GVU Ihr Computer wurde gesperrt 9 Infizierte Dateien

MVster · 01.12.2013, 00:02

Hallo ich war auf einer Seite und plötzlich kam "GVU Ihr Computer wurde gesperrt".
Habe nichts runtergeladen lediglich einen Videoclip angeschaut.
Da ich Firefox nicht schließen konnte habe es über den Task Manager gemacht und den Rechner neu gestartet.Probleme kamen nicht,und habe dann einen Scan gemacht mit Malwarebytes (Quick Scan) und da tauchten dann 9 Infizierte Dateien auf.Bei Avira hat er nichts gefunden (log.txt von Avira hab ich wenn ihr da einen blick drauf werfen wollt).Wollte nur auf Nummer sicher gehen deswegen habe ich mich hier angemeldet.
Habe bis jezt nichts unternommen nur die Scans.
Hoffe das ihr mir weiter helfen könnt.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.30.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Thomas :: THOMAS-PC [Administrator]

30.11.2013 23:27:04
MBAM-log-2013-11-30 (23-31-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203496
Laufzeit: 4 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B479C417FE0674FB&affID=119357&tsp=4947) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 1
C:\Users\Thomas\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 9
C:\Users\Thomas\AppData\Local\Temp\6FF5383A-BAB0-7891-B52C-F1E54412E37C\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\Local\Temp\6FF5383A-BAB0-7891-B52C-F1E54412E37C\Latest\ccp.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\Local\Temp\6FF5383A-BAB0-7891-B52C-F1E54412E37C\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\Local\Temp\6FF5383A-BAB0-7891-B52C-F1E54412E37C\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\Local\Temp\6FF5383A-BAB0-7891-B52C-F1E54412E37C\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\Local\Temp\is1070216317\DeltaTB.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\Local\Temp\is1070216317\rcpsetup_binstall2_binstall2.exe (PUP.Optional.RegCleanerPro) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\Local\Temp\is357113909\7546094_stp\DeltaTB.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Thomas\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.

(Ende)

schrauber · 01.12.2013, 09:15

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

MVster · 01.12.2013, 12:28

Hier die FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Thomas (administrator) on THOMAS-PC on 01-12-2013 12:19:02
Running from C:\Users\Thomas\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
MountPoints2: {7a530da2-f124-11e2-a839-705ab6d39342} - 1
MountPoints2: {7b2f75d4-f7a0-11e2-a362-705ab6d39342} - E:\raf-swkotor.exe
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B479C417FE0674FB&affID=119357&tsp=4947
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x44BB05842583CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B479C417FE0674FB&affID=119357&tsp=4947
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default
FF user.js: detected! => C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default\user.js
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Thomas\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-19] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-01 12:19 - 2013-12-01 12:20 - 00007000 _____ C:\Users\Thomas\Downloads\FRST.txt
2013-12-01 12:18 - 2013-12-01 12:18 - 00000000 ____D C:\FRST
2013-12-01 12:17 - 2013-12-01 12:17 - 01959184 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2013-12-01 02:09 - 2013-12-01 02:09 - 00021822 _____ C:\Users\Thomas\Downloads\AVSCAN-20131130-213404-2870234A.LOG
2013-11-30 22:52 - 2013-11-30 22:52 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-11-30 22:51 - 2013-11-30 22:51 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-30 22:51 - 2013-11-30 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-30 22:51 - 2013-11-30 22:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-30 22:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-18 23:32 - 2013-12-01 12:10 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-18 23:32 - 2013-12-01 01:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-18 23:32 - 2013-11-18 23:32 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-18 23:32 - 2013-11-18 23:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Users\Thomas\AppData\Local\Google
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-18 14:59 - 2013-11-18 14:59 - 00000000 ____D C:\ProgramData\McAfee
2013-11-16 00:03 - 2013-11-16 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 21:31 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-11-12 21:31 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-12 21:31 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-12 21:31 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-11-12 21:31 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-11-12 21:31 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-12 21:31 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-11-12 21:31 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2013-11-12 21:31 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-12 21:31 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-12 21:31 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-11-12 21:31 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-11-12 21:31 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-12 21:31 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-11-12 21:31 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-12 21:31 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-12 21:31 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-12 21:31 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-12 21:28 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 21:28 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 21:28 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 21:28 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 21:28 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 21:28 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 21:28 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 21:28 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-12 21:28 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-12 21:28 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-12 21:28 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 21:28 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 21:28 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 21:28 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 21:28 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 21:28 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 21:28 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 21:28 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 21:28 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2013-11-12 21:28 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 21:28 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 21:28 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 21:28 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 21:28 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 21:28 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 21:28 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 21:28 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-12 21:28 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 21:28 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 21:28 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 21:28 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 21:28 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 21:14 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-12 21:10 - 2013-11-12 21:10 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 21:08 - 2013-11-12 21:14 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-08 14:32 - 2013-11-08 14:32 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Brother
2013-11-07 14:29 - 2013-11-07 14:29 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 14:28 - 2013-11-07 14:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 14:28 - 2013-11-07 14:29 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 14:28 - 2013-11-07 14:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 14:28 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files\iPod
2013-11-05 19:02 - 2013-11-05 19:07 - 00000000 ____D C:\Users\Thomas\Mp3tag Ordner
2013-11-05 18:58 - 2013-11-05 19:07 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Mp3tag
2013-11-05 18:57 - 2013-11-05 18:57 - 00000983 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-11-05 18:57 - 2013-11-05 18:57 - 00000000 ____D C:\Program Files (x86)\Mp3tag

==================== One Month Modified Files and Folders =======

2013-12-01 12:20 - 2013-12-01 12:19 - 00007000 _____ C:\Users\Thomas\Downloads\FRST.txt
2013-12-01 12:19 - 2009-07-14 05:45 - 00014912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 12:19 - 2009-07-14 05:45 - 00014912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 12:18 - 2013-12-01 12:18 - 00000000 ____D C:\FRST
2013-12-01 12:17 - 2013-12-01 12:17 - 01959184 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2013-12-01 12:16 - 2013-07-17 20:08 - 02003615 _____ C:\Windows\WindowsUpdate.log
2013-12-01 12:10 - 2013-11-18 23:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 12:10 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 12:10 - 2009-07-14 05:51 - 00044483 _____ C:\Windows\setupact.log
2013-12-01 02:09 - 2013-12-01 02:09 - 00021822 _____ C:\Users\Thomas\Downloads\AVSCAN-20131130-213404-2870234A.LOG
2013-12-01 02:06 - 2013-07-17 22:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 01:37 - 2013-11-18 23:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-30 22:52 - 2013-11-30 22:52 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-11-30 22:51 - 2013-11-30 22:51 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-30 22:51 - 2013-11-30 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-30 22:51 - 2013-11-30 22:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-30 14:40 - 2013-07-17 20:13 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-30 14:39 - 2013-07-18 09:59 - 00000000 ___RD C:\Users\Thomas\Dropbox
2013-11-30 14:39 - 2013-07-18 09:57 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Dropbox
2013-11-30 13:18 - 2013-07-18 09:48 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-11-28 11:20 - 2013-07-18 10:02 - 01594892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-28 11:20 - 2009-07-14 18:58 - 00699666 _____ C:\Windows\system32\perfh007.dat
2013-11-28 11:20 - 2009-07-14 18:58 - 00149774 _____ C:\Windows\system32\perfc007.dat
2013-11-28 11:20 - 2009-07-14 06:13 - 01594892 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-28 09:27 - 2013-07-17 20:26 - 00209814 _____ C:\Windows\PFRO.log
2013-11-27 11:06 - 2013-07-17 20:57 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-26 18:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-25 15:10 - 2013-08-20 17:13 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc
2013-11-23 20:13 - 2013-07-17 11:48 - 00001841 _____ C:\Users\Thomas\Documents\Filmliste.txt
2013-11-19 13:50 - 2013-07-17 20:46 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-19 13:50 - 2013-07-17 20:44 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-19 13:50 - 2013-07-17 20:44 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-19 13:50 - 2013-07-17 20:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-18 23:32 - 2013-11-18 23:32 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-18 23:32 - 2013-11-18 23:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Users\Thomas\AppData\Local\Google
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-18 14:59 - 2013-11-18 14:59 - 00000000 ____D C:\ProgramData\McAfee
2013-11-18 14:59 - 2013-07-18 12:46 - 00000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2013-11-18 14:59 - 2013-07-17 22:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-18 14:59 - 2013-07-17 22:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-18 14:59 - 2013-07-17 22:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-16 22:33 - 2013-07-17 20:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 00:04 - 2013-11-16 00:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 21:31 - 2013-07-17 22:27 - 00000000 ____D C:\Windows\system32\MRT
2013-11-12 21:29 - 2013-07-17 21:05 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 21:20 - 2013-07-17 22:23 - 00001425 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 21:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-12 21:14 - 2013-11-12 21:08 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-12 21:10 - 2013-11-12 21:10 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-11 05:50 - 2013-07-19 10:07 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-08 14:32 - 2013-11-08 14:32 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Brother
2013-11-07 14:29 - 2013-11-07 14:29 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 14:29 - 2013-11-07 14:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 14:29 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 14:29 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 14:28 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files\iPod
2013-11-05 19:07 - 2013-11-05 19:02 - 00000000 ____D C:\Users\Thomas\Mp3tag Ordner
2013-11-05 19:07 - 2013-11-05 18:58 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Mp3tag
2013-11-05 19:03 - 2013-07-17 20:12 - 00000000 ____D C:\Users\Thomas
2013-11-05 18:57 - 2013-11-05 18:57 - 00000983 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-11-05 18:57 - 2013-11-05 18:57 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-11-01 16:42 - 2013-07-17 11:48 - 00007094 _____ C:\Users\Thomas\Documents\WWE PPV Liste.txt

Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\avgnt.exe
C:\Users\Thomas\AppData\Local\Temp\BackupSetup.exe
C:\Users\Thomas\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Thomas\AppData\Local\Temp\uninst1.exe
C:\Users\Thomas\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Thomas\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\Thomas\AppData\Local\Temp\vlc-2.1.1-win64.exe
C:\Users\Thomas\AppData\Local\Temp\_is7953.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-26 12:05

==================== End Of Log ============================

--- --- ---

--- --- ---

Und hier Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by Thomas at 2013-12-01 12:20:35
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Crystal Eye webcam (x32 Version: 1.0.1.4)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 14.0.1.749)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Network Adapter (Version: 5.60.18.8)
Broadcom Gigabit NetLink Controller (Version: 12.52.01)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
ComicRack v0.9.170 (Version: v0.9.170)
Dropbox (HKCU Version: 2.2.13)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU Version: 1.8.0.0)
Google Earth Plug-in (x32 Version: 7.1.2.2041)
Google Update Helper (x32 Version: 1.3.21.165)
iCloud (Version: 3.0.2.163)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.6.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.00.01.1002)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
JDownloader 0.9 (x32 Version: 0.9)
Launch Manager (x32 Version: 4.0.6)
LifeScan USB Device Driver vSL2.0 (Driver Removal) (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
Mp3tag v2.58 (x32 Version: v2.58)
NVIDIA Drivers (Version: 1.10)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
PDF-Viewer (Version: 2.5.211.0)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6015)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30113)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.6)
Unity Web Player (HKCU Version: )
VLC media player 2.1.1 (Version: 2.1.1)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

26-11-2013 09:55:52 Windows Update
27-11-2013 20:00:50 Windows Update
28-11-2013 10:18:19 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {4261DC0B-10F2-44A9-A55E-378A8E5BE0B5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {85FC1B47-C2D4-470F-B9B9-DADDD533FB81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: {D8A983DA-07FA-490E-BD14-FC6125BF6965} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-18] (Adobe Systems Incorporated)
Task: {FAA5C410-3652-457B-B83C-B524FF02FF53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-17 20:44 - 2013-06-20 13:48 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-17 20:16 - 2009-12-23 16:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2009-05-20 07:02 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-11-16 00:04 - 2013-11-16 00:04 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2013 10:13:46 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (11/30/2013 10:13:45 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{de46c08a-ef13-11e2-ae8d-806e6f6e6963} - 00000000000000FC,0x0053c010,00000000001FB3E0,0,00000000001F7CF0,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (11/20/2013 05:29:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 517049

Error: (11/20/2013 05:29:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 517049

Error: (11/20/2013 05:29:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2013 05:20:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3088

Error: (11/20/2013 05:20:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3088

Error: (11/20/2013 05:20:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2013 05:20:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059

Error: (11/20/2013 05:20:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2059


System errors:
=============
Error: (11/30/2013 10:13:55 PM) (Source: volsnap) (User: )
Description: Das Zeitlimit für den Lösch- und Speicherschreibvorgang für Volume "C:" wurde beim Warten auf eine Schreibvorgangfreigabe überschritten.

Error: (11/27/2013 08:21:51 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (11/23/2013 08:10:45 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/21/2013 07:51:29 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (11/01/2013 07:30:26 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/01/2013 07:30:26 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/01/2013 07:30:25 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/01/2013 07:30:25 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/01/2013 07:30:24 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/24/2013 07:13:53 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (11/30/2013 10:13:46 PM) (Source: VSS)(User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (11/30/2013 10:13:45 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{de46c08a-ef13-11e2-ae8d-806e6f6e6963} - 00000000000000FC,0x0053c010,00000000001FB3E0,0,00000000001F7CF0,4096,[0])

Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (11/20/2013 05:29:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 517049

Error: (11/20/2013 05:29:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 517049

Error: (11/20/2013 05:29:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2013 05:20:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3088

Error: (11/20/2013 05:20:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3088

Error: (11/20/2013 05:20:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2013 05:20:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059

Error: (11/20/2013 05:20:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2059


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3958.71 MB
Available physical RAM: 2611.2 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 6257.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:347.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 09C86794)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 02.12.2013, 10:18

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

MVster · 02.12.2013, 11:07

Hier die Combofix.txt
Einen Neustart von Windows gab es aber nicht,es kam nur die Musik von Windows als ob es hochgefahren wurde.
p.s Windows Defender hatte ich vergessen zu Deaktivieren.Hoffe es hat keine auswirkung auf das auslesen der Combofix.txt.

Code:

ATTFilter

ComboFix 13-12-01.01 - Thomas 02.12.2013  10:45:25.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2786 [GMT 1:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-02 bis 2013-12-02  ))))))))))))))))))))))))))))))
.
.
2013-12-02 09:53 . 2013-12-02 09:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-02 09:49 . 2013-12-02 09:49	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{552687BC-24D6-45F3-ADAB-40C301BD23C3}\offreg.dll
2013-12-01 11:18 . 2013-12-01 11:18	--------	d-----w-	C:\FRST
2013-11-30 21:52 . 2013-11-30 21:52	--------	d-----w-	c:\users\Thomas\AppData\Roaming\Malwarebytes
2013-11-30 21:51 . 2013-11-30 21:51	--------	d-----w-	c:\programdata\Malwarebytes
2013-11-29 09:52 . 2013-11-08 03:12	10285968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{552687BC-24D6-45F3-ADAB-40C301BD23C3}\mpengine.dll
2013-11-27 20:04 . 2013-11-27 20:04	--------	d-----w-	c:\windows\Migration
2013-11-18 22:32 . 2013-11-18 22:32	--------	d-----w-	c:\program files (x86)\Google
2013-11-18 22:32 . 2013-11-18 22:32	--------	d-----w-	c:\users\Thomas\AppData\Local\Google
2013-11-18 13:59 . 2013-11-18 13:59	--------	d-----w-	c:\programdata\McAfee
2013-11-12 20:28 . 2013-09-25 02:23	1030144	----a-w-	c:\windows\system32\TSWorkspace.dll
2013-11-12 20:14 . 2013-10-14 17:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2013-11-08 13:32 . 2013-11-08 13:32	--------	d-----r-	c:\users\Thomas\AppData\Roaming\Brother
2013-11-07 13:28 . 2013-11-07 13:29	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 13:28 . 2013-11-07 13:29	--------	d-----w-	c:\program files\iTunes
2013-11-07 13:28 . 2013-11-07 13:29	--------	d-----w-	c:\program files (x86)\iTunes
2013-11-07 13:28 . 2013-11-07 13:28	--------	d-----w-	c:\program files\iPod
2013-11-05 18:02 . 2013-11-05 18:07	--------	d-----w-	c:\users\Thomas\Mp3tag Ordner
2013-11-05 17:58 . 2013-11-05 18:07	--------	d-----w-	c:\users\Thomas\AppData\Roaming\Mp3tag
2013-11-05 17:57 . 2013-11-05 17:57	--------	d-----w-	c:\program files (x86)\Mp3tag
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 12:50 . 2013-07-17 19:46	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-11-19 12:50 . 2013-07-17 19:44	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-11-19 12:50 . 2013-07-17 19:44	132600	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-11-19 12:50 . 2013-07-17 19:44	106904	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-11-18 13:59 . 2013-07-17 21:50	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-12 20:29 . 2013-07-17 20:05	82896128	----a-w-	c:\windows\system32\MRT.exe
2013-11-11 04:50 . 2013-07-19 09:07	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-10-23 13:09 . 2013-10-23 13:10	312744	----a-w-	c:\windows\system32\javaws.exe
2013-10-23 13:09 . 2013-10-23 13:10	189352	----a-w-	c:\windows\system32\javaw.exe
2013-10-23 13:09 . 2013-10-23 13:10	189352	----a-w-	c:\windows\system32\java.exe
2013-10-23 13:09 . 2013-10-23 13:10	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-10 01:08 . 2013-10-08 17:06	17750408	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-11 20:21 . 2013-09-11 20:21	863344	----a-w-	c:\windows\SysWow64\msvcr110_clr0400.dll
2013-09-11 20:21 . 2013-09-11 20:21	501872	----a-w-	c:\windows\SysWow64\msvcp110_clr0400.dll
2013-09-11 20:21 . 2013-09-11 20:21	28776	----a-w-	c:\windows\SysWow64\aspnet_counters.dll
2013-09-11 20:21 . 2013-09-11 20:21	18000	----a-w-	c:\windows\SysWow64\msvcr100_clr0400.dll
2013-09-11 18:39 . 2013-09-11 18:39	855664	----a-w-	c:\windows\system32\msvcr110_clr0400.dll
2013-09-11 18:39 . 2013-09-11 18:39	614000	----a-w-	c:\windows\system32\msvcp110_clr0400.dll
2013-09-11 18:39 . 2013-09-11 18:39	30312	----a-w-	c:\windows\system32\aspnet_counters.dll
2013-09-11 18:39 . 2013-09-11 18:39	18000	----a-w-	c:\windows\system32\msvcr100_clr0400.dll
2013-09-08 02:30 . 2013-10-09 12:00	1903552	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 12:00	327168	----a-w-	c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 12:00	231424	----a-w-	c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 12:00	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 12:00	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 12:00	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 12:00	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 12:00	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 12:00	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 12:00	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50	130736	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50	130736	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50	130736	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-19 683576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17 13:59]
.
2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18 22:32]
.
2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-18 22:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50	164016	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50	164016	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50	164016	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-07-03 00:50	164016	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-25 17398376]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B479C417FE0674FB&affID=119357&tsp=4947
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - b4797c75000000000000c417fe0674fb
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15904
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.510:48
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=4947
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-LFSVCOMM&10C4&85A7 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\LFSVCOMM&10C4&85A7
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-02  10:56:16
ComboFix-quarantined-files.txt  2013-12-02 09:56
.
Vor Suchlauf: 8 Verzeichnis(se), 380.142.845.952 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 381.103.579.136 Bytes frei
.
- - End Of File - - D16B0687DC395D79FC0DF21D22494D66

schrauber · 02.12.2013, 11:55

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

MVster · 02.12.2013, 13:25

Malwarebytes Logfile

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Thomas :: THOMAS-PC [Administrator]

Schutz: Aktiviert

02.12.2013 12:33:21
mbam-log-2013-12-02 (12-33-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207705
Laufzeit: 4 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B479C417FE0674FB&affID=119357&tsp=4947) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Thomas\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 1
C:\Users\Thomas\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

AdwCleaner Logfile

Code:

ATTFilter

# AdwCleaner v3.014 - Bericht erstellt am 02/12/2013 um 13:03:03
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Thomas - THOMAS-PC
# Gestartet von : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default\FoxTab
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default\invalidprefs.js
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\92d9d0b36feb44
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\systweak

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "b4797c75000000000000c417fe0674fb");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15904");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.510:48:01");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4947");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[R0].txt - [3678 octets] - [02/12/2013 12:44:43]
AdwCleaner[S0].txt - [3483 octets] - [02/12/2013 13:03:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3543 octets] ##########

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Thomas on 02.12.2013 at 13:12:27,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1028377715-1965432523-1561024403-1000\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\0wec7bzq.default\minidumps [107 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2013 at 13:17:11,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

frisches FRST log

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Thomas (administrator) on THOMAS-PC on 02-12-2013 13:22:25
Running from C:\Users\Thomas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x44BB05842583CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Thomas\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-19] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 13:22 - 2013-12-02 13:22 - 00006924 _____ C:\Users\Thomas\Desktop\FRST.txt
2013-12-02 13:17 - 2013-12-02 13:17 - 00000950 _____ C:\Users\Thomas\Desktop\JRT.txt
2013-12-02 13:12 - 2013-12-02 13:12 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 13:10 - 2013-12-02 13:10 - 01034531 _____ (Thisisu) C:\Users\Thomas\Desktop\JRT.exe
2013-12-02 12:44 - 2013-12-02 13:03 - 00000000 ____D C:\AdwCleaner
2013-12-02 12:42 - 2013-12-02 12:42 - 01110034 _____ C:\Users\Thomas\Desktop\adwcleaner.exe
2013-12-02 12:31 - 2013-12-02 12:31 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-02 12:31 - 2013-12-02 12:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-02 12:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-02 10:56 - 2013-12-02 10:56 - 00014376 _____ C:\ComboFix.txt
2013-12-02 10:42 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 10:42 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 10:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 10:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 10:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 10:42 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 10:42 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 10:42 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 10:41 - 2013-12-02 10:56 - 00000000 ____D C:\Qoobox
2013-12-02 10:41 - 2013-12-02 10:55 - 00000000 ____D C:\Windows\erdnt
2013-12-02 10:38 - 2013-12-02 10:38 - 05151572 ____R (Swearware) C:\Users\Thomas\Desktop\ComboFix.exe
2013-12-01 12:20 - 2013-12-01 12:21 - 00013005 _____ C:\Users\Thomas\Downloads\Addition.txt
2013-12-01 12:19 - 2013-12-01 12:21 - 00046877 _____ C:\Users\Thomas\Downloads\FRST.txt
2013-12-01 12:18 - 2013-12-01 12:18 - 00000000 ____D C:\FRST
2013-12-01 12:17 - 2013-12-01 12:17 - 01959184 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2013-12-01 02:09 - 2013-12-01 02:09 - 00021822 _____ C:\Users\Thomas\Downloads\AVSCAN-20131130-213404-2870234A.LOG
2013-11-30 22:52 - 2013-11-30 22:52 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-11-30 22:51 - 2013-11-30 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 23:32 - 2013-12-02 13:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-18 23:32 - 2013-12-02 12:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-18 23:32 - 2013-11-18 23:32 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-18 23:32 - 2013-11-18 23:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Users\Thomas\AppData\Local\Google
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-18 14:59 - 2013-11-18 14:59 - 00000000 ____D C:\ProgramData\McAfee
2013-11-16 00:03 - 2013-11-16 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 21:31 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-11-12 21:31 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-12 21:31 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-12 21:31 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-11-12 21:31 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-11-12 21:31 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-12 21:31 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-11-12 21:31 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2013-11-12 21:31 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-12 21:31 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-12 21:31 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-11-12 21:31 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-11-12 21:31 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-12 21:31 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-11-12 21:31 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-12 21:31 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-12 21:31 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-12 21:31 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-12 21:28 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 21:28 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 21:28 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 21:28 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 21:28 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 21:28 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 21:28 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 21:28 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-12 21:28 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-12 21:28 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-12 21:28 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 21:28 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 21:28 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 21:28 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 21:28 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 21:28 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 21:28 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 21:28 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 21:28 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2013-11-12 21:28 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 21:28 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 21:28 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 21:28 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 21:28 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 21:28 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 21:28 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 21:28 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-12 21:28 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 21:28 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 21:28 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 21:28 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 21:28 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 21:14 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-12 21:10 - 2013-11-12 21:10 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 21:08 - 2013-11-12 21:14 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-08 14:32 - 2013-11-08 14:32 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Brother
2013-11-07 14:29 - 2013-11-07 14:29 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 14:28 - 2013-11-07 14:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 14:28 - 2013-11-07 14:29 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 14:28 - 2013-11-07 14:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 14:28 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files\iPod
2013-11-05 19:02 - 2013-11-05 19:07 - 00000000 ____D C:\Users\Thomas\Mp3tag Ordner
2013-11-05 18:58 - 2013-11-05 19:07 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Mp3tag
2013-11-05 18:57 - 2013-11-05 18:57 - 00000983 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-11-05 18:57 - 2013-11-05 18:57 - 00000000 ____D C:\Program Files (x86)\Mp3tag

==================== One Month Modified Files and Folders =======

2013-12-02 13:23 - 2013-12-02 13:22 - 00006924 _____ C:\Users\Thomas\Desktop\FRST.txt
2013-12-02 13:17 - 2013-12-02 13:17 - 00000950 _____ C:\Users\Thomas\Desktop\JRT.txt
2013-12-02 13:13 - 2009-07-14 05:45 - 00014912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 13:13 - 2009-07-14 05:45 - 00014912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 13:12 - 2013-12-02 13:12 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 13:10 - 2013-12-02 13:10 - 01034531 _____ (Thisisu) C:\Users\Thomas\Desktop\JRT.exe
2013-12-02 13:06 - 2013-07-17 22:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-02 13:04 - 2013-11-18 23:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 13:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 13:04 - 2009-07-14 05:51 - 00044763 _____ C:\Windows\setupact.log
2013-12-02 13:03 - 2013-12-02 12:44 - 00000000 ____D C:\AdwCleaner
2013-12-02 13:03 - 2013-07-17 20:08 - 02043205 _____ C:\Windows\WindowsUpdate.log
2013-12-02 12:42 - 2013-12-02 12:42 - 01110034 _____ C:\Users\Thomas\Desktop\adwcleaner.exe
2013-12-02 12:37 - 2013-11-18 23:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 12:31 - 2013-12-02 12:31 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-02 12:31 - 2013-12-02 12:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-02 10:59 - 2013-07-17 20:26 - 00210366 _____ C:\Windows\PFRO.log
2013-12-02 10:56 - 2013-12-02 10:56 - 00014376 _____ C:\ComboFix.txt
2013-12-02 10:56 - 2013-12-02 10:41 - 00000000 ____D C:\Qoobox
2013-12-02 10:55 - 2013-12-02 10:41 - 00000000 ____D C:\Windows\erdnt
2013-12-02 10:53 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-02 10:38 - 2013-12-02 10:38 - 05151572 ____R (Swearware) C:\Users\Thomas\Desktop\ComboFix.exe
2013-12-01 14:36 - 2013-07-17 11:48 - 00001835 _____ C:\Users\Thomas\Documents\Filmliste.txt
2013-12-01 12:21 - 2013-12-01 12:20 - 00013005 _____ C:\Users\Thomas\Downloads\Addition.txt
2013-12-01 12:21 - 2013-12-01 12:19 - 00046877 _____ C:\Users\Thomas\Downloads\FRST.txt
2013-12-01 12:18 - 2013-12-01 12:18 - 00000000 ____D C:\FRST
2013-12-01 12:17 - 2013-12-01 12:17 - 01959184 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2013-12-01 02:09 - 2013-12-01 02:09 - 00021822 _____ C:\Users\Thomas\Downloads\AVSCAN-20131130-213404-2870234A.LOG
2013-11-30 22:52 - 2013-11-30 22:52 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-11-30 22:51 - 2013-11-30 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-30 14:40 - 2013-07-17 20:13 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-30 14:39 - 2013-07-18 09:59 - 00000000 ___RD C:\Users\Thomas\Dropbox
2013-11-30 14:39 - 2013-07-18 09:57 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Dropbox
2013-11-30 13:18 - 2013-07-18 09:48 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-11-28 11:20 - 2013-07-18 10:02 - 01594892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-28 11:20 - 2009-07-14 18:58 - 00699666 _____ C:\Windows\system32\perfh007.dat
2013-11-28 11:20 - 2009-07-14 18:58 - 00149774 _____ C:\Windows\system32\perfc007.dat
2013-11-28 11:20 - 2009-07-14 06:13 - 01594892 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-26 18:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-25 15:10 - 2013-08-20 17:13 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc
2013-11-19 13:50 - 2013-07-17 20:46 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-19 13:50 - 2013-07-17 20:44 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-19 13:50 - 2013-07-17 20:44 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-19 13:50 - 2013-07-17 20:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-18 23:32 - 2013-11-18 23:32 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-18 23:32 - 2013-11-18 23:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Users\Thomas\AppData\Local\Google
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-18 14:59 - 2013-11-18 14:59 - 00000000 ____D C:\ProgramData\McAfee
2013-11-18 14:59 - 2013-07-18 12:46 - 00000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2013-11-18 14:59 - 2013-07-17 22:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-18 14:59 - 2013-07-17 22:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-16 22:33 - 2013-07-17 20:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 00:04 - 2013-11-16 00:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 21:31 - 2013-07-17 22:27 - 00000000 ____D C:\Windows\system32\MRT
2013-11-12 21:29 - 2013-07-17 21:05 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 21:20 - 2013-07-17 22:23 - 00001425 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 21:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-12 21:14 - 2013-11-12 21:08 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-12 21:10 - 2013-11-12 21:10 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-11 05:50 - 2013-07-19 10:07 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-08 14:32 - 2013-11-08 14:32 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Brother
2013-11-07 14:29 - 2013-11-07 14:29 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 14:29 - 2013-11-07 14:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 14:29 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 14:29 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 14:28 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files\iPod
2013-11-05 19:07 - 2013-11-05 19:02 - 00000000 ____D C:\Users\Thomas\Mp3tag Ordner
2013-11-05 19:07 - 2013-11-05 18:58 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Mp3tag
2013-11-05 19:03 - 2013-07-17 20:12 - 00000000 ____D C:\Users\Thomas
2013-11-05 18:57 - 2013-11-05 18:57 - 00000983 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-11-05 18:57 - 2013-11-05 18:57 - 00000000 ____D C:\Program Files (x86)\Mp3tag

Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\avgnt.exe
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-26 12:05

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 03.12.2013, 09:41

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

MVster · 03.12.2013, 16:48

ESET Online Scanner logfile

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=65bbf2b3b226184093d026f9dfc0ae60
# engine=16114
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-03 02:30:44
# local_time=2013-12-03 03:30:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 14270 251504334 10294 0
# compatibility_mode=5893 16776573 100 94 92133 137710894 0 0
# scanned=149428
# found=0
# cleaned=0
# scan_time=11775

SecurityCheck checkup

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 11.9.900.152  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

frisches FRST log

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013
Ran by Thomas (administrator) on THOMAS-PC on 03-12-2013 16:08:57
Running from C:\Users\Thomas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x44BB05842583CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Thomas\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\0wec7bzq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-19] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 16:07 - 2013-12-03 16:07 - 01959434 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2013-12-03 15:58 - 2013-12-03 15:58 - 00891184 _____ C:\Users\Thomas\Desktop\SecurityCheck.exe
2013-12-02 13:22 - 2013-12-03 16:08 - 00007073 _____ C:\Users\Thomas\Desktop\FRST.txt
2013-12-02 13:17 - 2013-12-02 13:17 - 00000950 _____ C:\Users\Thomas\Desktop\JRT.txt
2013-12-02 13:12 - 2013-12-02 13:12 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 13:10 - 2013-12-02 13:10 - 01034531 _____ (Thisisu) C:\Users\Thomas\Desktop\JRT.exe
2013-12-02 12:44 - 2013-12-02 13:03 - 00000000 ____D C:\AdwCleaner
2013-12-02 12:42 - 2013-12-02 12:42 - 01110034 _____ C:\Users\Thomas\Desktop\adwcleaner.exe
2013-12-02 12:31 - 2013-12-02 12:31 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-02 12:31 - 2013-12-02 12:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-02 12:31 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-02 10:56 - 2013-12-02 10:56 - 00014376 _____ C:\ComboFix.txt
2013-12-02 10:42 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 10:42 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 10:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 10:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 10:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 10:42 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 10:42 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 10:42 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 10:41 - 2013-12-02 10:56 - 00000000 ____D C:\Qoobox
2013-12-02 10:41 - 2013-12-02 10:55 - 00000000 ____D C:\Windows\erdnt
2013-12-02 10:38 - 2013-12-02 10:38 - 05151572 ____R (Swearware) C:\Users\Thomas\Desktop\ComboFix.exe
2013-12-01 12:18 - 2013-12-01 12:18 - 00000000 ____D C:\FRST
2013-11-30 22:52 - 2013-11-30 22:52 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-11-30 22:51 - 2013-11-30 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 23:32 - 2013-12-03 15:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-18 23:32 - 2013-12-03 11:33 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-18 23:32 - 2013-11-18 23:32 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-18 23:32 - 2013-11-18 23:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Users\Thomas\AppData\Local\Google
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-18 14:59 - 2013-11-18 14:59 - 00000000 ____D C:\ProgramData\McAfee
2013-11-16 00:03 - 2013-11-16 00:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 21:31 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-11-12 21:31 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-12 21:31 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-12 21:31 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-11-12 21:31 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-11-12 21:31 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-12 21:31 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-11-12 21:31 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2013-11-12 21:31 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-12 21:31 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-12 21:31 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-11-12 21:31 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-11-12 21:31 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-12 21:31 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-11-12 21:31 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-12 21:31 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-12 21:31 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-12 21:31 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-12 21:28 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 21:28 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 21:28 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 21:28 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 21:28 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 21:28 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 21:28 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 21:28 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-12 21:28 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-12 21:28 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-12 21:28 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 21:28 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 21:28 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 21:28 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 21:28 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 21:28 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 21:28 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 21:28 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 21:28 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2013-11-12 21:28 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 21:28 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 21:28 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 21:28 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 21:28 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 21:28 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 21:28 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 21:28 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-12 21:28 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 21:28 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 21:28 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 21:28 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 21:28 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 21:14 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-12 21:10 - 2013-11-12 21:10 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 21:08 - 2013-11-12 21:14 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-08 14:32 - 2013-11-08 14:32 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Brother
2013-11-07 14:29 - 2013-11-07 14:29 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 14:28 - 2013-11-07 14:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 14:28 - 2013-11-07 14:29 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 14:28 - 2013-11-07 14:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 14:28 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files\iPod
2013-11-05 19:02 - 2013-11-05 19:07 - 00000000 ____D C:\Users\Thomas\Mp3tag Ordner
2013-11-05 18:58 - 2013-11-05 19:07 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Mp3tag
2013-11-05 18:57 - 2013-11-05 18:57 - 00000983 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-11-05 18:57 - 2013-11-05 18:57 - 00000000 ____D C:\Program Files (x86)\Mp3tag

==================== One Month Modified Files and Folders =======

2013-12-03 16:09 - 2013-12-02 13:22 - 00007073 _____ C:\Users\Thomas\Desktop\FRST.txt
2013-12-03 16:07 - 2013-12-03 16:07 - 01959434 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2013-12-03 16:06 - 2013-07-17 22:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 15:58 - 2013-12-03 15:58 - 00891184 _____ C:\Users\Thomas\Desktop\SecurityCheck.exe
2013-12-03 15:37 - 2013-11-18 23:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 14:01 - 2013-07-17 20:08 - 02069706 _____ C:\Windows\WindowsUpdate.log
2013-12-03 12:10 - 2013-07-18 09:59 - 00000000 ___RD C:\Users\Thomas\Dropbox
2013-12-03 12:10 - 2013-07-18 09:57 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Dropbox
2013-12-03 12:10 - 2013-07-17 20:13 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-03 11:41 - 2009-07-14 05:45 - 00014912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 11:41 - 2009-07-14 05:45 - 00014912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 11:38 - 2013-07-17 20:44 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-03 11:33 - 2013-11-18 23:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 11:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 11:33 - 2009-07-14 05:51 - 00044931 _____ C:\Windows\setupact.log
2013-12-02 13:17 - 2013-12-02 13:17 - 00000950 _____ C:\Users\Thomas\Desktop\JRT.txt
2013-12-02 13:12 - 2013-12-02 13:12 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 13:10 - 2013-12-02 13:10 - 01034531 _____ (Thisisu) C:\Users\Thomas\Desktop\JRT.exe
2013-12-02 13:03 - 2013-12-02 12:44 - 00000000 ____D C:\AdwCleaner
2013-12-02 12:42 - 2013-12-02 12:42 - 01110034 _____ C:\Users\Thomas\Desktop\adwcleaner.exe
2013-12-02 12:31 - 2013-12-02 12:31 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-02 12:31 - 2013-12-02 12:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-02 10:59 - 2013-07-17 20:26 - 00210366 _____ C:\Windows\PFRO.log
2013-12-02 10:56 - 2013-12-02 10:56 - 00014376 _____ C:\ComboFix.txt
2013-12-02 10:56 - 2013-12-02 10:41 - 00000000 ____D C:\Qoobox
2013-12-02 10:55 - 2013-12-02 10:41 - 00000000 ____D C:\Windows\erdnt
2013-12-02 10:53 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-02 10:38 - 2013-12-02 10:38 - 05151572 ____R (Swearware) C:\Users\Thomas\Desktop\ComboFix.exe
2013-12-01 14:36 - 2013-07-17 11:48 - 00001835 _____ C:\Users\Thomas\Documents\Filmliste.txt
2013-12-01 12:18 - 2013-12-01 12:18 - 00000000 ____D C:\FRST
2013-11-30 22:52 - 2013-11-30 22:52 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Malwarebytes
2013-11-30 22:51 - 2013-11-30 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-30 13:18 - 2013-07-18 09:48 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-11-28 11:20 - 2013-07-18 10:02 - 01594892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-28 11:20 - 2009-07-14 18:58 - 00699666 _____ C:\Windows\system32\perfh007.dat
2013-11-28 11:20 - 2009-07-14 18:58 - 00149774 _____ C:\Windows\system32\perfc007.dat
2013-11-28 11:20 - 2009-07-14 06:13 - 01594892 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-26 18:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-25 15:10 - 2013-08-20 17:13 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc
2013-11-19 13:50 - 2013-07-17 20:46 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-19 13:50 - 2013-07-17 20:44 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-19 13:50 - 2013-07-17 20:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-18 23:32 - 2013-11-18 23:32 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-18 23:32 - 2013-11-18 23:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Users\Thomas\AppData\Local\Google
2013-11-18 23:32 - 2013-11-18 23:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-18 14:59 - 2013-11-18 14:59 - 00000000 ____D C:\ProgramData\McAfee
2013-11-18 14:59 - 2013-07-18 12:46 - 00000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2013-11-18 14:59 - 2013-07-17 22:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-18 14:59 - 2013-07-17 22:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-16 22:33 - 2013-07-17 20:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 00:04 - 2013-11-16 00:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 21:31 - 2013-07-17 22:27 - 00000000 ____D C:\Windows\system32\MRT
2013-11-12 21:29 - 2013-07-17 21:05 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 21:20 - 2013-07-17 22:23 - 00001425 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 21:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-12 21:14 - 2013-11-12 21:08 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-12 21:10 - 2013-11-12 21:10 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 21:10 - 2013-11-12 21:10 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 21:10 - 2013-11-12 21:10 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 21:10 - 2013-11-12 21:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 21:10 - 2013-11-12 21:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 21:10 - 2013-11-12 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 21:10 - 2013-11-12 21:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 21:10 - 2013-11-12 21:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-11 05:50 - 2013-07-19 10:07 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-08 14:32 - 2013-11-08 14:32 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Brother
2013-11-07 14:29 - 2013-11-07 14:29 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 14:29 - 2013-11-07 14:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 14:29 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 14:29 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 14:28 - 2013-11-07 14:28 - 00000000 ____D C:\Program Files\iPod
2013-11-05 19:07 - 2013-11-05 19:02 - 00000000 ____D C:\Users\Thomas\Mp3tag Ordner
2013-11-05 19:07 - 2013-11-05 18:58 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Mp3tag
2013-11-05 19:03 - 2013-07-17 20:12 - 00000000 ____D C:\Users\Thomas
2013-11-05 18:57 - 2013-11-05 18:57 - 00000983 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2013-11-05 18:57 - 2013-11-05 18:57 - 00000000 ____D C:\Program Files (x86)\Mp3tag

Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\avgnt.exe
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-26 12:05

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Ist jezt wieder alles in ordnung mit meinen Rechner?
Und wenn ja kann ich alle Programme die ich downloaden sollte wieder Deinstallieren bz. löschen.
Und die lezte Frage.Was hatte ich auf meinen Rechner?

gruß MVster

schrauber · 04.12.2013, 10:52

Na den GVU Trojaner wie Du selbst schon eingangs bemerkt hast, plus Adware

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

MVster · 04.12.2013, 13:35

Dankeschön für deine schnelle hilfe.

Was hätte ich nur ohne dich gemacht

Habe momentan keine Probleme oder fragen an dich.
Abo kannste löschen.

schrauber · 05.12.2013, 08:46

Gern Geschehen

05.12.2013, 08:46	#12
schrauber /// the machine /// TB-Ausbilder	GVU Ihr Computer wurde gesperrt 9 Infizierte Dateien Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

GVU Ihr Computer wurde gesperrt 9 Infizierte Dateien

Log-Analyse und Auswertung: GVU Ihr Computer wurde gesperrt 9 Infizierte Dateien