 08:44 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-13 07:46 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-13 07:46 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-13 07:46 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-13 07:46 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-13 07:46 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-13 07:46 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-13 07:46 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-13 07:46 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll ==================== One Month Modified Files and Folders ======= 2013-10-10 21:09 - 2013-10-10 21:09 - 01087213 _____ (Farbar) C:\Users\Lisi\Downloads\FRST.exe 2013-10-10 21:09 - 2013-10-10 21:08 - 00000470 _____ C:\Users\Lisi\Downloads\defogger_disable.log 2013-10-10 21:08 - 2013-10-10 21:08 - 00050477 _____ C:\Users\Lisi\Downloads\Defogger.exe 2013-10-10 21:08 - 2013-10-10 21:08 - 00000000 _____ C:\Users\Lisi\defogger_reenable 2013-10-10 21:08 - 2009-11-17 19:56 - 00000000 ____D C:\Users\Lisi 2013-10-10 20:45 - 2010-01-04 22:11 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-10 20:30 - 2011-12-12 18:57 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-5946700-4108168981-3792375673-1000UA.job 2013-10-10 20:22 - 2013-09-21 11:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-10 19:36 - 2012-03-10 10:48 - 01530439 _____ C:\Windows\WindowsUpdate.log 2013-10-10 18:53 - 2013-10-10 18:50 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-10-10 18:50 - 2013-10-10 18:50 - 00001065 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-10 18:50 - 2010-10-04 10:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-10 18:45 - 2013-10-02 17:49 - 00000000 ____D C:\Program Files\SearchProtect 2013-10-10 18:45 - 2010-07-16 11:44 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\uTorrent 2013-10-10 18:43 - 2013-10-02 17:48 - 00000000 ____D C:\Users\Lisi\AppData\Local\Conduit 2013-10-10 17:30 - 2012-11-02 15:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-10 17:30 - 2009-10-13 12:52 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-10 17:22 - 2012-04-03 10:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-10 17:22 - 2011-06-22 07:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-10-10 17:13 - 2009-11-17 19:55 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-10 17:13 - 2009-11-17 19:55 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-10 17:08 - 2010-09-21 20:34 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Dropbox 2013-10-10 17:03 - 2010-09-21 20:35 - 00000000 ___RD C:\Users\Lisi\Documents\My Dropbox 2013-10-10 17:02 - 2013-08-11 12:00 - 00498268 _____ C:\Windows\setupact.log 2013-10-10 17:02 - 2010-01-04 22:11 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-10 17:02 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-09 21:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-08 18:44 - 2009-11-17 20:19 - 01632448 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-08 17:05 - 2013-09-03 14:15 - 00026482 _____ C:\Windows\PFRO.log 2013-10-07 20:29 - 2013-10-02 22:22 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\blaxxun interactive 2013-10-07 20:29 - 2009-10-08 14:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-10-07 20:29 - 2009-10-08 14:22 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\TuneUp Software 2013-10-07 19:08 - 2013-10-07 19:06 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-10-07 19:06 - 2013-10-07 19:06 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2013-10-07 19:05 - 2013-10-07 19:05 - 00002174 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk 2013-10-07 19:05 - 2013-10-07 19:04 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft 2013-10-07 19:05 - 2013-07-31 10:28 - 00000000 ____D C:\Program Files\DVDVideoSoft 2013-10-07 19:05 - 2013-07-31 10:28 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2013-10-07 19:04 - 2013-10-07 19:04 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\OpenCandy 2013-10-07 19:04 - 2013-02-26 21:48 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DVDVideoSoft 2013-10-06 20:32 - 2013-09-24 18:44 - 00000000 ____D C:\Users\Lisi\Documents\Klett 2013-10-06 20:29 - 2013-09-24 18:17 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DUA 2013-10-06 20:29 - 2013-08-29 11:31 - 00000000 ____D C:\Users\Lisi\Documents\zeitbilder_2 2013-10-06 20:26 - 2013-10-06 20:19 - 64768699 _____ C:\Users\Lisi\Documents\mathm7sb_07111.zip 2013-10-06 20:25 - 2013-10-06 20:19 - 64675764 _____ C:\Users\Lisi\Documents\mathm6sb_07044.zip 2013-10-06 20:24 - 2013-10-06 20:20 - 59533004 _____ C:\Users\Lisi\Documents\mathm8sb_07112.zip 2013-10-06 20:24 - 2013-10-06 20:19 - 63764377 _____ C:\Users\Lisi\Documents\mathm5sb_07040.zip 2013-10-05 14:30 - 2011-12-12 18:57 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-5946700-4108168981-3792375673-1000Core.job 2013-10-04 05:48 - 2011-12-12 18:58 - 00002358 _____ C:\Users\Lisi\Desktop\Google Chrome.lnk 2013-10-03 20:56 - 2010-01-06 20:30 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DivX 2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\MSDOS.SYS 2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\IO.SYS 2013-10-02 22:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2013-10-02 17:50 - 2013-10-02 17:49 - 00000000 ____D C:\Users\Lisi\AppData\Local\CRE 2013-10-02 17:49 - 2013-10-02 17:48 - 00000000 ____D C:\Program Files\Conduit 2013-10-02 17:47 - 2013-10-02 17:47 - 00968592 _____ (BitTorrent, Inc.) C:\Users\Lisi\Desktop\utorrent-3.0-latest.x64.exe 2013-09-25 20:19 - 2013-08-08 11:20 - 00000000 ____D C:\Program Files\JDownloader 2013-09-25 19:56 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\PerformerSoft 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SpeedAnalysis2 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Babylon 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Local\avgchrome 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\IBUpdaterService 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\Babylon 2013-09-25 19:47 - 2013-09-25 19:46 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SeeSimilar02 2013-09-25 19:47 - 2013-09-25 19:46 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\File Scout 2013-09-24 18:09 - 2013-09-24 18:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-24 18:09 - 2013-09-24 18:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-09-24 18:09 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iTunes 2013-09-24 18:08 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iPod 2013-09-24 18:08 - 2010-04-12 21:12 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-09-21 16:41 - 2009-11-17 20:22 - 00125336 _____ C:\Users\Lisi\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-21 16:39 - 2009-07-14 06:33 - 00479752 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-21 15:00 - 2013-09-05 19:18 - 00000000 ____D C:\Users\Lisi\AppData\Local\FilesFrog Update Checker 2013-09-21 11:37 - 2010-11-15 17:23 - 00001583 _____ C:\Users\Lisi\Desktop\DivX Movies.lnk 2013-09-21 11:37 - 2010-06-12 15:13 - 00000000 ____D C:\ProgramData\DivX 2013-09-21 11:37 - 2010-01-06 19:42 - 00000000 ____D C:\Program Files\DivX 2013-09-21 11:36 - 2013-09-21 11:36 - 00001095 _____ C:\Users\Public\Desktop\DivX Converter.lnk 2013-09-21 11:36 - 2013-09-21 11:36 - 00001080 _____ C:\Users\Public\Desktop\DivX Player.lnk 2013-09-21 11:36 - 2010-01-06 19:42 - 00000000 ____D C:\Program Files\Common Files\DivX Shared 2013-09-21 11:34 - 2013-09-21 11:34 - 00000000 _____ C:\END 2013-09-21 11:32 - 2012-11-24 13:29 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2013-09-21 11:30 - 2013-07-31 09:12 - 00000000 ____D C:\ProgramData\Avira 2013-09-21 11:24 - 2013-09-21 11:24 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-21 11:24 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt 2013-09-21 11:23 - 2013-09-21 11:23 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-21 11:23 - 2013-09-21 11:22 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll 2013-09-13 19:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-09-13 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-09-13 08:50 - 2009-10-08 14:36 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-12 21:07 - 2009-10-13 19:18 - 00000000 ____D C:\Users\Lisi\Documents\Schule Some content of TEMP: ==================== C:\Users\Lisi\AppData\Local\Temp\appshat-distribution.exe C:\Users\Lisi\AppData\Local\Temp\DefaultTabSetup2.exe C:\Users\Lisi\AppData\Local\Temp\DeltaTB.exe C:\Users\Lisi\AppData\Local\Temp\fftF05A.tmp.exe C:\Users\Lisi\AppData\Local\Temp\iet7936.tmp.exe C:\Users\Lisi\AppData\Local\Temp\nsbC24A.exe C:\Users\Lisi\AppData\Local\Temp\nsbCD45.exe C:\Users\Lisi\AppData\Local\Temp\nsbF0FB.exe C:\Users\Lisi\AppData\Local\Temp\nsl67BC.exe C:\Users\Lisi\AppData\Local\Temp\nsl917D.exe C:\Users\Lisi\AppData\Local\Temp\nsnC8DE.exe C:\Users\Lisi\AppData\Local\Temp\nsvB5BC.exe C:\Users\Lisi\AppData\Local\Temp\OptimizerPro.exe C:\Users\Lisi\AppData\Local\Temp\SPStub.exe C:\Users\Lisi\AppData\Local\Temp\tbuTor.dll C:\Users\Lisi\AppData\Local\Temp\uninst1.exe C:\Users\Lisi\AppData\Local\Temp\utt3142.tmp.exe C:\Users\Lisi\AppData\Local\Temp\Veoh383477.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-01 19:40 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-10 21:34:40
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-75A7B2 rev.01.03B01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Lisi\AppData\Local\Temp\pxldapod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90C4F610]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90F885FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90C500E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90C5BF18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90C5BF64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90C5C0FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90C5BE86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90F88992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90C5BECE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90C505E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90C50800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90C5C0B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90C50E9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90C4F676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x90C54596]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90F886C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x90F86C12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90C4F6DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90C5498C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90C5192C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90C5BF42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90C5BF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90C5C122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90C5BEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x90C53E78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90C5C036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90C5BEF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x90C5426E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90C5C0DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90F88822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90C517F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x90C51506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90C4F742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90C4F7A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90C50D16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90C4F2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90C4F4CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90C4F45C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90C51066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90C511C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90C4F556]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90F888EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90C50CF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x90F86C42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90C4F80E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90F8876E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90FA1E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83049A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83083212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 8308A460 4 Bytes [10, F6, C4, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 8308A488 4 Bytes [FA, 85, F8, 90] {CLI ; TEST EAX, EDI; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 8308A4E8 4 Bytes [E6, 00, C5, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 8308A53C 8 Bytes [18, BF, C5, 90, 64, BF, C5, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 8308A548 4 Bytes [FE, C0, C5, 90]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83217D39 5 Bytes JMP 90F9EC9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83230370 5 Bytes JMP 90FA07CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 832454CF 4 Bytes CALL 90C51FEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8325F323 4 Bytes CALL 90C52005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 832E926E 7 Bytes JMP 90FA1E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9260A000, 0x2BFBF0, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9AD22000, 0xBB22, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9AE00300, 0x1BEE, 0xE8000020]
.text kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe[108] kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[444] kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[448] kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text ...
.text C:\Windows\system32\taskhost.exe[4496] ntdll.dll!LdrUnloadDll 77D8C8DE 5 Bytes JMP 001103FC
.text C:\Windows\system32\taskhost.exe[4496] ntdll.dll!LdrLoadDll 77D922AE 5 Bytes JMP 001101F8
.text C:\Windows\system32\taskhost.exe[4496] KERNEL32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[4496] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00130A08
.text C:\Windows\system32\taskhost.exe[4496] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001303FC
.text C:\Windows\system32\taskhost.exe[4496] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00130804
.text C:\Windows\system32\taskhost.exe[4496] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001301F8
.text C:\Windows\system32\taskhost.exe[4496] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00130600
.text C:\Users\Lisi\Downloads\gmer_2.1.19163.exe[5220] kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] ntdll.dll!LdrUnloadDll 77D8C8DE 5 Bytes JMP 001303FC
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] ntdll.dll!LdrLoadDll 77D922AE 5 Bytes JMP 001301F8
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] KERNEL32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00250A08
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 002503FC
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00250804
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002501F8
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00250600
.text C:\Windows\System32\svchost.exe[5676] ntdll.dll!LdrUnloadDll 77D8C8DE 5 Bytes JMP 000E03FC
.text C:\Windows\System32\svchost.exe[5676] ntdll.dll!LdrLoadDll 77D922AE 5 Bytes JMP 000E01F8
.text C:\Windows\System32\svchost.exe[5676] KERNEL32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[5676] user32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\svchost.exe[5676] user32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\svchost.exe[5676] user32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\svchost.exe[5676] user32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\svchost.exe[5676] user32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] ntdll.dll!LdrUnloadDll 77D8C8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] ntdll.dll!LdrLoadDll 77D922AE 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] KERNEL32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00090600
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 2.1 ----
|
|
11.10.2013, 05:34
| #2 |
| /// the machine /// TB-Ausbilder    | Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
11.10.2013, 17:14
| #3 |
| | Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups Hallo und danke für die schnelle Antwort!
__________________Ich habe jetzt einmal die Sachen gemacht, die du mir aufgeschrieben hast, und habe folgende log-files im Angebot: AdwCleaner: Code:
ATTFilter # AdwCleaner v3.007 - Bericht erstellt am 11/10/2013 um 14:33:41
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Lisi - LISI-PC
# Gestartet von : C:\Users\Lisi\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Minibar
Ordner Gelöscht : C:\Users\Lisi\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Lisi\AppData\Local\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\Lisi\AppData\Local\Minibar
Ordner Gelöscht : C:\Users\Lisi\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Lisi\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Lisi\AppData\Local\Temp\CT2851647
Ordner Gelöscht : C:\Users\Lisi\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Lisi\AppData\LocalLow\Minibar
Ordner Gelöscht : C:\Users\Lisi\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\SeeSimilar02
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\SpeedAnalysis2
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Lisi\Documents\optimizer pro
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Conduit
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\ConduitEngine
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Smartbar
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\CT2851647
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
Ordner Gelöscht : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Datei Gelöscht : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\Lisi\AppData\Roaming\speedanalysis.ico
Datei Gelöscht : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\searchgol.xml
Datei Gelöscht : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AppsHat]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Movie2KDownloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Movie2KDownloader_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5c55d78be638ba44
Schlüssel Gelöscht : HKLM\SOFTWARE\5c55d78be638ba44
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DBB6CE-3148-4FEC-B481-103CB3290427}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93488930-185C-4CED-AFEB-0FD4930F8423}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\Webplayer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Minibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\prefs.js ]
Zeile gelöscht : user_pref("CT2653012..clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2653012.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_1000515", true);
Zeile gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_129780842340847176", true);
Zeile gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_1367225934000", true);
Zeile gelöscht : user_pref("CT2653012.CT2653012", "CT2653012");
Zeile gelöscht : user_pref("CT2653012.CurrentServerDate", "13-9-2013");
Zeile gelöscht : user_pref("CT2653012.DSInstall", true);
Zeile gelöscht : user_pref("CT2653012.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2653012.DialogsGetterLastCheckTime", "Fri Sep 13 2013 08:09:02 GMT+0200");
Zeile gelöscht : user_pref("CT2653012.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2653012.FirstServerDate", "13-9-2013");
Zeile gelöscht : user_pref("CT2653012.FirstTime", true);
Zeile gelöscht : user_pref("CT2653012.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2653012.FirstTimeHiddenVer", true);
Zeile gelöscht : user_pref("CT2653012.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2653012.HPInstall", true);
Zeile gelöscht : user_pref("CT2653012.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2653012.Initialize", true);
Zeile gelöscht : user_pref("CT2653012.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2653012.InstallationAndCookieDataSentCount", 1);
Zeile gelöscht : user_pref("CT2653012.InstallationType", "Unknown");
Zeile gelöscht : user_pref("CT2653012.InstalledDate", "Fri Sep 13 2013 08:09:16 GMT+0200");
Zeile gelöscht : user_pref("CT2653012.IsGrouping", false);
Zeile gelöscht : user_pref("CT2653012.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2653012.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2653012.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2653012.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2653012.LanguagePackLastCheckTime", "Fri Sep 13 2013 08:09:02 GMT+0200");
Zeile gelöscht : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2653012.LastLogin_3.19.0.3", "Fri Sep 13 2013 08:12:27 GMT+0200");
Zeile gelöscht : user_pref("CT2653012.LatestVersion", "3.20.0.4");
Zeile gelöscht : user_pref("CT2653012.Locale", "en");
Zeile gelöscht : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2653012.OriginalFirstVersion", "3.19.0.3");
Zeile gelöscht : user_pref("CT2653012.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("CT2653012.SearchCaption", "Veoh Web Player Customized Web Search");
Zeile gelöscht : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
Zeile gelöscht : user_pref("CT2653012.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Fri Sep 13 2013 08:12:27 GMT+0200");
Zeile gelöscht : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Zeile gelöscht : user_pref("CT2653012.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2653012.ServiceMapLastCheckTime", "Fri Sep 13 2013 08:09:02 GMT+0200");
Zeile gelöscht : user_pref("CT2653012.SettingsLastCheckTime", "Fri Sep 13 2013 21:51:26 GMT+0200");
Zeile gelöscht : user_pref("CT2653012.SettingsLastUpdate", "1379041879");
Zeile gelöscht : user_pref("CT2653012.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13");
Zeile gelöscht : user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Zeile gelöscht : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2653012.UserID", "UN87102583214276170");
Zeile gelöscht : user_pref("CT2653012.alertChannelId", "1045667");
Zeile gelöscht : user_pref("CT2653012.components.1000234", true);
Zeile gelöscht : user_pref("CT2653012.components.1000515", true);
Zeile gelöscht : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2653012.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2653012.initDone", true);
Zeile gelöscht : user_pref("CT2653012.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2653012.navigateToUrlOnSearch", false);
Zeile gelöscht : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2653012.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2653012.testingCtid", "");
Zeile gelöscht : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Fri Sep 13 2013 08:09:02 GMT+0200");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_TMP_city", "GRAZ");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_TMP_country", "AT");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_country", "AUSTRIA");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_locId", "AUXX0008");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_location", "Graz, Austria");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_region", "OT");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_temp_dis", "c");
Zeile gelöscht : user_pref("CT2851647.1000234.TWC_wind_dis", "kmh");
Zeile gelöscht : user_pref("CT2851647.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.FF19Solved", "true");
Zeile gelöscht : user_pref("CT2851647.FirstTime", "true");
Zeile gelöscht : user_pref("CT2851647.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT2851647.UserID", "UN30669107896661175");
Zeile gelöscht : user_pref("CT2851647.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2851647.countryCode", "AT");
Zeile gelöscht : user_pref("CT2851647.defaultSearch", "false");
Zeile gelöscht : user_pref("CT2851647.embeddedsData", "[{\"appId\":\"129351532245275780\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gelöscht : user_pref("CT2851647.enableSearchFromAddressBar", "false");
Zeile gelöscht : user_pref("CT2851647.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT2851647.fixPageNotFoundErrorByUser", "TRUE");
Zeile gelöscht : user_pref("CT2851647.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT2851647.fullUserID", "UN30669107896661175.IN.20131002174925");
Zeile gelöscht : user_pref("CT2851647.installDate", "02/10/2013 17:49:36");
Zeile gelöscht : user_pref("CT2851647.installSessionId", "-1");
Zeile gelöscht : user_pref("CT2851647.installSp", "true");
Zeile gelöscht : user_pref("CT2851647.installType", "xpe");
Zeile gelöscht : user_pref("CT2851647.installUsage", "2013-10-07T21:32:35.8408783+03:00");
Zeile gelöscht : user_pref("CT2851647.installUsageEarly", "2013-10-07T21:32:32.4401655+03:00");
Zeile gelöscht : user_pref("CT2851647.installerVersion", "1.7.0.9");
Zeile gelöscht : user_pref("CT2851647.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT2851647.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT2851647.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2851647.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2851647&octid=CT2851647&SearchSource=15&CUI=UN30669107896661175&SSPV=&Lay=1&UM=2\"}");
Zeile gelöscht : user_pref("CT2851647.lastVersion", "10.20.0.513");
Zeile gelöscht : user_pref("CT2851647.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT2851647.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.trojaner-board.de%2F91491-infizierung-tr-atraps-gen-tr-crypt-xpack-gen3-2.html\",\"EB_MA[...]
Zeile gelöscht : user_pref("CT2851647.openThankYouPage", "true");
Zeile gelöscht : user_pref("CT2851647.openUninstallPage", "false");
Zeile gelöscht : user_pref("CT2851647.revertSettingsEnabled", "FALSE");
Zeile gelöscht : user_pref("CT2851647.search.searchAppId", "129351532245275780");
Zeile gelöscht : user_pref("CT2851647.search.searchCount", "0");
Zeile gelöscht : user_pref("CT2851647.searchInNewTabEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2851647.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2851647.searchRevert", "FALSE");
Zeile gelöscht : user_pref("CT2851647.searchSuggestEnabledByUser", "false");
Zeile gelöscht : user_pref("CT2851647.searchUserMode", "2");
Zeile gelöscht : user_pref("CT2851647.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851647\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentBarDE.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_DE \"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_Configuration_lastUpdate", "1381419045477");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1381170757365");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_appsMetadata_lastUpdate", "1381434317726");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1381170756515");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1381170754700");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1381170757089");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.20.0.13_lastUpdate", "1381170756865");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.20.0.513_lastUpdate", "1381434317617");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1381170756627");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_searchAPI_lastUpdate", "1381419045442");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_serviceMap_lastUpdate", "1381419044860");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_toolbarContextMenu_lastUpdate", "1381170756658");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_toolbarSettings_lastUpdate", "1381434317424");
Zeile gelöscht : user_pref("CT2851647.serviceLayer_services_translation_lastUpdate", "1381419045030");
Zeile gelöscht : user_pref("CT2851647.settingsINI", true);
Zeile gelöscht : user_pref("CT2851647.shouldFirstTimeDialog", "false");
Zeile gelöscht : user_pref("CT2851647.showToolbarPermission", "false");
Zeile gelöscht : user_pref("CT2851647.smartbar.CTID", "CT2851647");
Zeile gelöscht : user_pref("CT2851647.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE ");
Zeile gelöscht : user_pref("CT2851647.startPage", "false");
Zeile gelöscht : user_pref("CT2851647.toolbarBornServerTime", "7-10-2013");
Zeile gelöscht : user_pref("CT2851647.toolbarCurrentServerTime", "10-10-2013");
Zeile gelöscht : user_pref("CT2851647.toolbarLoginClientTime", "Mon Oct 07 2013 20:32:36 GMT+0200");
Zeile gelöscht : user_pref("CT2851647.versionFromInstaller", "10.20.0.13");
Zeile gelöscht : user_pref("CT2851647.xpeMode", "0");
Zeile gelöscht : user_pref("CT2851647_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381434307850,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13");
Zeile gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "Veoh Web Player Customized Web Search");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2653012/CT2653012", "\"daf1fcff58502b326cce74193015ec083\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/AT", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/AT", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", "\"1367226741\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80927e5f86f7cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0e0a4327275cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"2a1a0d7b586ce1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"761a1065c089bba4e6032a22fdf81948\"");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2653012");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "8c63c6ca-f0ba-4c08-909e-021ea65385e8");
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2653012");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Veoh Web Player Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "Veoh Web Player Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Veoh Web Player Customized Web Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=7C9B00265E229D7A&affID=125036&tl=4-8873-8580-170000001458206887-3576639764-1380648019-1383240019&tsp=5028");
Zeile gelöscht : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6,{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50,{3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1,{CAFEEFAC-0016-000[...]
Zeile gelöscht : user_pref("extensions.kango.storage.m2_k1", "4");
Zeile gelöscht : user_pref("extensions.kango.storage.m2_k2", "0");
Zeile gelöscht : user_pref("extensions.kango.storage.m2_k3", "1381434328058");
Zeile gelöscht : user_pref("extensions.kango.storage.m2_k4", "0");
Zeile gelöscht : user_pref("extensions.kango.storage.m2_k5", "1381434939960");
Zeile gelöscht : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"AppsHat\",\"description\":\"AppsHat\",\"button\":{\"tooltip\":\"Visit AppsHat.com\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%affi[...]
Zeile gelöscht : user_pref("extensions.kango.storage.nero_options", "\"{\\\"m1\\\":{\\\"ads\\\":{\\\"n1\\\":{\\\"url\\\":\\\"//ulayout.com/nero/hatter/google_post_results_728x90.html?aff_slug=appshat\\\",\\\"width\\\"[...]
Zeile gelöscht : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...]
Zeile gelöscht : user_pref("extensions.searchgol.admin", false);
Zeile gelöscht : user_pref("extensions.searchgol.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}");
Zeile gelöscht : user_pref("extensions.searchgol.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.searchgol.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.searchgol.excTlbr", false);
Zeile gelöscht : user_pref("extensions.searchgol.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.searchgol.id", "7c9bb4f500000000000000265e229d7a");
Zeile gelöscht : user_pref("extensions.searchgol.instlDay", "15985");
Zeile gelöscht : user_pref("extensions.searchgol.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.searchgol.newTab", false);
Zeile gelöscht : user_pref("extensions.searchgol.prdct", "searchgol");
Zeile gelöscht : user_pref("extensions.searchgol.prtnrId", "searchgol");
Zeile gelöscht : user_pref("extensions.searchgol.rvrt", "false");
Zeile gelöscht : user_pref("extensions.searchgol.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.searchgol.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.searchgol.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.searchgol.vrsn", "1.8.16.19");
Zeile gelöscht : user_pref("extensions.searchgol.vrsnTs", "1.8.16.1919:10:10");
Zeile gelöscht : user_pref("extensions.searchgol.vrsni", "1.8.16.19");
Zeile gelöscht : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision=\"1.5.2\">\r\n <sites>\r\n <searchsite MatchesDomain=\"google.\" MatchesPath=\"/search\" [...]
Zeile gelöscht : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");
Zeile gelöscht : user_pref("extensions.veohsearchrecs.id", "63d95b48c-6957-9827-b8e8-4595591ac4b");
Zeile gelöscht : user_pref("extensions.veohsearchrecs.lastsitedate", "9");
Zeile gelöscht : user_pref("smartbar.machineId", "MLMOJDMLIVV+RSOPUOKVBCXYI/J+D3YZYQNJZNRUFFWEHXJ0TJXBZEXQLBQVHLUU/B4AGBPQWCK5RXPD1F64MW");
-\\ Google Chrome v
[ Datei : C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [30647 octets] - [11/10/2013 14:07:19]
AdwCleaner[S0].txt - [30341 octets] - [11/10/2013 14:33:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30402 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Lisi on 11.10.2013 at 14:44:51,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-5946700-4108168981-3792375673-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{998E1B5F-7737-4D44-B8D8-52D017C37939}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Lisi\appdata\local\cre"
~~~ FireFox
Successfully deleted the following from C:\Users\Lisi\AppData\Roaming\mozilla\firefox\profiles\1hw755gk.default\prefs.js
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.10.2013 at 14:46:48,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Lisi (administrator) on LISI-PC on 11-10-2013 17:25:29
Running from C:\Users\Lisi\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks) C:\Program Files\Dell DataSafe Local Backup\sftservice.exe
() C:\Program Files\Tor\tor.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Lisi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-11-04] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\ssmmgr.exe [688128 2011-07-06] ()
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {25A054D3-5A42-4E49-BAC5-5E52EEDF4812} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {9B133256-7713-42C0-B5F9-9E4C38DF013F} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.186.211.21 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\blackle-deutschland.xml
FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\google-sterreich.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Movie2kDownloader - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\movie2kdownloader@movie2kdownloader.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Google Toolbar for Firefox - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: WOT - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: FireFTP - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF Extension: support - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\support@wolfram.com.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{b011b92d-cb28-4d63-9cb1-d844192476e0}] - C:\Program Files\a2zlyr\132.xpi
Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.gym-gleisdorf.ac.at/index.php"
CHR Plugin: (Shockwave Flash) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WOT) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0
CHR Extension: (YouTube) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Adblock Plus) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0
CHR Extension: (Google Search) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (DVDVideoSoft) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (ScriptSafe) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.16_0
CHR Extension: (Gmail) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM\...\Chrome\Extension: [ciljpgjahkpnilhbolpaphfjhlejnplm] - C:\Program Files\a2zlyr\132.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor7.0; c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-12-08] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
S2 gupdate1ca8d7850e80a72; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-04] (Google Inc.)
R2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.exe [658656 2010-03-04] (SoftThinks)
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-03] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-03-04] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-25] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-03-04] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [77528 2013-09-03] (MalwareBytes)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-09-11] (Samsung Electronics)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34016 2013-01-10] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Lisi\AppData\Local\Temp\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
S0 TfSysMon; system32\drivers\TfSysMon.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-11 14:46 - 2013-10-11 14:46 - 00002138 _____ C:\Users\Lisi\Desktop\JRT.txt
2013-10-11 14:42 - 2013-10-11 14:42 - 01032220 _____ (Thisisu) C:\Users\Lisi\Downloads\JRT.exe
2013-10-11 14:07 - 2013-10-11 14:34 - 00000000 ____D C:\AdwCleaner
2013-10-11 14:06 - 2013-10-11 14:06 - 01048960 _____ C:\Users\Lisi\Downloads\adwcleaner.exe
2013-10-10 21:34 - 2013-10-10 21:34 - 00020379 _____ C:\Users\Lisi\Downloads\gmer_okt.log
2013-10-10 21:11 - 2013-10-10 21:11 - 00377856 _____ C:\Users\Lisi\Downloads\gmer_2.1.19163.exe
2013-10-10 21:09 - 2013-10-10 21:09 - 01087213 _____ (Farbar) C:\Users\Lisi\Downloads\FRST.exe
2013-10-10 21:08 - 2013-10-10 21:09 - 00000470 _____ C:\Users\Lisi\Downloads\defogger_disable.log
2013-10-10 21:08 - 2013-10-10 21:08 - 00050477 _____ C:\Users\Lisi\Downloads\Defogger.exe
2013-10-10 21:08 - 2013-10-10 21:08 - 00000000 _____ C:\Users\Lisi\defogger_reenable
2013-10-10 18:50 - 2013-10-10 18:50 - 00001065 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-10 18:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\TuneUp Software
2013-10-07 19:06 - 2013-10-07 19:08 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-10-07 19:06 - 2013-10-07 19:06 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-07 19:05 - 2013-10-07 19:05 - 00002174 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-10-07 19:04 - 2013-10-07 19:05 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft
2013-10-06 20:20 - 2013-10-06 20:24 - 59533004 _____ C:\Users\Lisi\Documents\mathm8sb_07112.zip
2013-10-06 20:19 - 2013-10-06 20:26 - 64768699 _____ C:\Users\Lisi\Documents\mathm7sb_07111.zip
2013-10-06 20:19 - 2013-10-06 20:25 - 64675764 _____ C:\Users\Lisi\Documents\mathm6sb_07044.zip
2013-10-06 20:19 - 2013-10-06 20:24 - 63764377 _____ C:\Users\Lisi\Documents\mathm5sb_07040.zip
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\MSDOS.SYS
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\IO.SYS
2013-10-02 22:22 - 2013-10-07 20:29 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\blaxxun interactive
2013-10-02 17:47 - 2013-10-02 17:47 - 00968592 _____ (BitTorrent, Inc.) C:\Users\Lisi\Desktop\utorrent-3.0-latest.x64.exe
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Local\avgchrome
2013-09-24 18:44 - 2013-10-06 20:32 - 00000000 ____D C:\Users\Lisi\Documents\Klett
2013-09-24 18:17 - 2013-10-06 20:29 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DUA
2013-09-24 18:09 - 2013-09-24 18:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 18:08 - 2013-09-24 18:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-24 18:08 - 2013-09-24 18:09 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 18:08 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iPod
2013-09-21 11:36 - 2013-09-21 11:36 - 00001095 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2013-09-21 11:36 - 2013-09-21 11:36 - 00001080 _____ C:\Users\Public\Desktop\DivX Player.lnk
2013-09-21 11:32 - 2013-10-11 17:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-21 11:24 - 2013-09-21 11:24 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-21 11:24 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-21 11:24 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-21 11:23 - 2013-09-21 11:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-21 11:23 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-21 11:22 - 2013-09-21 11:23 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-13 08:44 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 08:44 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 08:44 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 08:44 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 08:44 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 08:44 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 08:44 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 07:46 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 07:46 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 07:46 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 07:46 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 07:46 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 07:46 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 07:46 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 07:46 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
==================== One Month Modified Files and Folders =======
2013-10-11 17:24 - 2012-03-10 10:48 - 01515620 _____ C:\Windows\WindowsUpdate.log
2013-10-11 17:22 - 2013-09-21 11:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-11 16:45 - 2010-01-04 22:11 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-11 16:45 - 2010-01-04 22:11 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-11 16:30 - 2011-12-12 18:57 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-5946700-4108168981-3792375673-1000UA.job
2013-10-11 14:46 - 2013-10-11 14:46 - 00002138 _____ C:\Users\Lisi\Desktop\JRT.txt
2013-10-11 14:46 - 2009-11-17 19:55 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-11 14:46 - 2009-11-17 19:55 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-11 14:42 - 2013-10-11 14:42 - 01032220 _____ (Thisisu) C:\Users\Lisi\Downloads\JRT.exe
2013-10-11 14:41 - 2010-09-21 20:34 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Dropbox
2013-10-11 14:40 - 2010-09-21 20:35 - 00000000 ___RD C:\Users\Lisi\Documents\My Dropbox
2013-10-11 14:36 - 2013-08-11 12:00 - 00506224 _____ C:\Windows\setupact.log
2013-10-11 14:36 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-11 14:34 - 2013-10-11 14:07 - 00000000 ____D C:\AdwCleaner
2013-10-11 14:33 - 2013-08-09 21:29 - 00000000 ____D C:\ProgramData\Uniblue
2013-10-11 14:30 - 2011-12-12 18:57 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-5946700-4108168981-3792375673-1000Core.job
2013-10-11 14:06 - 2013-10-11 14:06 - 01048960 _____ C:\Users\Lisi\Downloads\adwcleaner.exe
2013-10-11 14:04 - 2010-09-21 20:35 - 00001017 _____ C:\Users\Lisi\Desktop\Dropbox.lnk
2013-10-11 14:04 - 2010-09-21 20:34 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-11 13:58 - 2013-09-03 14:15 - 00027344 _____ C:\Windows\PFRO.log
2013-10-11 13:58 - 2012-11-02 15:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-10 21:45 - 2009-10-13 12:53 - 00000000 ____D C:\Users\Lisi\AppData\Local\Mozilla
2013-10-10 21:44 - 2009-10-13 12:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-10 21:34 - 2013-10-10 21:34 - 00020379 _____ C:\Users\Lisi\Downloads\gmer_okt.log
2013-10-10 21:11 - 2013-10-10 21:11 - 00377856 _____ C:\Users\Lisi\Downloads\gmer_2.1.19163.exe
2013-10-10 21:09 - 2013-10-10 21:09 - 01087213 _____ (Farbar) C:\Users\Lisi\Downloads\FRST.exe
2013-10-10 21:09 - 2013-10-10 21:08 - 00000470 _____ C:\Users\Lisi\Downloads\defogger_disable.log
2013-10-10 21:08 - 2013-10-10 21:08 - 00050477 _____ C:\Users\Lisi\Downloads\Defogger.exe
2013-10-10 21:08 - 2013-10-10 21:08 - 00000000 _____ C:\Users\Lisi\defogger_reenable
2013-10-10 21:08 - 2009-11-17 19:56 - 00000000 ____D C:\Users\Lisi
2013-10-10 18:50 - 2013-10-10 18:50 - 00001065 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-10 18:50 - 2010-10-04 10:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-10 18:45 - 2010-07-16 11:44 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\uTorrent
2013-10-10 17:22 - 2012-04-03 10:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-10 17:22 - 2011-06-22 07:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 21:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-08 18:44 - 2009-11-17 20:19 - 01632448 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-07 20:29 - 2013-10-02 22:22 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\blaxxun interactive
2013-10-07 20:29 - 2009-10-08 14:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-07 20:29 - 2009-10-08 14:22 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\TuneUp Software
2013-10-07 19:08 - 2013-10-07 19:06 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-10-07 19:06 - 2013-10-07 19:06 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-07 19:05 - 2013-10-07 19:05 - 00002174 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-10-07 19:05 - 2013-10-07 19:04 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft
2013-10-07 19:05 - 2013-07-31 10:28 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-10-07 19:05 - 2013-07-31 10:28 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-10-07 19:04 - 2013-02-26 21:48 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DVDVideoSoft
2013-10-06 20:32 - 2013-09-24 18:44 - 00000000 ____D C:\Users\Lisi\Documents\Klett
2013-10-06 20:29 - 2013-09-24 18:17 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DUA
2013-10-06 20:29 - 2013-08-29 11:31 - 00000000 ____D C:\Users\Lisi\Documents\zeitbilder_2
2013-10-06 20:26 - 2013-10-06 20:19 - 64768699 _____ C:\Users\Lisi\Documents\mathm7sb_07111.zip
2013-10-06 20:25 - 2013-10-06 20:19 - 64675764 _____ C:\Users\Lisi\Documents\mathm6sb_07044.zip
2013-10-06 20:24 - 2013-10-06 20:20 - 59533004 _____ C:\Users\Lisi\Documents\mathm8sb_07112.zip
2013-10-06 20:24 - 2013-10-06 20:19 - 63764377 _____ C:\Users\Lisi\Documents\mathm5sb_07040.zip
2013-10-04 05:48 - 2011-12-12 18:58 - 00002358 _____ C:\Users\Lisi\Desktop\Google Chrome.lnk
2013-10-03 20:56 - 2010-01-06 20:30 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DivX
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\MSDOS.SYS
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\IO.SYS
2013-10-02 22:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-02 17:47 - 2013-10-02 17:47 - 00968592 _____ (BitTorrent, Inc.) C:\Users\Lisi\Desktop\utorrent-3.0-latest.x64.exe
2013-09-25 20:19 - 2013-08-08 11:20 - 00000000 ____D C:\Program Files\JDownloader
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Local\avgchrome
2013-09-24 18:09 - 2013-09-24 18:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 18:09 - 2013-09-24 18:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-24 18:09 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 18:08 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iPod
2013-09-24 18:08 - 2010-04-12 21:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-21 16:41 - 2009-11-17 20:22 - 00125336 _____ C:\Users\Lisi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-21 16:39 - 2009-07-14 06:33 - 00479752 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-21 11:37 - 2010-11-15 17:23 - 00001583 _____ C:\Users\Lisi\Desktop\DivX Movies.lnk
2013-09-21 11:37 - 2010-06-12 15:13 - 00000000 ____D C:\ProgramData\DivX
2013-09-21 11:37 - 2010-01-06 19:42 - 00000000 ____D C:\Program Files\DivX
2013-09-21 11:36 - 2013-09-21 11:36 - 00001095 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2013-09-21 11:36 - 2013-09-21 11:36 - 00001080 _____ C:\Users\Public\Desktop\DivX Player.lnk
2013-09-21 11:36 - 2010-01-06 19:42 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-21 11:32 - 2012-11-24 13:29 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-21 11:30 - 2013-07-31 09:12 - 00000000 ____D C:\ProgramData\Avira
2013-09-21 11:24 - 2013-09-21 11:24 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-21 11:24 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-21 11:23 - 2013-09-21 11:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-21 11:23 - 2013-09-21 11:22 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-13 19:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-13 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-13 08:50 - 2009-10-08 14:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 21:07 - 2009-10-13 19:18 - 00000000 ____D C:\Users\Lisi\Documents\Schule
Some content of TEMP:
====================
C:\Users\Lisi\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Lisi\AppData\Local\Temp\DefaultTabSetup2.exe
C:\Users\Lisi\AppData\Local\Temp\DeltaTB.exe
C:\Users\Lisi\AppData\Local\Temp\fftF05A.tmp.exe
C:\Users\Lisi\AppData\Local\Temp\iet7936.tmp.exe
C:\Users\Lisi\AppData\Local\Temp\nsbC24A.exe
C:\Users\Lisi\AppData\Local\Temp\nsbCD45.exe
C:\Users\Lisi\AppData\Local\Temp\nsbF0FB.exe
C:\Users\Lisi\AppData\Local\Temp\nsl67BC.exe
C:\Users\Lisi\AppData\Local\Temp\nsl917D.exe
C:\Users\Lisi\AppData\Local\Temp\nsnC8DE.exe
C:\Users\Lisi\AppData\Local\Temp\nsvB5BC.exe
C:\Users\Lisi\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Lisi\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisi\AppData\Local\Temp\SPStub.exe
C:\Users\Lisi\AppData\Local\Temp\tbuTor.dll
C:\Users\Lisi\AppData\Local\Temp\uninst1.exe
C:\Users\Lisi\AppData\Local\Temp\utt3142.tmp.exe
C:\Users\Lisi\AppData\Local\Temp\Veoh383477.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-11 15:14
==================== End Of Log ============================
Ich hoffe, ich habe nichts vergessen. Und danke noch einmal für die rasche Hilfe. Lg |
|
12.10.2013, 14:54
| #4 |
| /// the machine /// TB-Ausbilder | Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte PopupsESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.10.2013, 21:35
| #5 |
| | Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups Hallo, danke wieder für die rasche Antwort. ESET hat zwei Funde gemeldet. Hier das log-file von ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b93fd291899a1e4ebb87af629610e449
# engine=14995
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-03 02:09:53
# local_time=2013-09-03 04:09:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 6893 148885098 13935 0
# compatibility_mode=5893 16776573 100 94 37367 129848584 0 0
# scanned=348475
# found=0
# cleaned=0
# scan_time=5282
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b93fd291899a1e4ebb87af629610e449
# engine=15461
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-12 07:52:48
# local_time=2013-10-12 09:52:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1852115 158317440 0 0
# compatibility_mode=5893 16776573 100 94 102530 133238759 0 0
# scanned=359850
# found=2
# cleaned=0
# scan_time=6831
sh=9E05797C9B2C623EAF0F0C563242B4EAD9B9F791 ft=1 fh=ee6f76fbf19a71e9 vn="Win32/AdWare.1ClickDownload.AJ application" ac=I fn="C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000"
sh=659A8FD975D064BB8068289568CC3D8A03DA208F ft=1 fh=3816b07614fb8fb8 vn="probably a variant of Win32/SpeedingUpMyPC.B application" ac=I fn="C:\Users\Lisi\AppData\Local\Temp\OptimizerPro.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java(TM) 6 Update 31 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (24.0) Google Chrome 30.0.1599.66 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Lisi (administrator) on LISI-PC on 12-10-2013 22:33:00
Running from C:\Users\Lisi\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks) C:\Program Files\Dell DataSafe Local Backup\sftservice.exe
() C:\Program Files\Tor\tor.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Lisi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-11-04] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\ssmmgr.exe [688128 2011-07-06] ()
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Lisi\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {25A054D3-5A42-4E49-BAC5-5E52EEDF4812} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {9B133256-7713-42C0-B5F9-9E4C38DF013F} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.186.211.21 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default
FF DefaultSearchEngine: Google Österreich
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\blackle-deutschland.xml
FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\google-sterreich.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Movie2kDownloader - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\movie2kdownloader@movie2kdownloader.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Google Toolbar for Firefox - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: WOT - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: FireFTP - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF Extension: support - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\support@wolfram.com.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{b011b92d-cb28-4d63-9cb1-d844192476e0}] - C:\Program Files\a2zlyr\132.xpi
Chrome:
=======
CHR HomePage: hxxp://www.gym-gleisdorf.ac.at/
CHR RestoreOnStartup: "hxxp://www.gym-gleisdorf.ac.at/index.php"
CHR Plugin: (Shockwave Flash) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WOT) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0
CHR Extension: (YouTube) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Adblock Plus) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0
CHR Extension: (Google Search) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (DVDVideoSoft) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (ScriptSafe) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.16_0
CHR Extension: (Gmail) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM\...\Chrome\Extension: [ciljpgjahkpnilhbolpaphfjhlejnplm] - C:\Program Files\a2zlyr\132.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor7.0; c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-12-08] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
S2 gupdate1ca8d7850e80a72; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-04] (Google Inc.)
R2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.exe [658656 2010-03-04] (SoftThinks)
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-03] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-03-04] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-25] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-03-04] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [77528 2013-09-03] (MalwareBytes)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-09-11] (Samsung Electronics)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34016 2013-01-10] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Lisi\AppData\Local\Temp\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
S0 TfSysMon; system32\drivers\TfSysMon.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-12 22:08 - 2013-10-12 22:08 - 00891167 _____ C:\Users\Lisi\Desktop\SecurityCheck.exe
2013-10-12 19:55 - 2013-10-12 19:55 - 02347384 _____ (ESET) C:\Users\Lisi\Downloads\esetsmartinstaller_enu.exe
2013-10-12 11:52 - 2013-10-12 11:52 - 00191616 _____ (Amonetizé Ltd) C:\Users\Lisi\Downloads\Star.Trek.Deep.Space.Nine.S01E01E02.Der.Abgesandte.GERMAN.DL.DVDRip.XviD FKKTV iNT.avi.mp4__3039_i97479824_il3009571.exe
2013-10-12 10:50 - 2013-10-12 13:45 - 00000000 ____D C:\Users\Lisi\Downloads\Star Trek Deep Space 9 Deluxe DVD Boxset + Extras DVDRip TSV
2013-10-12 10:45 - 2013-10-12 10:45 - 01141328 _____ (BitTorrent Inc.) C:\Users\Lisi\Downloads\utorrent3.3.2.exe
2013-10-11 18:42 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 18:42 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 18:42 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 18:42 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 18:42 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 18:42 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 18:42 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 18:42 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 18:42 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 18:42 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 18:42 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 18:42 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 18:42 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 18:42 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 18:42 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 18:42 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 18:29 - 2013-10-11 18:30 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Lisi\Downloads\AdobeAIRInstaller.exe
2013-10-11 14:46 - 2013-10-11 14:46 - 00002138 _____ C:\Users\Lisi\Desktop\JRT.txt
2013-10-11 14:42 - 2013-10-11 14:42 - 01032220 _____ (Thisisu) C:\Users\Lisi\Downloads\JRT.exe
2013-10-11 14:12 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 14:12 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 14:12 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 14:12 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-11 14:12 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 14:12 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 14:12 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 14:12 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 14:12 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 14:12 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 14:12 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 14:12 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 14:12 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 14:12 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 14:12 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 14:12 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 14:12 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 14:12 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 14:12 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 14:12 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 14:12 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 14:12 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 14:12 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 14:12 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 14:12 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 14:12 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 14:07 - 2013-10-11 14:34 - 00000000 ____D C:\AdwCleaner
2013-10-11 14:06 - 2013-10-11 14:06 - 01048960 _____ C:\Users\Lisi\Downloads\adwcleaner.exe
2013-10-10 21:34 - 2013-10-10 21:34 - 00020379 _____ C:\Users\Lisi\Downloads\gmer_okt.log
2013-10-10 21:11 - 2013-10-10 21:11 - 00377856 _____ C:\Users\Lisi\Downloads\gmer_2.1.19163.exe
2013-10-10 21:09 - 2013-10-10 21:09 - 01087213 _____ (Farbar) C:\Users\Lisi\Downloads\FRST.exe
2013-10-10 21:08 - 2013-10-10 21:09 - 00000470 _____ C:\Users\Lisi\Downloads\defogger_disable.log
2013-10-10 21:08 - 2013-10-10 21:08 - 00050477 _____ C:\Users\Lisi\Downloads\Defogger.exe
2013-10-10 21:08 - 2013-10-10 21:08 - 00000000 _____ C:\Users\Lisi\defogger_reenable
2013-10-10 18:50 - 2013-10-10 18:50 - 00001065 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-10 18:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\TuneUp Software
2013-10-07 19:06 - 2013-10-07 19:08 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-10-07 19:06 - 2013-10-07 19:06 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-07 19:05 - 2013-10-07 19:05 - 00002174 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-10-07 19:04 - 2013-10-07 19:05 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft
2013-10-06 20:20 - 2013-10-06 20:24 - 59533004 _____ C:\Users\Lisi\Documents\mathm8sb_07112.zip
2013-10-06 20:19 - 2013-10-06 20:26 - 64768699 _____ C:\Users\Lisi\Documents\mathm7sb_07111.zip
2013-10-06 20:19 - 2013-10-06 20:25 - 64675764 _____ C:\Users\Lisi\Documents\mathm6sb_07044.zip
2013-10-06 20:19 - 2013-10-06 20:24 - 63764377 _____ C:\Users\Lisi\Documents\mathm5sb_07040.zip
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\MSDOS.SYS
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\IO.SYS
2013-10-02 22:22 - 2013-10-07 20:29 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\blaxxun interactive
2013-10-02 17:47 - 2013-10-02 17:47 - 00968592 _____ (BitTorrent, Inc.) C:\Users\Lisi\Desktop\utorrent-3.0-latest.x64.exe
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Local\avgchrome
2013-09-24 18:44 - 2013-10-06 20:32 - 00000000 ____D C:\Users\Lisi\Documents\Klett
2013-09-24 18:17 - 2013-10-06 20:29 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DUA
2013-09-24 18:09 - 2013-09-24 18:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 18:08 - 2013-09-24 18:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-24 18:08 - 2013-09-24 18:09 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 18:08 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iPod
2013-09-21 11:36 - 2013-09-21 11:36 - 00001095 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2013-09-21 11:36 - 2013-09-21 11:36 - 00001080 _____ C:\Users\Public\Desktop\DivX Player.lnk
2013-09-21 11:32 - 2013-10-12 22:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-21 11:24 - 2013-09-21 11:24 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-21 11:24 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-21 11:24 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-21 11:24 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-21 11:23 - 2013-09-21 11:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-21 11:23 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-21 11:22 - 2013-09-21 11:23 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-13 07:46 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 07:46 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 07:46 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 07:46 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 07:46 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 07:46 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 07:46 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 07:46 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
==================== One Month Modified Files and Folders =======
2013-10-12 22:32 - 2010-07-16 11:44 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\uTorrent
2013-10-12 22:25 - 2012-03-10 10:48 - 01423454 _____ C:\Windows\WindowsUpdate.log
2013-10-12 22:22 - 2013-09-21 11:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-12 22:08 - 2013-10-12 22:08 - 00891167 _____ C:\Users\Lisi\Desktop\SecurityCheck.exe
2013-10-12 21:45 - 2010-01-04 22:11 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 21:37 - 2011-12-12 18:57 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-5946700-4108168981-3792375673-1000UA.job
2013-10-12 19:55 - 2013-10-12 19:55 - 02347384 _____ (ESET) C:\Users\Lisi\Downloads\esetsmartinstaller_enu.exe
2013-10-12 19:55 - 2009-11-17 20:19 - 01611392 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-12 19:53 - 2013-08-11 12:00 - 00521127 _____ C:\Windows\setupact.log
2013-10-12 16:45 - 2010-01-04 22:11 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-12 15:07 - 2009-11-17 19:55 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-12 15:07 - 2009-11-17 19:55 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-12 14:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-10-12 13:45 - 2013-10-12 10:50 - 00000000 ____D C:\Users\Lisi\Downloads\Star Trek Deep Space 9 Deluxe DVD Boxset + Extras DVDRip TSV
2013-10-12 11:52 - 2013-10-12 11:52 - 00191616 _____ (Amonetizé Ltd) C:\Users\Lisi\Downloads\Star.Trek.Deep.Space.Nine.S01E01E02.Der.Abgesandte.GERMAN.DL.DVDRip.XviD FKKTV iNT.avi.mp4__3039_i97479824_il3009571.exe
2013-10-12 11:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-12 10:45 - 2013-10-12 10:45 - 01141328 _____ (BitTorrent Inc.) C:\Users\Lisi\Downloads\utorrent3.3.2.exe
2013-10-12 10:37 - 2011-12-12 18:57 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-5946700-4108168981-3792375673-1000Core.job
2013-10-12 10:31 - 2010-09-21 20:34 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Dropbox
2013-10-12 10:30 - 2010-09-21 20:35 - 00000000 ___RD C:\Users\Lisi\Documents\My Dropbox
2013-10-12 10:26 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-12 10:26 - 2009-07-14 06:33 - 00479752 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 10:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-11 18:46 - 2009-10-08 14:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 18:30 - 2013-10-11 18:29 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Lisi\Downloads\AdobeAIRInstaller.exe
2013-10-11 14:46 - 2013-10-11 14:46 - 00002138 _____ C:\Users\Lisi\Desktop\JRT.txt
2013-10-11 14:42 - 2013-10-11 14:42 - 01032220 _____ (Thisisu) C:\Users\Lisi\Downloads\JRT.exe
2013-10-11 14:34 - 2013-10-11 14:07 - 00000000 ____D C:\AdwCleaner
2013-10-11 14:33 - 2013-08-09 21:29 - 00000000 ____D C:\ProgramData\Uniblue
2013-10-11 14:06 - 2013-10-11 14:06 - 01048960 _____ C:\Users\Lisi\Downloads\adwcleaner.exe
2013-10-11 14:04 - 2010-09-21 20:35 - 00001017 _____ C:\Users\Lisi\Desktop\Dropbox.lnk
2013-10-11 14:04 - 2010-09-21 20:34 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-11 13:58 - 2013-09-03 14:15 - 00027344 _____ C:\Windows\PFRO.log
2013-10-11 13:58 - 2012-11-02 15:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-10 21:45 - 2009-10-13 12:53 - 00000000 ____D C:\Users\Lisi\AppData\Local\Mozilla
2013-10-10 21:44 - 2009-10-13 12:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-10 21:34 - 2013-10-10 21:34 - 00020379 _____ C:\Users\Lisi\Downloads\gmer_okt.log
2013-10-10 21:11 - 2013-10-10 21:11 - 00377856 _____ C:\Users\Lisi\Downloads\gmer_2.1.19163.exe
2013-10-10 21:09 - 2013-10-10 21:09 - 01087213 _____ (Farbar) C:\Users\Lisi\Downloads\FRST.exe
2013-10-10 21:09 - 2013-10-10 21:08 - 00000470 _____ C:\Users\Lisi\Downloads\defogger_disable.log
2013-10-10 21:08 - 2013-10-10 21:08 - 00050477 _____ C:\Users\Lisi\Downloads\Defogger.exe
2013-10-10 21:08 - 2013-10-10 21:08 - 00000000 _____ C:\Users\Lisi\defogger_reenable
2013-10-10 21:08 - 2009-11-17 19:56 - 00000000 ____D C:\Users\Lisi
2013-10-10 18:50 - 2013-10-10 18:50 - 00001065 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-10 18:50 - 2010-10-04 10:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-10 17:22 - 2012-04-03 10:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-10 17:22 - 2011-06-22 07:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 20:29 - 2013-10-02 22:22 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\blaxxun interactive
2013-10-07 20:29 - 2009-10-08 14:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-07 20:29 - 2009-10-08 14:22 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\TuneUp Software
2013-10-07 19:08 - 2013-10-07 19:06 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-10-07 19:06 - 2013-10-07 19:06 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-07 19:05 - 2013-10-07 19:05 - 00002174 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-10-07 19:05 - 2013-10-07 19:04 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft
2013-10-07 19:05 - 2013-07-31 10:28 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-10-07 19:05 - 2013-07-31 10:28 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-10-07 19:04 - 2013-02-26 21:48 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DVDVideoSoft
2013-10-06 20:32 - 2013-09-24 18:44 - 00000000 ____D C:\Users\Lisi\Documents\Klett
2013-10-06 20:29 - 2013-09-24 18:17 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DUA
2013-10-06 20:29 - 2013-08-29 11:31 - 00000000 ____D C:\Users\Lisi\Documents\zeitbilder_2
2013-10-06 20:26 - 2013-10-06 20:19 - 64768699 _____ C:\Users\Lisi\Documents\mathm7sb_07111.zip
2013-10-06 20:25 - 2013-10-06 20:19 - 64675764 _____ C:\Users\Lisi\Documents\mathm6sb_07044.zip
2013-10-06 20:24 - 2013-10-06 20:20 - 59533004 _____ C:\Users\Lisi\Documents\mathm8sb_07112.zip
2013-10-06 20:24 - 2013-10-06 20:19 - 63764377 _____ C:\Users\Lisi\Documents\mathm5sb_07040.zip
2013-10-04 05:48 - 2011-12-12 18:58 - 00002358 _____ C:\Users\Lisi\Desktop\Google Chrome.lnk
2013-10-03 20:56 - 2010-01-06 20:30 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DivX
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\MSDOS.SYS
2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\IO.SYS
2013-10-02 22:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-02 17:47 - 2013-10-02 17:47 - 00968592 _____ (BitTorrent, Inc.) C:\Users\Lisi\Desktop\utorrent-3.0-latest.x64.exe
2013-09-25 20:19 - 2013-08-08 11:20 - 00000000 ____D C:\Program Files\JDownloader
2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Local\avgchrome
2013-09-24 18:09 - 2013-09-24 18:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-24 18:09 - 2013-09-24 18:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-24 18:09 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 18:08 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iPod
2013-09-24 18:08 - 2010-04-12 21:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-23 01:28 - 2013-10-11 18:42 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 01:28 - 2013-10-11 18:42 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 01:28 - 2013-10-11 18:42 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 01:27 - 2013-10-11 18:42 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 01:27 - 2013-10-11 18:42 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 01:27 - 2013-10-11 18:42 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 01:27 - 2013-10-11 18:42 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 01:27 - 2013-10-11 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 01:27 - 2013-10-11 18:42 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 01:27 - 2013-10-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 01:27 - 2013-10-11 18:42 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 01:27 - 2013-10-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 16:41 - 2009-11-17 20:22 - 00125336 _____ C:\Users\Lisi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-21 11:37 - 2010-11-15 17:23 - 00001583 _____ C:\Users\Lisi\Desktop\DivX Movies.lnk
2013-09-21 11:37 - 2010-06-12 15:13 - 00000000 ____D C:\ProgramData\DivX
2013-09-21 11:37 - 2010-01-06 19:42 - 00000000 ____D C:\Program Files\DivX
2013-09-21 11:36 - 2013-09-21 11:36 - 00001095 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2013-09-21 11:36 - 2013-09-21 11:36 - 00001080 _____ C:\Users\Public\Desktop\DivX Player.lnk
2013-09-21 11:36 - 2010-01-06 19:42 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-09-21 11:32 - 2012-11-24 13:29 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-21 11:30 - 2013-07-31 09:12 - 00000000 ____D C:\ProgramData\Avira
2013-09-21 11:24 - 2013-09-21 11:24 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-21 11:24 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-21 11:23 - 2013-09-21 11:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-21 11:23 - 2013-09-21 11:22 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-21 05:30 - 2013-10-11 18:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 04:39 - 2013-10-11 18:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll
2013-09-14 02:48 - 2013-10-11 14:12 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-12 21:07 - 2009-10-13 19:18 - 00000000 ____D C:\Users\Lisi\Documents\Schule
Some content of TEMP:
====================
C:\Users\Lisi\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Lisi\AppData\Local\Temp\DefaultTabSetup2.exe
C:\Users\Lisi\AppData\Local\Temp\DeltaTB.exe
C:\Users\Lisi\AppData\Local\Temp\fftF05A.tmp.exe
C:\Users\Lisi\AppData\Local\Temp\iet7936.tmp.exe
C:\Users\Lisi\AppData\Local\Temp\nsbC24A.exe
C:\Users\Lisi\AppData\Local\Temp\nsbCD45.exe
C:\Users\Lisi\AppData\Local\Temp\nsbF0FB.exe
C:\Users\Lisi\AppData\Local\Temp\nsl67BC.exe
C:\Users\Lisi\AppData\Local\Temp\nsl917D.exe
C:\Users\Lisi\AppData\Local\Temp\nsnC8DE.exe
C:\Users\Lisi\AppData\Local\Temp\nsvB5BC.exe
C:\Users\Lisi\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Lisi\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisi\AppData\Local\Temp\SPStub.exe
C:\Users\Lisi\AppData\Local\Temp\tbuTor.dll
C:\Users\Lisi\AppData\Local\Temp\uninst1.exe
C:\Users\Lisi\AppData\Local\Temp\utt3142.tmp.exe
C:\Users\Lisi\AppData\Local\Temp\Veoh383477.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-11 15:14
==================== End Of Log ============================
Danke noch einmal und liebe Grüße Lisi |
|
13.10.2013, 14:04
| #6 |
| /// the machine /// TB-Ausbilder | Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups Java updaten. Chrome deinstallieren, keine Daten behalten, neu installieren. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-03] ()
C:\Program Files\Tor
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ --> Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups |
|
13.10.2013, 18:58
| #7 |
| | Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups Hallo, danke wieder für die Hilfe. Chrome habe ich neu installiert und ein Java-update gemacht. Alles andere habe ich auch ausgeführt. Hier der Inhalt von fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Lisi at 2013-10-13 19:51:05 Run:1
Running from C:\Users\Lisi\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-03] ()
C:\Program Files\Tor
*****************
tor => Service deleted successfully.
C:\Program Files\Tor => Moved successfully.
The system needs a manual reboot.
==== End of Fixlog ====
|
|
14.10.2013, 11:06
| #8 |
| /// the machine /// TB-Ausbilder | Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.10.2013, 16:14
| #9 |
| | Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups Hallo, ich habe jetzt alles gemacht. Soweit, so gut. Es passt wieder alles. Danke vielmals für die Hilfe!  Noch eine schöne Woche. Liebe Grüße Lisi |
|
15.10.2013, 07:35
| #10 |
| /// the machine /// TB-Ausbilder | Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups |
| adblock, adobe, adware.widgitoolbar, backdoor.spynet.m, bifrose.trace, bonjour, browser, computer, desktop, farbar, farbar recovery scan tool, flash player, homepage, installation, ntdll.dll, pdfforge toolbar, photoshop, plug-in, plugin, programm, registry, scan, services.exe, software, svchost.exe, taskhost.exe, tracker, win32/adware.1clickdownload.aj, win32/speedingupmypc.b |
Linear-Darstellung
