| |
| |||||||
Log-Analyse und Auswertung: Windows 7: svchost.exe Fund: ADWARE/bprotektor.EWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.12.2013, 10:51
| #1 |
| |  Windows 7: svchost.exe Fund: ADWARE/bprotektor.E Hallo miteinander, habe scheinbar seit gestern einen Virus auf dem Rechner. Avira Antivir piept und bringt mir dann ein Popup, dass ca. zehn Dateien infiziert sind. Es steht immer dieses "svchost.exe" und "ADWARE/bprotektor.E" dabei. Wenn ich die Dateien in Quarntäne verschiebe, bekomme ich einen Bluescreen. Da genau diese Meldung auch bei anderen kommt/kam, habe ich Combofix durchlaufen lassen, bevor ich gründlich gelesen habe...  Hier mal die Logfile von C:\Combofix Code:
ATTFilter ComboFix 13-12-01.01 - CZeller 03.12.2013 10:07:06.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8183.6341 [GMT 1:00]
ausgeführt von:: c:\users\CZeller\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-03 bis 2013-12-03 ))))))))))))))))))))))))))))))
.
.
2013-12-03 09:11 . 2013-12-03 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-26 08:03 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-26 08:01 . 2013-11-26 08:01 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 08:01 . 2013-11-26 08:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-14 22:17 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-09 16:38 . 2013-11-10 11:58 -------- d-----w- c:\users\CZeller\AppData\Roaming\Skype
2013-11-09 16:37 . 2013-11-09 16:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-11-09 16:37 . 2013-11-09 16:37 -------- d-----r- c:\program files (x86)\Skype
2013-11-09 16:37 . 2013-11-09 16:37 -------- d-----w- c:\programdata\Skype
2013-11-04 16:19 . 2013-11-04 16:19 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-04 16:19 . 2013-11-04 16:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-03 09:04 . 2013-09-25 10:58 107416 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-11-14 22:47 . 2013-09-25 09:32 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-14 10:03 . 2013-09-25 10:58 132600 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-11-10 11:14 . 2013-10-05 23:13 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-11-10 10:32 . 2013-10-05 23:13 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-30 14:49 . 2013-10-05 23:13 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-01 12:50 . 2013-09-25 11:00 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-10-01 12:50 . 2013-09-25 10:58 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-09-28 10:30 . 2013-09-28 10:30 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-09-28 10:30 . 2013-09-28 10:30 973736 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-28 10:30 . 2013-09-28 10:30 312744 ----a-w- c:\windows\system32\javaws.exe
2013-09-28 10:30 . 2013-09-28 10:30 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-28 10:30 . 2013-09-28 10:30 189352 ----a-w- c:\windows\system32\javaw.exe
2013-09-28 10:30 . 2013-09-28 10:30 189352 ----a-w- c:\windows\system32\java.exe
2013-09-25 09:54 . 2013-09-25 09:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-25 09:12 . 2013-09-25 09:12 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-09-25 09:12 . 2013-09-25 09:12 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-09-25 09:12 . 2013-09-25 09:12 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-25 09:12 . 2013-09-25 09:12 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-25 09:12 . 2013-09-25 09:12 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-09-25 09:12 . 2013-09-25 09:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-09-25 09:12 . 2013-09-25 09:12 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-09-25 09:12 . 2013-09-25 09:12 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-09-25 09:12 . 2013-09-25 09:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-09-25 09:12 . 2013-09-25 09:12 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-09-25 09:12 . 2013-09-25 09:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-09-25 09:12 . 2013-09-25 09:12 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-09-25 09:12 . 2013-09-25 09:12 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-09-25 09:12 . 2013-09-25 09:12 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-09-25 09:12 . 2013-09-25 09:12 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-09-25 09:12 . 2013-09-25 09:12 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-25 09:12 . 2013-09-25 09:12 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-09-25 09:12 . 2013-09-25 09:12 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-09-25 09:12 . 2013-09-25 09:12 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-09-25 09:12 . 2013-09-25 09:12 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-09-25 09:12 . 2013-09-25 09:12 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-09-25 09:12 . 2013-09-25 09:12 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-09-25 09:12 . 2013-09-25 09:12 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-09-25 09:12 . 2013-09-25 09:12 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-09-25 09:12 . 2013-09-25 09:12 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-09-25 09:12 . 2013-09-25 09:12 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-09-25 09:12 . 2013-09-25 09:12 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-09-25 09:12 . 2013-09-25 09:12 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-09-25 09:12 . 2013-09-25 09:12 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-09-25 09:12 . 2013-09-25 09:12 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-25 09:12 . 2013-09-25 09:12 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-15 22:50 . 2013-09-25 09:08 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B11BF9FA-6F06-4169-A042-6D44BDC1A20A}\mpengine.dll
2013-09-12 08:58 . 2013-09-28 10:36 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-09-12 08:58 . 2013-09-28 10:36 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-09-12 08:58 . 2013-09-28 10:36 9281032 ----a-w- c:\windows\system32\nvcuda.dll
2013-09-12 08:58 . 2013-09-28 10:36 7720576 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-09-12 08:58 . 2013-09-28 10:36 7648000 ----a-w- c:\windows\system32\nvopencl.dll
2013-09-12 08:58 . 2013-09-28 10:36 681760 ----a-w- c:\windows\system32\NvFBC64.dll
2013-09-12 08:58 . 2013-09-28 10:36 6329552 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-09-12 08:58 . 2013-09-28 10:36 603424 ----a-w- c:\windows\system32\NvIFR64.dll
2013-09-12 08:58 . 2013-09-28 10:36 586016 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-09-12 08:58 . 2013-09-28 10:36 515360 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-09-12 08:58 . 2013-09-28 10:36 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 08:58 . 2013-09-28 10:36 2970400 ----a-w- c:\windows\system32\nvcuvid.dll
2013-09-12 08:58 . 2013-09-28 10:36 29337376 ----a-w- c:\windows\system32\nvoglv64.dll
2013-09-12 08:58 . 2013-09-28 10:36 2789152 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-09-12 08:58 . 2013-09-28 10:36 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-12 08:58 . 2013-09-28 10:36 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-09-12 08:58 . 2013-09-28 10:36 2367264 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-09-12 08:58 . 2013-09-28 10:36 22102304 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-09-12 08:58 . 2013-09-28 10:36 2007328 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-09-12 08:58 . 2013-09-28 10:36 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-12 08:58 . 2013-09-28 10:36 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-09-12 08:58 . 2013-09-28 10:36 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-09-12 08:58 . 2013-09-28 10:36 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-12 08:58 . 2013-09-28 10:36 13628208 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-09-12 08:58 . 2013-09-28 10:36 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-09-12 08:58 . 2013-09-28 10:36 11274528 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-09-12 08:58 . 2009-07-13 21:59 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-09-12 07:25 . 2013-09-28 10:36 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2013-09-28 10:36 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2013-09-28 10:36 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2013-09-28 10:36 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2013-09-28 10:36 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2013-09-28 10:36 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-11 23:17 . 2013-09-11 23:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-09-08 02:30 . 2013-10-11 14:55 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-11 14:55 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-11 14:55 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8F547BDD-FCD4-48F8-A06F-573D6F404A3C}]
2013-03-19 00:37 255384 ----a-w- c:\program files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{00078E95-3A4A-4137-8DE7-2824908D1C17}"= "c:\program files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll" [2013-03-19 329624]
.
[HKEY_CLASSES_ROOT\clsid\{00078e95-3a4a-4137-8de7-2824908d1c17}]
[HKEY_CLASSES_ROOT\searchgol.searchgoldskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\searchgol.searchgoldskBnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-14 683576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BitGuard;BitGuard;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~3\BitGuard\271832~1.68\{C16C1~1\loader.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=642B90E6BA33DAB2&affID=125035&tsp=5027
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - ExtSQL: 2013-10-06 16:22; ffxtlbr@searchgol.com; c:\users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default\extensions\ffxtlbr@searchgol.com
FF - user.js: extensions.searchgol.tlbrSrchUrl -
FF - user.js: extensions.searchgol.id - 642bdccd00000000000090e6ba33dab2
FF - user.js: extensions.searchgol.appId - {4277F7CF-0000-46CF-BA49-D624465C4BAB}
FF - user.js: extensions.searchgol.instlDay - 15984
FF - user.js: extensions.searchgol.vrsn - 1.8.16.19
FF - user.js: extensions.searchgol.vrsni - 1.8.16.19
FF - user.js: extensions.searchgol.vrsnTs - 1.8.16.1916:22
FF - user.js: extensions.searchgol.prtnrId - searchgol
FF - user.js: extensions.searchgol.prdct - searchgol
FF - user.js: extensions.searchgol.aflt - babsst
FF - user.js: extensions.searchgol.smplGrp - none
FF - user.js: extensions.searchgol.tlbrId - base
FF - user.js: extensions.searchgol.instlRef - sst
FF - user.js: extensions.searchgol.dfltLng - de
FF - user.js: extensions.searchgol.excTlbr - false
FF - user.js: extensions.searchgol.ffxUnstlRst - false
FF - user.js: extensions.searchgol.admin - false
FF - user.js: extensions.searchgol.autoRvrt - false
FF - user.js: extensions.searchgol.rvrt - false
FF - user.js: extensions.searchgol.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-03 10:13:15
ComboFix-quarantined-files.txt 2013-12-03 09:13
.
Vor Suchlauf: 7 Verzeichnis(se), 404.259.086.336 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 404.796.280.832 Bytes frei
.
- - End Of File - - 92D1BEF8D963ED06FDF320B20A267885
A36C5E4F47E84449FF07ED3517B43A31
Defrogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:23 on 03/12/2013 (CZeller)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013
Ran by CZeller (administrator) on CZELLER-PC on 03-12-2013 10:25:11
Running from C:\Users\CZeller\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
AppInit_DLLs: C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=642B90E6BA33DAB2&affID=125035&tsp=5027
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9733CE8CCAB9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=642B90E6BA33DAB2&affID=125035&tsp=5027
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: searchgol Helper Object - {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - searchgol Toolbar - {00078E95-3A4A-4137-8DE7-2824908D1C17} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll (Montera Technologeis LTD)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default
FF user.js: detected! => C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default\user.js
FF NewTab: hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=642B90E6BA33DAB2&affID=125035&tsp=5027
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default\searchplugins\searchgol.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SearchGol - C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default\Extensions\ffxtlbr@searchgol.com
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-30] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
U3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-03 10:25 - 2013-12-03 10:25 - 00007294 _____ C:\Users\CZeller\Desktop\FRST.txt
2013-12-03 10:25 - 2013-12-03 10:25 - 00000000 ____D C:\FRST
2013-12-03 10:24 - 2013-12-03 10:24 - 01959434 _____ (Farbar) C:\Users\CZeller\Desktop\FRST64.exe
2013-12-03 10:23 - 2013-12-03 10:23 - 00050477 _____ C:\Users\CZeller\Desktop\Defogger.exe
2013-12-03 10:23 - 2013-12-03 10:23 - 00000476 _____ C:\Users\CZeller\Desktop\defogger_disable.log
2013-12-03 10:23 - 2013-12-03 10:23 - 00000000 _____ C:\Users\CZeller\defogger_reenable
2013-12-03 10:13 - 2013-12-03 10:13 - 00022395 _____ C:\ComboFix.txt
2013-12-03 10:05 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-03 10:05 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-03 10:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-03 10:04 - 2013-12-03 10:13 - 00000000 ____D C:\Qoobox
2013-12-03 10:04 - 2013-12-03 10:12 - 00000000 ____D C:\Windows\erdnt
2013-12-03 10:04 - 2013-12-03 10:04 - 05151572 ____R (Swearware) C:\Users\CZeller\Desktop\ComboFix.exe
2013-12-02 23:55 - 2013-12-02 23:55 - 392908256 _____ C:\Windows\MEMORY.DMP
2013-12-02 23:55 - 2013-12-02 23:55 - 00286664 _____ C:\Windows\Minidump\120213-17581-01.dmp
2013-12-02 23:55 - 2013-12-02 23:55 - 00000000 ____D C:\Windows\Minidump
2013-12-02 02:21 - 2013-12-03 10:05 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-11-26 09:03 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-26 09:01 - 2013-11-26 09:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 09:01 - 2013-11-26 09:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 08:59 - 2013-11-26 09:03 - 00009768 _____ C:\Windows\IE11_main.log
2013-11-22 10:36 - 2013-11-22 10:36 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-14 23:17 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 23:17 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 23:17 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 23:17 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 23:17 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 23:17 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 23:17 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 23:17 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 23:17 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 23:17 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 23:17 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 23:17 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 23:17 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 23:17 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 23:17 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 23:17 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 23:17 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 23:17 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 23:17 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 23:17 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 23:17 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 23:17 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 23:17 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 23:17 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 23:17 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 23:17 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 23:17 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 23:17 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 23:17 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 23:17 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-09 17:38 - 2013-11-10 12:58 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ____D C:\ProgramData\Skype
2013-11-04 17:19 - 2013-11-04 17:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-04 17:19 - 2013-11-04 17:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
==================== One Month Modified Files and Folders =======
2013-12-03 10:25 - 2013-12-03 10:25 - 00007294 _____ C:\Users\CZeller\Desktop\FRST.txt
2013-12-03 10:25 - 2013-12-03 10:25 - 00000000 ____D C:\FRST
2013-12-03 10:24 - 2013-12-03 10:24 - 01959434 _____ (Farbar) C:\Users\CZeller\Desktop\FRST64.exe
2013-12-03 10:24 - 2013-09-25 12:02 - 00000000 ____D C:\Users\CZeller\Desktop\dls
2013-12-03 10:24 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 10:24 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 10:23 - 2013-12-03 10:23 - 00050477 _____ C:\Users\CZeller\Desktop\Defogger.exe
2013-12-03 10:23 - 2013-12-03 10:23 - 00000476 _____ C:\Users\CZeller\Desktop\defogger_disable.log
2013-12-03 10:23 - 2013-12-03 10:23 - 00000000 _____ C:\Users\CZeller\defogger_reenable
2013-12-03 10:23 - 2013-09-25 09:35 - 00000000 ____D C:\Users\CZeller
2013-12-03 10:13 - 2013-12-03 10:13 - 00022395 _____ C:\ComboFix.txt
2013-12-03 10:13 - 2013-12-03 10:04 - 00000000 ____D C:\Qoobox
2013-12-03 10:13 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-03 10:12 - 2013-12-03 10:04 - 00000000 ____D C:\Windows\erdnt
2013-12-03 10:11 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-03 10:05 - 2013-12-02 02:21 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-12-03 10:05 - 2011-04-12 08:43 - 00653928 _____ C:\Windows\system32\perfh007.dat
2013-12-03 10:05 - 2011-04-12 08:43 - 00129800 _____ C:\Windows\system32\perfc007.dat
2013-12-03 10:05 - 2009-07-14 06:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 10:04 - 2013-12-03 10:04 - 05151572 ____R (Swearware) C:\Users\CZeller\Desktop\ComboFix.exe
2013-12-03 10:04 - 2013-09-25 11:58 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-03 10:03 - 2013-09-25 09:37 - 01910117 _____ C:\Windows\WindowsUpdate.log
2013-12-03 09:59 - 2013-09-28 11:37 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-03 09:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 09:59 - 2009-07-14 05:51 - 00035706 _____ C:\Windows\setupact.log
2013-12-02 23:55 - 2013-12-02 23:55 - 392908256 _____ C:\Windows\MEMORY.DMP
2013-12-02 23:55 - 2013-12-02 23:55 - 00286664 _____ C:\Windows\Minidump\120213-17581-01.dmp
2013-12-02 23:55 - 2013-12-02 23:55 - 00000000 ____D C:\Windows\Minidump
2013-12-02 23:53 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 20:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-26 18:16 - 2013-09-25 09:36 - 00001425 _____ C:\Users\CZeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 18:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-26 09:03 - 2013-11-26 08:59 - 00009768 _____ C:\Windows\IE11_main.log
2013-11-26 09:01 - 2013-11-26 09:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 09:01 - 2013-11-26 09:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-23 14:34 - 2013-10-06 15:22 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-11-23 02:59 - 2013-10-06 15:22 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-23 02:59 - 2010-11-21 04:47 - 00019518 _____ C:\Windows\PFRO.log
2013-11-22 10:36 - 2013-11-22 10:36 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-16 11:33 - 2013-09-25 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 01:01 - 2013-09-25 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:48 - 2013-09-25 10:32 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 23:47 - 2013-09-25 10:32 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 11:03 - 2013-09-25 11:58 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-10 12:58 - 2013-11-09 17:38 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Skype
2013-11-10 12:14 - 2013-10-06 00:13 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-10 11:32 - 2013-10-06 00:13 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-10 11:05 - 2013-10-02 21:57 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-09 17:37 - 2013-11-09 17:37 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 17:05 - 2013-09-25 10:53 - 00000000 ____D C:\Users\CZeller\AppData\Local\Mozilla
2013-11-04 17:19 - 2013-11-04 17:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-04 17:19 - 2013-11-04 17:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
Some content of TEMP:
====================
C:\Users\CZeller\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-30 14:46
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013
Ran by CZeller at 2013-12-03 10:25:33
Running from C:\Users\CZeller\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Avira Free Antivirus (x32 Version: 14.0.1.759)
Battlefield 4™ (x32 Version: 1.0.0.0)
Battlefield 4™ Beta (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
BitGuard (x32)
Diablo III (x32)
ESN Sonar (x32 Version: 0.70.4)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java SE Development Kit 7 Update 40 (64-bit) (Version: 1.7.0.400)
JDownloader 0.9 (x32 Version: 0.9)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
NVIDIA 3D Vision Controller-Treiber 326.01 (Version: 326.01)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
Origin (x32 Version: 9.3.7.2735)
PunkBuster Services (x32 Version: 0.993)
Search-Gol Chrome Toolbar (x32)
searchgol toolbar (x32 Version: 1.8.16.19)
Skype™ 6.10 (x32 Version: 6.10.104)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
==================== Restore Points =========================
06-11-2013 16:51:43 Geplanter Prüfpunkt
14-11-2013 12:06:20 Geplanter Prüfpunkt
14-11-2013 22:47:06 Windows Update
22-11-2013 10:42:36 Geplanter Prüfpunkt
26-11-2013 07:59:21 Windows Update
03-12-2013 09:05:39 ComboFix created restore point
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-12-03 10:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {3DBEF1AB-150F-42F6-948E-7405E87831AF} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {AF2E7975-5F71-4516-BA2D-A95E06D9E6C6} - System32\Tasks\EPUpdater => C:\Users\CZeller\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-09-01] ()
==================== Loaded Modules (whitelisted) =============
2013-11-22 10:36 - 2013-11-18 15:32 - 01958880 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll
2013-09-25 11:58 - 2013-09-25 11:58 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-25 10:52 - 2013-11-16 01:01 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-25 10:54 - 2013-09-25 10:54 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/03/2013 10:01:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/02/2013 11:56:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/02/2013 11:05:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/02/2013 00:00:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/02/2013 08:19:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/02/2013 01:49:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/01/2013 05:28:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/01/2013 11:22:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/01/2013 00:42:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2013 10:00:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (12/03/2013 10:11:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/03/2013 10:10:54 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/03/2013 10:09:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/03/2013 10:05:04 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "BitGuard" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (12/03/2013 10:04:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BitGuard" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/02/2013 11:55:09 PM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa80084855f0, 0xfffffa80084858d0, 0xfffff80002dd77b0)C:\Windows\MEMORY.DMP120213-17581-01
Error: (12/02/2013 11:55:04 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 02.12.2013 um 23:53:07 unerwartet heruntergefahren.
Error: (11/23/2013 08:46:59 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/23/2013 08:46:49 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "BitGuard" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (11/23/2013 08:46:31 AM) (Source: Service Control Manager) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (12/03/2013 10:01:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/02/2013 11:56:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/02/2013 11:05:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/02/2013 00:00:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/02/2013 08:19:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/02/2013 01:49:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/01/2013 05:28:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/01/2013 11:22:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/01/2013 00:42:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2013 10:00:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-12-03 10:10:54.452
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-12-03 10:10:54.437
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 8183.05 MB
Available physical RAM: 6169.28 MB
Total Pagefile: 16364.29 MB
Available Pagefile: 14175.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:376.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8874DCFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-03 10:33:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC37 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CZeller\AppData\Local\Temp\pwdiafod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1716] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072461a22 2 bytes [46, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1716] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072461ad0 2 bytes [46, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1716] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072461b08 2 bytes [46, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1716] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072461bba 2 bytes [46, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1716] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072461bda 2 bytes [46, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757f1465 2 bytes [7F, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757f14bb 2 bytes [7F, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
Ich hoffe, dass da jemand was mit anfangen kann. Bis dann, czeller |
|
03.12.2013, 11:25
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: svchost.exe Fund: ADWARE/bprotektor.E hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
03.12.2013, 13:17
| #3 |
| | Windows 7: svchost.exe Fund: ADWARE/bprotektor.E Hi, danke für die schnelle Antwort! Hier mal die neuen Logs:
__________________mbam: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.03.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16428 CZeller :: CZELLER-PC [Administrator] Schutz: Aktiviert 03.12.2013 12:54:27 mbam-log-2013-12-03 (12-54-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207149 Laufzeit: 2 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{00078E95-3A4A-4137-8DE7-2824908D1C17} (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{840A13FF-B464-4782-9C96-AAF3092E55DD} (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{88AF4F6A-C6B7-4229-9275-824E98BF97F9} (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.searchgolESrvc.1 (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.searchgolESrvc (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{8F547BDD-FCD4-48F8-A06F-573D6F404A3C} (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F547BDD-FCD4-48F8-A06F-573D6F404A3C} (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{D8E43B96-EB46-4820-92B7-232AEB735685} (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane.1 (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\escort.escortIEPane (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{105F25A9-C42F-48A6-998D-0494E8AE336A} (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{3860D897-7DCD-473C-9744-B21DB133AB20} (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\searchgol.searchgolappCore (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\searchgol.searchgolappCore.1 (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\searchgol (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\searchgol (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\aipfmkinhleccnodemkoofnnofpbbpac (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search-Gol Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchgol (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{539F74BF-7E5C-46BD-9D45-35B1A91C9CBD} (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{9448AC19-EB62-46D5-B7DA-B059A7DB466A} (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 4 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{00078E95-3A4A-4137-8DE7-2824908D1C17} (PUP.Optional.SearchGolTB.A) -> Daten: searchgol Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{00078E95-3A4A-4137-8DE7-2824908D1C17} (PUP.Optional.SearchGolTB.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=642B90E6BA33DAB2&affID=125035&tsp=5027 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 2O1R1G2Z1F1G1M -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage.A) -> Bösartig: (hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=642B90E6BA33DAB2&affID=125035&tsp=5027) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 6 C:\Users\CZeller\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\CZeller\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\CZeller\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\searchgol\searchgol (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\searchgol\searchgol\1.8.16.19 (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 16 C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolsrv.exe (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\CZeller\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\CZeller\AppData\Roaming\BabSolution\CR\searchgol.crx (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\CZeller\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\CZeller\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\CZeller\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\CZeller\AppData\Roaming\BabSolution\Shared\searchgol.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\CZeller\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\CZeller\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\escortShld.dll (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\GUninstaller.exe (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolApp.dll (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolEng.dll (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\uninstall.exe (PUP.Optional.SearchGolTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.014 - Bericht erstellt am 03/12/2013 um 13:01:36
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : CZeller - CZELLER-PC
# Gestartet von : C:\Users\CZeller\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : BitGuard
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\searchgol
Ordner Gelöscht : C:\Users\CZeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default\Extensions\ffxtlbr@searchgol.com
Datei Gelöscht : C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default\searchplugins\searchgol.xml
Datei Gelöscht : C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\5d2dc8be06fbf15
Schlüssel Gelöscht : HKLM\SOFTWARE\5d2dc8be06fbf15
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C5CBB76-7379-4490-AA5B-B037C0A36381}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3860D897-7DCD-473C-9744-B21DB133AB20}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v25.0.1 (de)
[ Datei : C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=642B90E6BA33DAB2&affID=125035&tsp=5027");
Zeile gelöscht : user_pref("extensions.searchgol.admin", false);
Zeile gelöscht : user_pref("extensions.searchgol.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}");
Zeile gelöscht : user_pref("extensions.searchgol.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.searchgol.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.searchgol.excTlbr", false);
Zeile gelöscht : user_pref("extensions.searchgol.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.searchgol.id", "642bdccd00000000000090e6ba33dab2");
Zeile gelöscht : user_pref("extensions.searchgol.instlDay", "15984");
Zeile gelöscht : user_pref("extensions.searchgol.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.searchgol.newTab", false);
Zeile gelöscht : user_pref("extensions.searchgol.prdct", "searchgol");
Zeile gelöscht : user_pref("extensions.searchgol.prtnrId", "searchgol");
Zeile gelöscht : user_pref("extensions.searchgol.rvrt", "false");
Zeile gelöscht : user_pref("extensions.searchgol.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.searchgol.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.searchgol.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.searchgol.vrsn", "1.8.16.19");
Zeile gelöscht : user_pref("extensions.searchgol.vrsnTs", "1.8.16.1916:22:27");
Zeile gelöscht : user_pref("extensions.searchgol.vrsni", "1.8.16.19");
*************************
AdwCleaner[R0].txt - [5130 octets] - [03/12/2013 13:01:13]
AdwCleaner[S0].txt - [4935 octets] - [03/12/2013 13:01:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4995 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by CZeller on 03.12.2013 at 13:06:07,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2693327717-1312574936-2574840011-1001\Software\sweetim
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\CZeller\AppData\Roaming\mozilla\firefox\profiles\sw6r9pp3.default\minidumps [15 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.12.2013 at 13:10:20,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013
Ran by CZeller (administrator) on CZELLER-PC on 03-12-2013 13:12:33
Running from C:\Users\CZeller\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
AppInit_DLLs: c:\PROGRA~3\BitGuard\271832~1.68\{C16C1~1\loader.dll [ ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9733CE8CCAB9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-30] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-03 13:11 - 2013-12-03 13:11 - 00000947 _____ C:\Users\CZeller\Desktop\JRT1.txt
2013-12-03 13:10 - 2013-12-03 13:10 - 00000947 _____ C:\Users\CZeller\Desktop\JRT.txt
2013-12-03 13:06 - 2013-12-03 13:06 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 13:05 - 2013-12-03 13:05 - 01034531 _____ (Thisisu) C:\Users\CZeller\Desktop\JRT.exe
2013-12-03 13:04 - 2013-12-03 13:04 - 00005079 _____ C:\Users\CZeller\Desktop\AdwCleaner[S0].txt
2013-12-03 13:01 - 2013-12-03 13:01 - 00000000 ____D C:\AdwCleaner
2013-12-03 13:00 - 2013-12-03 13:00 - 01110034 _____ C:\Users\CZeller\Desktop\adwcleaner.exe
2013-12-03 12:52 - 2013-12-03 12:52 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 12:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 12:51 - 2013-12-03 12:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\CZeller\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-03 10:33 - 2013-12-03 10:33 - 00001438 _____ C:\Users\CZeller\Desktop\Gmer.txt
2013-12-03 10:28 - 2013-12-03 10:28 - 00377856 _____ C:\Users\CZeller\Desktop\gmer_2.1.19163.exe
2013-12-03 10:25 - 2013-12-03 13:12 - 00006393 _____ C:\Users\CZeller\Desktop\FRST.txt
2013-12-03 10:25 - 2013-12-03 10:25 - 00013647 _____ C:\Users\CZeller\Desktop\Addition.txt
2013-12-03 10:25 - 2013-12-03 10:25 - 00000000 ____D C:\FRST
2013-12-03 10:24 - 2013-12-03 10:24 - 01959434 _____ (Farbar) C:\Users\CZeller\Desktop\FRST64.exe
2013-12-03 10:23 - 2013-12-03 10:23 - 00050477 _____ C:\Users\CZeller\Desktop\Defogger.exe
2013-12-03 10:23 - 2013-12-03 10:23 - 00000476 _____ C:\Users\CZeller\Desktop\defogger_disable.log
2013-12-03 10:23 - 2013-12-03 10:23 - 00000000 _____ C:\Users\CZeller\defogger_reenable
2013-12-03 10:13 - 2013-12-03 10:13 - 00022395 _____ C:\ComboFix.txt
2013-12-03 10:05 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-03 10:05 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-03 10:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-03 10:04 - 2013-12-03 10:13 - 00000000 ____D C:\Qoobox
2013-12-03 10:04 - 2013-12-03 10:12 - 00000000 ____D C:\Windows\erdnt
2013-12-03 10:04 - 2013-12-03 10:04 - 05151572 ____R (Swearware) C:\Users\CZeller\Desktop\ComboFix.exe
2013-12-02 23:55 - 2013-12-02 23:55 - 392908256 _____ C:\Windows\MEMORY.DMP
2013-12-02 23:55 - 2013-12-02 23:55 - 00286664 _____ C:\Windows\Minidump\120213-17581-01.dmp
2013-12-02 23:55 - 2013-12-02 23:55 - 00000000 ____D C:\Windows\Minidump
2013-11-26 09:03 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-26 09:01 - 2013-11-26 09:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 09:01 - 2013-11-26 09:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 08:59 - 2013-11-26 09:03 - 00009768 _____ C:\Windows\IE11_main.log
2013-11-14 23:17 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 23:17 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 23:17 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 23:17 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 23:17 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 23:17 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 23:17 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 23:17 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 23:17 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 23:17 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 23:17 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 23:17 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 23:17 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 23:17 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 23:17 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 23:17 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 23:17 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 23:17 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 23:17 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 23:17 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 23:17 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 23:17 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 23:17 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 23:17 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 23:17 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 23:17 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 23:17 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 23:17 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 23:17 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 23:17 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-09 17:38 - 2013-11-10 12:58 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ____D C:\ProgramData\Skype
2013-11-04 17:19 - 2013-11-04 17:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-04 17:19 - 2013-11-04 17:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
==================== One Month Modified Files and Folders =======
2013-12-03 13:13 - 2013-12-03 10:25 - 00006393 _____ C:\Users\CZeller\Desktop\FRST.txt
2013-12-03 13:11 - 2013-12-03 13:11 - 00000947 _____ C:\Users\CZeller\Desktop\JRT1.txt
2013-12-03 13:10 - 2013-12-03 13:10 - 00000947 _____ C:\Users\CZeller\Desktop\JRT.txt
2013-12-03 13:10 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 13:10 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 13:09 - 2011-04-12 08:43 - 00653928 _____ C:\Windows\system32\perfh007.dat
2013-12-03 13:09 - 2011-04-12 08:43 - 00129800 _____ C:\Windows\system32\perfc007.dat
2013-12-03 13:09 - 2009-07-14 06:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 13:06 - 2013-12-03 13:06 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 13:05 - 2013-12-03 13:05 - 01034531 _____ (Thisisu) C:\Users\CZeller\Desktop\JRT.exe
2013-12-03 13:05 - 2013-09-25 12:02 - 00000000 ____D C:\Users\CZeller\Desktop\dls
2013-12-03 13:04 - 2013-12-03 13:04 - 00005079 _____ C:\Users\CZeller\Desktop\AdwCleaner[S0].txt
2013-12-03 13:02 - 2013-09-28 11:37 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-03 13:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 13:02 - 2009-07-14 05:51 - 00035874 _____ C:\Windows\setupact.log
2013-12-03 13:01 - 2013-12-03 13:01 - 00000000 ____D C:\AdwCleaner
2013-12-03 13:01 - 2013-09-25 09:37 - 01943052 _____ C:\Windows\WindowsUpdate.log
2013-12-03 13:00 - 2013-12-03 13:00 - 01110034 _____ C:\Users\CZeller\Desktop\adwcleaner.exe
2013-12-03 12:58 - 2010-11-21 04:47 - 00026002 _____ C:\Windows\PFRO.log
2013-12-03 12:52 - 2013-12-03 12:52 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 12:51 - 2013-12-03 12:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\CZeller\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-03 10:33 - 2013-12-03 10:33 - 00001438 _____ C:\Users\CZeller\Desktop\Gmer.txt
2013-12-03 10:28 - 2013-12-03 10:28 - 00377856 _____ C:\Users\CZeller\Desktop\gmer_2.1.19163.exe
2013-12-03 10:25 - 2013-12-03 10:25 - 00013647 _____ C:\Users\CZeller\Desktop\Addition.txt
2013-12-03 10:25 - 2013-12-03 10:25 - 00000000 ____D C:\FRST
2013-12-03 10:24 - 2013-12-03 10:24 - 01959434 _____ (Farbar) C:\Users\CZeller\Desktop\FRST64.exe
2013-12-03 10:23 - 2013-12-03 10:23 - 00050477 _____ C:\Users\CZeller\Desktop\Defogger.exe
2013-12-03 10:23 - 2013-12-03 10:23 - 00000476 _____ C:\Users\CZeller\Desktop\defogger_disable.log
2013-12-03 10:23 - 2013-12-03 10:23 - 00000000 _____ C:\Users\CZeller\defogger_reenable
2013-12-03 10:23 - 2013-09-25 09:35 - 00000000 ____D C:\Users\CZeller
2013-12-03 10:13 - 2013-12-03 10:13 - 00022395 _____ C:\ComboFix.txt
2013-12-03 10:13 - 2013-12-03 10:04 - 00000000 ____D C:\Qoobox
2013-12-03 10:13 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-03 10:12 - 2013-12-03 10:04 - 00000000 ____D C:\Windows\erdnt
2013-12-03 10:11 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-03 10:04 - 2013-12-03 10:04 - 05151572 ____R (Swearware) C:\Users\CZeller\Desktop\ComboFix.exe
2013-12-03 10:04 - 2013-09-25 11:58 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-02 23:55 - 2013-12-02 23:55 - 392908256 _____ C:\Windows\MEMORY.DMP
2013-12-02 23:55 - 2013-12-02 23:55 - 00286664 _____ C:\Windows\Minidump\120213-17581-01.dmp
2013-12-02 23:55 - 2013-12-02 23:55 - 00000000 ____D C:\Windows\Minidump
2013-12-02 23:53 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 20:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-26 18:16 - 2013-09-25 09:36 - 00001425 _____ C:\Users\CZeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 18:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-26 09:03 - 2013-11-26 08:59 - 00009768 _____ C:\Windows\IE11_main.log
2013-11-26 09:01 - 2013-11-26 09:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 09:01 - 2013-11-26 09:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-23 14:34 - 2013-10-06 15:22 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-11-16 11:33 - 2013-09-25 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 01:01 - 2013-09-25 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:48 - 2013-09-25 10:32 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 23:47 - 2013-09-25 10:32 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 11:03 - 2013-09-25 11:58 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-10 12:58 - 2013-11-09 17:38 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Skype
2013-11-10 12:14 - 2013-10-06 00:13 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-10 11:32 - 2013-10-06 00:13 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-10 11:05 - 2013-10-02 21:57 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-09 17:37 - 2013-11-09 17:37 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 17:05 - 2013-09-25 10:53 - 00000000 ____D C:\Users\CZeller\AppData\Local\Mozilla
2013-11-04 17:19 - 2013-11-04 17:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-04 17:19 - 2013-11-04 17:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
Some content of TEMP:
====================
C:\Users\CZeller\AppData\Local\Temp\avgnt.exe
C:\Users\CZeller\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-30 14:46
==================== End Of Log ============================
--- --- --- So, das müssten alle gewesen sein. Gruß |
|
04.12.2013, 10:25
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: svchost.exe Fund: ADWARE/bprotektor.EESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.12.2013, 11:27
| #5 |
| | Windows 7: svchost.exe Fund: ADWARE/bprotektor.E Hi, habe seit den letzten Log eigentlich keine Warnungen etc. mehr!!  Hier mal die neuen Logs: ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dff34800f5eae444a443d36e3215bd4e
# engine=16138
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-04 11:03:35
# local_time=2013-12-05 12:03:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 7224 6091605 8 0
# compatibility_mode=5893 16776574 100 94 6095780 137828065 0 0
# scanned=93761
# found=0
# cleaned=0
# scan_time=1922
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.152 Adobe Reader XI Mozilla Firefox (25.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013
Ran by CZeller (administrator) on CZELLER-PC on 05-12-2013 00:07:56
Running from C:\Users\CZeller\Desktop\dls
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
AppInit_DLLs: c:\PROGRA~3\BitGuard\271832~1.68\{C16C1~1\loader.dll [ ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9733CE8CCAB9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-30] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-05 00:06 - 2013-12-05 00:06 - 00000842 _____ C:\Users\CZeller\Desktop\security_checkup.txt
2013-12-05 00:04 - 2013-12-05 00:03 - 00000707 _____ C:\Users\CZeller\Desktop\ESET.txt
2013-12-04 23:30 - 2013-12-04 23:30 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-03 22:58 - 2013-12-03 22:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-03 13:13 - 2013-12-03 13:13 - 00044754 _____ C:\Users\CZeller\Desktop\FRST_2.txt
2013-12-03 13:11 - 2013-12-03 13:11 - 00000947 _____ C:\Users\CZeller\Desktop\JRT1.txt
2013-12-03 13:10 - 2013-12-03 13:10 - 00000947 _____ C:\Users\CZeller\Desktop\JRT.txt
2013-12-03 13:06 - 2013-12-03 13:06 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 13:05 - 2013-12-03 13:05 - 01034531 _____ (Thisisu) C:\Users\CZeller\Desktop\JRT.exe
2013-12-03 13:04 - 2013-12-03 13:04 - 00005079 _____ C:\Users\CZeller\Desktop\AdwCleaner[S0].txt
2013-12-03 13:01 - 2013-12-03 13:01 - 00000000 ____D C:\AdwCleaner
2013-12-03 13:00 - 2013-12-03 13:00 - 01110034 _____ C:\Users\CZeller\Desktop\adwcleaner.exe
2013-12-03 12:52 - 2013-12-03 12:52 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 12:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 12:51 - 2013-12-03 12:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\CZeller\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-03 10:33 - 2013-12-03 10:33 - 00001438 _____ C:\Users\CZeller\Desktop\Gmer.txt
2013-12-03 10:28 - 2013-12-03 10:28 - 00377856 _____ C:\Users\CZeller\Desktop\gmer_2.1.19163.exe
2013-12-03 10:25 - 2013-12-03 13:13 - 00044754 _____ C:\Users\CZeller\Desktop\FRST.txt
2013-12-03 10:25 - 2013-12-03 10:25 - 00013647 _____ C:\Users\CZeller\Desktop\Addition.txt
2013-12-03 10:25 - 2013-12-03 10:25 - 00000000 ____D C:\FRST
2013-12-03 10:23 - 2013-12-03 10:23 - 00050477 _____ C:\Users\CZeller\Desktop\Defogger.exe
2013-12-03 10:23 - 2013-12-03 10:23 - 00000476 _____ C:\Users\CZeller\Desktop\defogger_disable.log
2013-12-03 10:23 - 2013-12-03 10:23 - 00000000 _____ C:\Users\CZeller\defogger_reenable
2013-12-03 10:13 - 2013-12-03 10:13 - 00022395 _____ C:\ComboFix.txt
2013-12-03 10:05 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-03 10:05 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-03 10:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-03 10:04 - 2013-12-03 10:13 - 00000000 ____D C:\Qoobox
2013-12-03 10:04 - 2013-12-03 10:12 - 00000000 ____D C:\Windows\erdnt
2013-12-03 10:04 - 2013-12-03 10:04 - 05151572 ____R (Swearware) C:\Users\CZeller\Desktop\ComboFix.exe
2013-12-02 23:55 - 2013-12-02 23:55 - 392908256 _____ C:\Windows\MEMORY.DMP
2013-12-02 23:55 - 2013-12-02 23:55 - 00286664 _____ C:\Windows\Minidump\120213-17581-01.dmp
2013-12-02 23:55 - 2013-12-02 23:55 - 00000000 ____D C:\Windows\Minidump
2013-11-26 09:03 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-26 09:01 - 2013-11-26 09:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 09:01 - 2013-11-26 09:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 08:59 - 2013-11-26 09:03 - 00009768 _____ C:\Windows\IE11_main.log
2013-11-14 23:17 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 23:17 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 23:17 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 23:17 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 23:17 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 23:17 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 23:17 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 23:17 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 23:17 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 23:17 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 23:17 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 23:17 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 23:17 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 23:17 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 23:17 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 23:17 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 23:17 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 23:17 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 23:17 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 23:17 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 23:17 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 23:17 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 23:17 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 23:17 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 23:17 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 23:17 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 23:17 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 23:17 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 23:17 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 23:17 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-09 17:38 - 2013-11-10 12:58 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ____D C:\ProgramData\Skype
==================== One Month Modified Files and Folders =======
2013-12-05 00:07 - 2013-09-25 12:02 - 00000000 ____D C:\Users\CZeller\Desktop\dls
2013-12-05 00:06 - 2013-12-05 00:06 - 00000842 _____ C:\Users\CZeller\Desktop\security_checkup.txt
2013-12-05 00:06 - 2013-09-25 09:37 - 02014594 _____ C:\Windows\WindowsUpdate.log
2013-12-05 00:03 - 2013-12-05 00:04 - 00000707 _____ C:\Users\CZeller\Desktop\ESET.txt
2013-12-04 23:30 - 2013-12-04 23:30 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-04 23:05 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 23:05 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 23:02 - 2011-04-12 08:43 - 00653928 _____ C:\Windows\system32\perfh007.dat
2013-12-04 23:02 - 2011-04-12 08:43 - 00129800 _____ C:\Windows\system32\perfc007.dat
2013-12-04 23:02 - 2009-07-14 06:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-04 22:57 - 2013-09-28 11:37 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-04 22:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 22:57 - 2009-07-14 05:51 - 00036098 _____ C:\Windows\setupact.log
2013-12-03 22:58 - 2013-12-03 22:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-03 22:58 - 2013-09-25 10:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 22:58 - 2013-09-25 10:26 - 00000000 ____D C:\Users\CZeller\AppData\Local\Adobe
2013-12-03 13:13 - 2013-12-03 13:13 - 00044754 _____ C:\Users\CZeller\Desktop\FRST_2.txt
2013-12-03 13:13 - 2013-12-03 10:25 - 00044754 _____ C:\Users\CZeller\Desktop\FRST.txt
2013-12-03 13:11 - 2013-12-03 13:11 - 00000947 _____ C:\Users\CZeller\Desktop\JRT1.txt
2013-12-03 13:10 - 2013-12-03 13:10 - 00000947 _____ C:\Users\CZeller\Desktop\JRT.txt
2013-12-03 13:06 - 2013-12-03 13:06 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 13:05 - 2013-12-03 13:05 - 01034531 _____ (Thisisu) C:\Users\CZeller\Desktop\JRT.exe
2013-12-03 13:04 - 2013-12-03 13:04 - 00005079 _____ C:\Users\CZeller\Desktop\AdwCleaner[S0].txt
2013-12-03 13:01 - 2013-12-03 13:01 - 00000000 ____D C:\AdwCleaner
2013-12-03 13:00 - 2013-12-03 13:00 - 01110034 _____ C:\Users\CZeller\Desktop\adwcleaner.exe
2013-12-03 12:58 - 2010-11-21 04:47 - 00026002 _____ C:\Windows\PFRO.log
2013-12-03 12:52 - 2013-12-03 12:52 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 12:51 - 2013-12-03 12:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\CZeller\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-03 10:33 - 2013-12-03 10:33 - 00001438 _____ C:\Users\CZeller\Desktop\Gmer.txt
2013-12-03 10:28 - 2013-12-03 10:28 - 00377856 _____ C:\Users\CZeller\Desktop\gmer_2.1.19163.exe
2013-12-03 10:25 - 2013-12-03 10:25 - 00013647 _____ C:\Users\CZeller\Desktop\Addition.txt
2013-12-03 10:25 - 2013-12-03 10:25 - 00000000 ____D C:\FRST
2013-12-03 10:23 - 2013-12-03 10:23 - 00050477 _____ C:\Users\CZeller\Desktop\Defogger.exe
2013-12-03 10:23 - 2013-12-03 10:23 - 00000476 _____ C:\Users\CZeller\Desktop\defogger_disable.log
2013-12-03 10:23 - 2013-12-03 10:23 - 00000000 _____ C:\Users\CZeller\defogger_reenable
2013-12-03 10:23 - 2013-09-25 09:35 - 00000000 ____D C:\Users\CZeller
2013-12-03 10:13 - 2013-12-03 10:13 - 00022395 _____ C:\ComboFix.txt
2013-12-03 10:13 - 2013-12-03 10:04 - 00000000 ____D C:\Qoobox
2013-12-03 10:13 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-03 10:12 - 2013-12-03 10:04 - 00000000 ____D C:\Windows\erdnt
2013-12-03 10:11 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-03 10:04 - 2013-12-03 10:04 - 05151572 ____R (Swearware) C:\Users\CZeller\Desktop\ComboFix.exe
2013-12-03 10:04 - 2013-09-25 11:58 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-02 23:55 - 2013-12-02 23:55 - 392908256 _____ C:\Windows\MEMORY.DMP
2013-12-02 23:55 - 2013-12-02 23:55 - 00286664 _____ C:\Windows\Minidump\120213-17581-01.dmp
2013-12-02 23:55 - 2013-12-02 23:55 - 00000000 ____D C:\Windows\Minidump
2013-12-02 23:53 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 20:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-26 18:16 - 2013-09-25 09:36 - 00001425 _____ C:\Users\CZeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 18:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-26 09:03 - 2013-11-26 08:59 - 00009768 _____ C:\Windows\IE11_main.log
2013-11-26 09:01 - 2013-11-26 09:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 09:01 - 2013-11-26 09:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-23 14:34 - 2013-10-06 15:22 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-11-16 11:33 - 2013-09-25 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 01:01 - 2013-09-25 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:48 - 2013-09-25 10:32 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 23:47 - 2013-09-25 10:32 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 11:03 - 2013-09-25 11:58 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-10 12:58 - 2013-11-09 17:38 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Skype
2013-11-10 12:14 - 2013-10-06 00:13 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-10 11:32 - 2013-10-06 00:13 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-10 11:05 - 2013-10-02 21:57 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-09 17:37 - 2013-11-09 17:37 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 17:05 - 2013-09-25 10:53 - 00000000 ____D C:\Users\CZeller\AppData\Local\Mozilla
Some content of TEMP:
====================
C:\Users\CZeller\AppData\Local\Temp\avgnt.exe
C:\Users\CZeller\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-30 14:46
==================== End Of Log ============================
--- --- --- --- --- --- Warum soll ich beim ESET alle USB-Sticks und Festplatten anschließen? Habe mehr Geräte als USB-Slots, soll ich den Scan dann mehrmals machen und hier posten? Gruß Hi, finde leider den Editier-Button nicht.  Hier mal die Logs mit den externen USB-Geräten: ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dff34800f5eae444a443d36e3215bd4e
# engine=16138
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-04 11:03:35
# local_time=2013-12-05 12:03:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 7224 6091605 8 0
# compatibility_mode=5893 16776574 100 94 6095780 137828065 0 0
# scanned=93761
# found=0
# cleaned=0
# scan_time=1922
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dff34800f5eae444a443d36e3215bd4e
# engine=16141
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-05 09:33:54
# local_time=2013-12-05 10:33:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 7638 6129424 420 0
# compatibility_mode=5893 16776574 100 94 6133599 137865884 0 0
# scanned=102283
# found=0
# cleaned=0
# scan_time=3162
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.152 Adobe Reader XI Mozilla Firefox (25.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013
Ran by CZeller (administrator) on CZELLER-PC on 05-12-2013 11:21:59
Running from C:\Users\CZeller\Desktop\dls
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
AppInit_DLLs: c:\PROGRA~3\BitGuard\271832~1.68\{C16C1~1\loader.dll [ ] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9733CE8CCAB9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\CZeller\AppData\Roaming\Mozilla\Firefox\Profiles\sw6r9pp3.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-30] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-05 11:21 - 2013-12-05 11:21 - 00000842 _____ C:\Users\CZeller\Desktop\security_checkup2.txt
2013-12-05 11:19 - 2013-12-05 10:33 - 00001365 _____ C:\Users\CZeller\Desktop\ESET mit usb.txt
2013-12-05 00:08 - 2013-12-05 00:08 - 00045260 _____ C:\Users\CZeller\Desktop\FRST_3.txt
2013-12-05 00:06 - 2013-12-05 00:06 - 00000842 _____ C:\Users\CZeller\Desktop\security_checkup.txt
2013-12-05 00:04 - 2013-12-05 00:03 - 00000707 _____ C:\Users\CZeller\Desktop\ESET.txt
2013-12-04 23:30 - 2013-12-04 23:30 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-03 22:58 - 2013-12-03 22:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-03 13:13 - 2013-12-03 13:13 - 00044754 _____ C:\Users\CZeller\Desktop\FRST_2.txt
2013-12-03 13:11 - 2013-12-03 13:11 - 00000947 _____ C:\Users\CZeller\Desktop\JRT1.txt
2013-12-03 13:10 - 2013-12-03 13:10 - 00000947 _____ C:\Users\CZeller\Desktop\JRT.txt
2013-12-03 13:06 - 2013-12-03 13:06 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 13:05 - 2013-12-03 13:05 - 01034531 _____ (Thisisu) C:\Users\CZeller\Desktop\JRT.exe
2013-12-03 13:04 - 2013-12-03 13:04 - 00005079 _____ C:\Users\CZeller\Desktop\AdwCleaner[S0].txt
2013-12-03 13:01 - 2013-12-03 13:01 - 00000000 ____D C:\AdwCleaner
2013-12-03 13:00 - 2013-12-03 13:00 - 01110034 _____ C:\Users\CZeller\Desktop\adwcleaner.exe
2013-12-03 12:52 - 2013-12-03 12:52 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 12:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 12:51 - 2013-12-03 12:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\CZeller\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-03 10:33 - 2013-12-03 10:33 - 00001438 _____ C:\Users\CZeller\Desktop\Gmer.txt
2013-12-03 10:28 - 2013-12-03 10:28 - 00377856 _____ C:\Users\CZeller\Desktop\gmer_2.1.19163.exe
2013-12-03 10:25 - 2013-12-03 13:13 - 00044754 _____ C:\Users\CZeller\Desktop\FRST.txt
2013-12-03 10:25 - 2013-12-03 10:25 - 00013647 _____ C:\Users\CZeller\Desktop\Addition.txt
2013-12-03 10:25 - 2013-12-03 10:25 - 00000000 ____D C:\FRST
2013-12-03 10:23 - 2013-12-03 10:23 - 00050477 _____ C:\Users\CZeller\Desktop\Defogger.exe
2013-12-03 10:23 - 2013-12-03 10:23 - 00000476 _____ C:\Users\CZeller\Desktop\defogger_disable.log
2013-12-03 10:23 - 2013-12-03 10:23 - 00000000 _____ C:\Users\CZeller\defogger_reenable
2013-12-03 10:13 - 2013-12-03 10:13 - 00022395 _____ C:\ComboFix.txt
2013-12-03 10:05 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-03 10:05 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-03 10:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-03 10:05 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-03 10:04 - 2013-12-03 10:13 - 00000000 ____D C:\Qoobox
2013-12-03 10:04 - 2013-12-03 10:12 - 00000000 ____D C:\Windows\erdnt
2013-12-03 10:04 - 2013-12-03 10:04 - 05151572 ____R (Swearware) C:\Users\CZeller\Desktop\ComboFix.exe
2013-12-02 23:55 - 2013-12-02 23:55 - 392908256 _____ C:\Windows\MEMORY.DMP
2013-12-02 23:55 - 2013-12-02 23:55 - 00286664 _____ C:\Windows\Minidump\120213-17581-01.dmp
2013-12-02 23:55 - 2013-12-02 23:55 - 00000000 ____D C:\Windows\Minidump
2013-11-26 09:03 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-26 09:01 - 2013-11-26 09:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 09:01 - 2013-11-26 09:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 08:59 - 2013-11-26 09:03 - 00009768 _____ C:\Windows\IE11_main.log
2013-11-14 23:17 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 23:17 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 23:17 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 23:17 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 23:17 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 23:17 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 23:17 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 23:17 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 23:17 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 23:17 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 23:17 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 23:17 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 23:17 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 23:17 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 23:17 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 23:17 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 23:17 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 23:17 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 23:17 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 23:17 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 23:17 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 23:17 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 23:17 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 23:17 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 23:17 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 23:17 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 23:17 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 23:17 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 23:17 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 23:17 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-09 17:38 - 2013-11-10 12:58 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ____D C:\ProgramData\Skype
==================== One Month Modified Files and Folders =======
2013-12-05 11:21 - 2013-12-05 11:21 - 00000842 _____ C:\Users\CZeller\Desktop\security_checkup2.txt
2013-12-05 11:21 - 2013-09-25 12:02 - 00000000 ____D C:\Users\CZeller\Desktop\dls
2013-12-05 11:05 - 2013-09-25 09:37 - 02027239 _____ C:\Windows\WindowsUpdate.log
2013-12-05 10:33 - 2013-12-05 11:19 - 00001365 _____ C:\Users\CZeller\Desktop\ESET mit usb.txt
2013-12-05 09:39 - 2011-04-12 08:43 - 00653928 _____ C:\Windows\system32\perfh007.dat
2013-12-05 09:39 - 2011-04-12 08:43 - 00129800 _____ C:\Windows\system32\perfc007.dat
2013-12-05 09:39 - 2009-07-14 06:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-05 09:38 - 2009-07-14 05:51 - 00036949 _____ C:\Windows\setupact.log
2013-12-05 09:28 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-05 09:28 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-05 09:21 - 2013-09-28 11:37 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-05 09:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-05 00:08 - 2013-12-05 00:08 - 00045260 _____ C:\Users\CZeller\Desktop\FRST_3.txt
2013-12-05 00:06 - 2013-12-05 00:06 - 00000842 _____ C:\Users\CZeller\Desktop\security_checkup.txt
2013-12-05 00:03 - 2013-12-05 00:04 - 00000707 _____ C:\Users\CZeller\Desktop\ESET.txt
2013-12-04 23:30 - 2013-12-04 23:30 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-03 22:58 - 2013-12-03 22:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-03 22:58 - 2013-09-25 10:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 22:58 - 2013-09-25 10:26 - 00000000 ____D C:\Users\CZeller\AppData\Local\Adobe
2013-12-03 13:13 - 2013-12-03 13:13 - 00044754 _____ C:\Users\CZeller\Desktop\FRST_2.txt
2013-12-03 13:13 - 2013-12-03 10:25 - 00044754 _____ C:\Users\CZeller\Desktop\FRST.txt
2013-12-03 13:11 - 2013-12-03 13:11 - 00000947 _____ C:\Users\CZeller\Desktop\JRT1.txt
2013-12-03 13:10 - 2013-12-03 13:10 - 00000947 _____ C:\Users\CZeller\Desktop\JRT.txt
2013-12-03 13:06 - 2013-12-03 13:06 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 13:05 - 2013-12-03 13:05 - 01034531 _____ (Thisisu) C:\Users\CZeller\Desktop\JRT.exe
2013-12-03 13:04 - 2013-12-03 13:04 - 00005079 _____ C:\Users\CZeller\Desktop\AdwCleaner[S0].txt
2013-12-03 13:01 - 2013-12-03 13:01 - 00000000 ____D C:\AdwCleaner
2013-12-03 13:00 - 2013-12-03 13:00 - 01110034 _____ C:\Users\CZeller\Desktop\adwcleaner.exe
2013-12-03 12:58 - 2010-11-21 04:47 - 00026002 _____ C:\Windows\PFRO.log
2013-12-03 12:52 - 2013-12-03 12:52 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 12:52 - 2013-12-03 12:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 12:51 - 2013-12-03 12:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\CZeller\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-03 10:33 - 2013-12-03 10:33 - 00001438 _____ C:\Users\CZeller\Desktop\Gmer.txt
2013-12-03 10:28 - 2013-12-03 10:28 - 00377856 _____ C:\Users\CZeller\Desktop\gmer_2.1.19163.exe
2013-12-03 10:25 - 2013-12-03 10:25 - 00013647 _____ C:\Users\CZeller\Desktop\Addition.txt
2013-12-03 10:25 - 2013-12-03 10:25 - 00000000 ____D C:\FRST
2013-12-03 10:23 - 2013-12-03 10:23 - 00050477 _____ C:\Users\CZeller\Desktop\Defogger.exe
2013-12-03 10:23 - 2013-12-03 10:23 - 00000476 _____ C:\Users\CZeller\Desktop\defogger_disable.log
2013-12-03 10:23 - 2013-12-03 10:23 - 00000000 _____ C:\Users\CZeller\defogger_reenable
2013-12-03 10:23 - 2013-09-25 09:35 - 00000000 ____D C:\Users\CZeller
2013-12-03 10:13 - 2013-12-03 10:13 - 00022395 _____ C:\ComboFix.txt
2013-12-03 10:13 - 2013-12-03 10:04 - 00000000 ____D C:\Qoobox
2013-12-03 10:13 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-03 10:12 - 2013-12-03 10:04 - 00000000 ____D C:\Windows\erdnt
2013-12-03 10:11 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-03 10:04 - 2013-12-03 10:04 - 05151572 ____R (Swearware) C:\Users\CZeller\Desktop\ComboFix.exe
2013-12-03 10:04 - 2013-09-25 11:58 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-02 23:55 - 2013-12-02 23:55 - 392908256 _____ C:\Windows\MEMORY.DMP
2013-12-02 23:55 - 2013-12-02 23:55 - 00286664 _____ C:\Windows\Minidump\120213-17581-01.dmp
2013-12-02 23:55 - 2013-12-02 23:55 - 00000000 ____D C:\Windows\Minidump
2013-12-02 23:53 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 20:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-26 18:16 - 2013-09-25 09:36 - 00001425 _____ C:\Users\CZeller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 18:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-26 09:03 - 2013-11-26 08:59 - 00009768 _____ C:\Windows\IE11_main.log
2013-11-26 09:01 - 2013-11-26 09:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 09:01 - 2013-11-26 09:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 09:00 - 2013-11-26 09:00 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 09:00 - 2013-11-26 09:00 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 09:00 - 2013-11-26 09:00 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 09:00 - 2013-11-26 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 09:00 - 2013-11-26 09:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 09:00 - 2013-11-26 09:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 09:00 - 2013-11-26 09:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-23 14:34 - 2013-10-06 15:22 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-11-16 11:33 - 2013-09-25 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 01:01 - 2013-09-25 10:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:48 - 2013-09-25 10:32 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 23:47 - 2013-09-25 10:32 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 11:03 - 2013-09-25 11:58 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-10 12:58 - 2013-11-09 17:38 - 00000000 ____D C:\Users\CZeller\AppData\Roaming\Skype
2013-11-10 12:14 - 2013-10-06 00:13 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-10 11:32 - 2013-10-06 00:13 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-10 11:05 - 2013-10-02 21:57 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-09 17:37 - 2013-11-09 17:37 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-09 17:37 - 2013-11-09 17:37 - 00000000 ____D C:\ProgramData\Skype
2013-11-06 17:05 - 2013-09-25 10:53 - 00000000 ____D C:\Users\CZeller\AppData\Local\Mozilla
Some content of TEMP:
====================
C:\Users\CZeller\AppData\Local\Temp\avgnt.exe
C:\Users\CZeller\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-30 14:46
==================== End Of Log ============================
--- --- --- --- --- ---  |
|
06.12.2013, 09:27
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: svchost.exe Fund: ADWARE/bprotektor.E Das mit ESET steht da nur, dass man evtl vorhandene externe Sachen bei der Gelegenheit grad mitscannen könnte Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter AppInit_DLLs: c:\PROGRA~3\BitGuard\271832~1.68\{C16C1~1\loader.dll [ ] ()
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Windows 7: svchost.exe Fund: ADWARE/bprotektor.E |
|
06.12.2013, 12:36
| #7 |
| | Windows 7: svchost.exe Fund: ADWARE/bprotektor.E Hi, super, scheint alles weg zu sein! Hier noch das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2013
Ran by CZeller at 2013-12-06 11:45:42 Run:1
Running from C:\Users\CZeller\Desktop\dls
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
AppInit_DLLs: c:\PROGRA~3\BitGuard\271832~1.68\{C16C1~1\loader.dll [ ] ()
*****************
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
==== End of Fixlog ====
Danke für die Hilfe, das Thema ist abgeschlossen!  |
|
07.12.2013, 11:36
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: svchost.exe Fund: ADWARE/bprotektor.E Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: svchost.exe Fund: ADWARE/bprotektor.E |
| adware/bprotektor.e, antivir, avira, browser, desktop, fehler, flash player, iexplore.exe, internet explorer, launch, minidump, plug-in, popup, pup.bprotector, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.bprotector.a, pup.optional.datamngr.a, pup.optional.installcore.a, pup.optional.searchgoltb.a, pup.optional.startpage.a, scan, security, svchost.exe, virus, windows |
Linear-Darstellung
