Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
"Bundespolizei" Browser gesperrt

"Bundespolizei" Browser gesperrt


Log-Analyse und Auswertung: "Bundespolizei" Browser gesperrt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.12.2013, 16:04   #1
Löwe38
 
"Bundespolizei" Browser gesperrt - Standard

"Bundespolizei" Browser gesperrt


Hi Leute, bin neu hier und gleich mit einem Problem, sorry

Ich hab diesen, ich glaub mal, Trojaner auf meinem Laptop gehabt (Win8). Der öffnete sich eine neue Tab in meinem FF Browser, dass die "Bundespolizei" dieses gesperrt hat und ich 100€ zahlen. Bin ja nicht dumm, da ich von diesem Trojaner öfters gehört habe. Naja lange Rede kurzer Sinn, hab eben ne Systemwiederherstellung gemacht und dann war dieser Weg, sprich FF ist ganz normal nutzbar. Jedoch habe ich im Internet des öfteren gelesen, dass eben diese Trojaner noch da sind oder derart gleiches. Ich hab eben auf diesem Board gelesen, dass man irgendwas mit Log-Files oder so machen soll, da hab ich eben Null Ahnung ehrlich gesagt. Hoffentlich könnt ihr mir weiterhelfen, will ein Laptop ohne Befall benutzen

Gruß
Löwe38

Alt 09.12.2013, 16:12   #2
schrauber
/// the machine
/// TB-Ausbilder
 
"Bundespolizei" Browser gesperrt - Standard

"Bundespolizei" Browser gesperrt


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 09.12.2013, 16:26   #3
Löwe38
 
"Bundespolizei" Browser gesperrt - Standard

"Bundespolizei" Browser gesperrt


danke für die schnelle Anwort
__________________
Alt 10.12.2013, 10:18   #4
schrauber
/// the machine
/// TB-Ausbilder
 
"Bundespolizei" Browser gesperrt - Standard

"Bundespolizei" Browser gesperrt


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.12.2013, 15:16   #5
Löwe38
 
"Bundespolizei" Browser gesperrt - Standard

"Bundespolizei" Browser gesperrt


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 03
Ran by Cihad (administrator) on CIHAD-PC on 09-12-2013 16:18:25
Running from C:\Users\Cihad\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
(Connectify) C:\Program Files (x86)\Connectify\DispatchUI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-19] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-19] (Atheros Communications)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-09-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [191544 2012-09-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [Connectify Hotspot] - C:\Program Files (x86)\Connectify\Connectify.exe [4162336 2013-09-24] (Connectify)
HKLM\...\Run: [Connectify Dispatch] - C:\Program Files (x86)\Connectify\DispatchUI.exe [2233120 2013-09-24] (Connectify)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_8F47C565F12AAF546C23731DD19702F3] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-09-25] (Lenovo)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {1A4FE10D-3B43-43A5-A284-632F165EE98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {1A4FE10D-3B43-43A5-A284-632F165EE98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {1A4FE10D-3B43-43A5-A284-632F165EE98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {1A4FE10D-3B43-43A5-A284-632F165EE98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {1A4FE10D-3B43-43A5-A284-632F165EE98C} URL = 
SearchScopes: HKCU - {1A4FE10D-3B43-43A5-A284-632F165EE98C} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 130.75.1.32 130.75.1.40

FireFox:
========
FF ProfilePath: C:\Users\Cihad\AppData\Roaming\Mozilla\Firefox\Profiles\c8ciwdq5.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firebug - C:\Users\Cihad\AppData\Roaming\Mozilla\Firefox\Profiles\c8ciwdq5.default\Extensions\firebug@software.joehewitt.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

Chrome: 
=======
CHR HomePage: hxxp://lenovo13.msn.com/
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Drive) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Google Wallet) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-08] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-19] (Qualcomm Atheros Commnucations)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2013-09-24] (Connectify)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-19] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-12-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-08] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-19] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [35352 2013-11-06] (Connectify)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-09 16:17 - 2013-12-09 16:18 - 00018244 _____ C:\Users\Cihad\Desktop\FRST.txt
2013-12-09 16:17 - 2013-12-09 16:17 - 01927998 _____ (Farbar) C:\Users\Cihad\Desktop\FRST64.exe
2013-12-09 16:16 - 2013-12-09 16:16 - 00022463 _____ C:\Users\Cihad\Downloads\Addition.txt
2013-12-09 16:15 - 2013-12-09 16:16 - 00037051 _____ C:\Users\Cihad\Downloads\FRST.txt
2013-12-09 16:15 - 2013-12-09 16:15 - 00000000 ____D C:\FRST
2013-12-09 16:14 - 2013-12-09 16:14 - 01927998 _____ (Farbar) C:\Users\Cihad\Downloads\FRST64.exe
2013-12-08 14:10 - 2013-12-08 17:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-08 14:08 - 2013-12-08 17:02 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 14:08 - 2013-12-08 14:08 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-12-07 18:03 - 2013-12-07 18:04 - 351195587 _____ C:\Users\Cihad\Downloads\Movie 43.flv
2013-12-07 18:02 - 2013-12-07 18:05 - 724180992 _____ C:\Users\Cihad\Downloads\lex-zohan.avi
2013-12-07 18:00 - 2013-12-07 18:04 - 840925456 _____ C:\Users\Cihad\Downloads\Evan Allmächtig.mpg
2013-12-07 17:58 - 2013-12-07 18:05 - 1520351232 _____ C:\Users\Cihad\Downloads\Der Informant (2009).avi
2013-12-07 17:57 - 2013-12-07 18:15 - 702562938 _____ C:\Users\Cihad\Downloads\8 Blickwinkel.mkv
2013-12-06 21:59 - 2013-12-06 22:29 - 228275367 _____ C:\Users\Cihad\Downloads\Matrix Revolutions.mkv
2013-12-03 22:37 - 2013-12-03 22:50 - 247807269 _____ C:\Users\Cihad\Downloads\Matrix Reloaded.mkv
2013-12-03 22:15 - 2013-12-03 22:27 - 2730365385 _____ C:\Users\Cihad\Downloads\Matrix(1).mkv
2013-12-03 21:09 - 2013-12-03 21:09 - 01113304 _____ C:\Users\Cihad\Desktop\untitled.wav
2013-12-03 21:00 - 2013-12-03 21:00 - 01114666 _____ C:\Users\Cihad\Desktop\2neu.wav
2013-12-03 20:58 - 2013-12-03 20:58 - 00126203 _____ C:\Users\Cihad\Desktop\2.wma
2013-12-03 20:39 - 2013-12-08 17:04 - 00000000 ____D C:\Program Files (x86)\Free WMA to MP3 Converter
2013-12-03 20:25 - 2013-12-03 20:25 - 00094773 _____ C:\Users\Cihad\Desktop\versuch.wma
2013-12-02 22:56 - 2013-12-02 22:58 - 92187320 _____ C:\Users\Cihad\Downloads\Matrix.mkv.part
2013-12-02 22:56 - 2013-12-02 22:56 - 00000000 _____ C:\Users\Cihad\Downloads\Matrix.mkv
2013-11-29 21:22 - 2013-11-29 21:24 - 00000000 ____D C:\Users\Cihad\Desktop\KPWELLE
2013-11-29 10:36 - 2013-12-08 17:06 - 00000000 ____D C:\Users\Cihad\AppData\Roaming\vlc
2013-11-29 10:35 - 2013-11-29 10:35 - 00000882 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-29 10:34 - 2013-11-29 10:34 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-29 10:33 - 2013-11-29 10:33 - 23679700 _____ C:\Users\Cihad\Downloads\vlc-2.1.1-win64.exe
2013-11-24 17:35 - 2013-11-24 17:35 - 00000000 ____D C:\Users\Cihad\Desktop\TOR
2013-11-24 14:42 - 2013-11-24 14:42 - 00000000 ____D C:\Users\Cihad\Documents\TOR
2013-11-24 14:41 - 2013-11-24 14:41 - 27252412 _____ (Igor Pavlov) C:\Users\Cihad\Downloads\tor-browser-2.3.25-15_de.exe
2013-11-20 23:31 - 2013-11-20 23:31 - 00006271 _____ C:\Users\Cihad\Desktop\eclipse - Verknüpfung.lnk
2013-11-19 23:48 - 2013-11-30 10:00 - 105070662 _____ C:\WINDOWS\SysWOW64\ꑬ뽟瀄V
2013-11-19 18:32 - 2013-11-19 18:44 - 3523459072 _____ C:\Users\Cihad\Downloads\sr-codbo.iso
2013-11-19 16:40 - 2013-11-19 16:40 - 00424616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-16 12:03 - 2013-11-18 17:00 - 104931504 _____ C:\WINDOWS\SysWOW64\ǐ⛨睃
2013-11-16 12:03 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-11-16 12:03 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-15 23:27 - 2013-11-15 23:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:56 - 2013-11-14 23:56 - 25131186 _____ C:\Users\Cihad\Downloads\CMB-WS2013.zip
2013-11-14 12:21 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-11-14 12:21 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-11-14 12:21 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-11-14 12:21 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-11-14 12:21 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-11-14 12:21 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-11-14 12:21 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2013-11-14 12:21 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2013-11-14 12:21 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2013-11-14 12:21 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2013-11-14 12:21 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2013-11-14 12:21 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-11-14 12:21 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-11-14 12:21 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-11-14 12:21 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-11-14 12:21 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-11-14 12:21 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-11-14 12:21 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-11-14 12:21 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-11-14 12:21 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-11-14 12:21 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2013-11-14 12:21 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-11-14 12:21 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-11-14 12:21 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2013-11-14 12:21 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-11-14 12:21 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-11-14 12:21 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-11-14 12:21 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2013-11-14 12:21 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-11-14 12:21 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-11-14 12:21 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-11-14 12:21 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2013-11-14 12:20 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-11-14 12:20 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-11-14 12:20 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-11-14 12:20 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-11-14 12:20 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-11-14 12:20 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-11-14 12:20 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-11-14 12:20 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-11-14 12:20 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-11-14 12:20 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-11-14 12:20 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-11-14 12:20 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-11-14 12:20 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-11-14 12:20 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-11-14 12:20 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-11-14 12:20 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-11-14 12:20 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-11-14 12:20 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-11-14 12:20 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-11-14 12:20 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2013-11-14 12:20 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-11-14 12:20 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-11-14 12:19 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-11-14 12:19 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-11-14 12:19 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2013-11-09 21:54 - 2013-11-09 21:54 - 00000503 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics

==================== One Month Modified Files and Folders =======

2013-12-09 16:18 - 2013-12-09 16:17 - 00018244 _____ C:\Users\Cihad\Desktop\FRST.txt
2013-12-09 16:17 - 2013-12-09 16:17 - 01927998 _____ (Farbar) C:\Users\Cihad\Desktop\FRST64.exe
2013-12-09 16:16 - 2013-12-09 16:16 - 00022463 _____ C:\Users\Cihad\Downloads\Addition.txt
2013-12-09 16:16 - 2013-12-09 16:15 - 00037051 _____ C:\Users\Cihad\Downloads\FRST.txt
2013-12-09 16:15 - 2013-12-09 16:15 - 00000000 ____D C:\FRST
2013-12-09 16:14 - 2013-12-09 16:14 - 01927998 _____ (Farbar) C:\Users\Cihad\Downloads\FRST64.exe
2013-12-09 16:07 - 2012-09-19 02:48 - 01647841 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-09 16:02 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-09 15:59 - 2012-12-11 18:39 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-09 15:58 - 2012-09-19 11:56 - 00818446 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-09 15:58 - 2012-09-19 11:56 - 00180228 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-09 15:58 - 2012-07-26 08:28 - 01928686 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-09 14:45 - 2012-12-11 11:44 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-09 13:04 - 2012-12-11 11:44 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-08 21:01 - 2012-12-11 00:06 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1871559601-2883593324-1732554410-1002
2013-12-08 17:20 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-08 17:20 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-12-08 17:18 - 2013-05-07 11:12 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-08 17:18 - 2013-03-28 16:37 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-08 17:18 - 2013-03-28 16:37 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-08 17:18 - 2013-03-28 16:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-12-08 17:17 - 2013-01-07 22:02 - 00000000 ____D C:\Users\Cihad\AppData\Local\CrashDumps
2013-12-08 17:09 - 2012-12-11 00:00 - 00000000 ____D C:\Users\Cihad
2013-12-08 17:08 - 2013-11-06 10:26 - 00000000 ____D C:\Program Files (x86)\Connectify
2013-12-08 17:06 - 2013-11-29 10:36 - 00000000 ____D C:\Users\Cihad\AppData\Roaming\vlc
2013-12-08 17:04 - 2013-12-03 20:39 - 00000000 ____D C:\Program Files (x86)\Free WMA to MP3 Converter
2013-12-08 17:03 - 2013-12-08 14:10 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-08 17:02 - 2013-12-08 14:08 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 17:00 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-12-08 17:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\registration
2013-12-08 15:27 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-12-08 14:12 - 2013-01-09 15:41 - 00000000 ____D C:\ldiag
2013-12-08 14:12 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-08 14:08 - 2013-12-08 14:08 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-12-07 21:32 - 2013-06-02 18:09 - 00000000 ____D C:\Users\Cihad\Documents\Bewerbung
2013-12-07 18:15 - 2013-12-07 17:57 - 702562938 _____ C:\Users\Cihad\Downloads\8 Blickwinkel.mkv
2013-12-07 18:05 - 2013-12-07 18:02 - 724180992 _____ C:\Users\Cihad\Downloads\lex-zohan.avi
2013-12-07 18:05 - 2013-12-07 17:58 - 1520351232 _____ C:\Users\Cihad\Downloads\Der Informant (2009).avi
2013-12-07 18:04 - 2013-12-07 18:03 - 351195587 _____ C:\Users\Cihad\Downloads\Movie 43.flv
2013-12-07 18:04 - 2013-12-07 18:00 - 840925456 _____ C:\Users\Cihad\Downloads\Evan Allmächtig.mpg
2013-12-07 17:07 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-12-06 22:29 - 2013-12-06 21:59 - 228275367 _____ C:\Users\Cihad\Downloads\Matrix Revolutions.mkv
2013-12-03 22:50 - 2013-12-03 22:37 - 247807269 _____ C:\Users\Cihad\Downloads\Matrix Reloaded.mkv
2013-12-03 22:27 - 2013-12-03 22:15 - 2730365385 _____ C:\Users\Cihad\Downloads\Matrix(1).mkv
2013-12-03 21:09 - 2013-12-03 21:09 - 01113304 _____ C:\Users\Cihad\Desktop\untitled.wav
2013-12-03 21:00 - 2013-12-03 21:00 - 01114666 _____ C:\Users\Cihad\Desktop\2neu.wav
2013-12-03 20:58 - 2013-12-03 20:58 - 00126203 _____ C:\Users\Cihad\Desktop\2.wma
2013-12-03 20:25 - 2013-12-03 20:25 - 00094773 _____ C:\Users\Cihad\Desktop\versuch.wma
2013-12-02 22:58 - 2013-12-02 22:56 - 92187320 _____ C:\Users\Cihad\Downloads\Matrix.mkv.part
2013-12-02 22:56 - 2013-12-02 22:56 - 00000000 _____ C:\Users\Cihad\Downloads\Matrix.mkv
2013-12-02 00:01 - 2013-09-30 17:28 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-30 10:00 - 2013-11-19 23:48 - 105070662 _____ C:\WINDOWS\SysWOW64\ꑬ뽟瀄V
2013-11-29 21:24 - 2013-11-29 21:22 - 00000000 ____D C:\Users\Cihad\Desktop\KPWELLE
2013-11-29 10:35 - 2013-11-29 10:35 - 00000882 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-29 10:34 - 2013-11-29 10:34 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-29 10:33 - 2013-11-29 10:33 - 23679700 _____ C:\Users\Cihad\Downloads\vlc-2.1.1-win64.exe
2013-11-28 17:40 - 2012-12-11 11:44 - 00004098 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-28 17:40 - 2012-12-11 11:44 - 00003862 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-25 13:25 - 2013-07-06 15:21 - 00000000 ____D C:\Users\Cihad\AppData\Roaming\Skype
2013-11-24 17:35 - 2013-11-24 17:35 - 00000000 ____D C:\Users\Cihad\Desktop\TOR
2013-11-24 14:42 - 2013-11-24 14:42 - 00000000 ____D C:\Users\Cihad\Documents\TOR
2013-11-24 14:41 - 2013-11-24 14:41 - 27252412 _____ (Igor Pavlov) C:\Users\Cihad\Downloads\tor-browser-2.3.25-15_de.exe
2013-11-23 22:49 - 2013-07-06 15:13 - 00000000 ____D C:\Users\Cihad\AppData\Local\Windows Live
2013-11-20 23:31 - 2013-11-20 23:31 - 00006271 _____ C:\Users\Cihad\Desktop\eclipse - Verknüpfung.lnk
2013-11-20 23:30 - 2013-11-08 15:44 - 00000000 ____D C:\Users\Cihad\Documents\JAVA
2013-11-19 18:44 - 2013-11-19 18:32 - 3523459072 _____ C:\Users\Cihad\Downloads\sr-codbo.iso
2013-11-19 16:40 - 2013-11-19 16:40 - 00424616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-18 17:00 - 2013-11-16 12:03 - 104931504 _____ C:\WINDOWS\SysWOW64\ǐ⛨睃
2013-11-16 18:45 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache
2013-11-16 12:01 - 2012-12-11 18:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 01:21 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-11-16 01:20 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-11-15 23:27 - 2013-11-15 23:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:56 - 2013-11-14 23:56 - 25131186 _____ C:\Users\Cihad\Downloads\CMB-WS2013.zip
2013-11-14 14:10 - 2013-01-29 17:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 14:02 - 2013-08-26 17:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-14 14:01 - 2012-12-17 22:44 - 82896128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-10 18:49 - 2012-12-11 00:10 - 00000000 ____D C:\Users\Cihad\AppData\Roaming\LSC
2013-11-10 00:27 - 2013-08-12 00:31 - 00000000 ____D C:\Users\Cihad\Documents\MWHACK
2013-11-09 21:54 - 2013-11-09 21:54 - 00000503 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2013-11-09 13:41 - 2013-11-08 10:49 - 103378319 _____ C:\WINDOWS\SysWOW64\넭⋻瀄À

Some content of TEMP:
====================
C:\Users\Cihad\AppData\Local\Temp\AskSLib.dll
C:\Users\Cihad\AppData\Local\Temp\avgnt.exe
C:\Users\Cihad\AppData\Local\Temp\FastDownload.exe
C:\Users\Cihad\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Cihad\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Cihad\AppData\Local\Temp\hnazh2te.dll
C:\Users\Cihad\AppData\Local\Temp\htmlayout.dll
C:\Users\Cihad\AppData\Local\Temp\LOOP.EXE
C:\Users\Cihad\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Cihad\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-08 12:07

==================== End Of Log ============================
--- --- ---

--- --- ---



Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2013 03
Ran by Cihad at 2013-12-09 16:18:52
Running from C:\Users\Cihad\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.8.0.870)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Amazon Browser App (x32 Version: 1.0.0.0)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7)
Avira Free Antivirus (x32 Version: 14.0.1.759)
Benutzerhandbuch (x32 Version: 1.0.0.9)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX (x32)
Canon MP Navigator EX 4.0 (x32)
Canon MP280 series Benutzerregistrierung (x32)
Canon MP280 series MP Drivers
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Conexant HD Audio (Version: 8.54.44.50)
Connectify (Version: 7.0.0.28979)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
D3DX10 (x32 Version: 15.4.2368.0902)
Dolby Advanced Audio v2 (x32 Version: 7.2.8000.16)
Dotfuscator Software Services - Community Edition - DEU (x32 Version: 5.0.2300.0)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0)
Energy Management (x32 Version: 8.0.2.4)
FL Studio 10 (x32)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
iCloud (Version: 3.0.2.163)
IL Download Manager (x32)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2828)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.4.1001)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.1.0.126)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java SE Development Kit 7 Update 45 (64-bit) (Version: 1.7.0.450)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
Lennar Digital Sylenth VSTi v1.2.1 (x32)
Lenovo EasyCamera (x32 Version: 13.12.824.1)
Lenovo OneKey Recovery (Version: 8.0.0.0710)
Lenovo OneKey Recovery (x32 Version: 8.0.0.0710)
Lenovo pointing device (Version: 11.4.3.3)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52)
Lenovo Solution Center (Version: 2.3.002.00)
Lenovo YouCam (x32 Version: 4.1.3127)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft Expression Web 4 (x32 Version: 4.0.1460.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Silverlight 3 SDK - Deutsch (x32 Version: 3.0.40818.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 de (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Performance Collection Tools - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010 Ultimate - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.12.0613)
NVIDIA PhysX-Systemsoftware 9.12.0613 (Version: 9.12.0613)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
PCSX2 - Playstation 2 Emulator (x32)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
Power2Go (x32 Version: 5.6.0.9109)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.206)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0)
Skype™ 6.3 (x32 Version: 6.3.105)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
SugarSync Manager (x32 Version: 1.9.61.90905)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (Version: 10.1.2731.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
UserGuide (x32 Version: 1.0.0.9)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0)
VLC media player 2.1.1 (Version: 2.1.1)
Web Deployment Tool (Version: 1.1.0618)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

21-11-2013 19:57:04 Geplanter Prüfpunkt
30-11-2013 09:10:29 Geplanter Prüfpunkt
07-12-2013 14:24:03 Geplanter Prüfpunkt
08-12-2013 15:54:15 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {078D01AF-78E7-4595-9996-F247085F3C12} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {1E46BBEF-D509-46B8-B628-3932134B1405} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {3BC817F8-93BF-4F98-B8E1-D1ABD600883D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {477431F2-B63A-4E91-8F7F-60FCF0290201} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-06] (Adobe Systems Incorporated)
Task: {4C412461-43EC-4050-A915-56BA077FA862} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\System32\pla.dll [2012-07-26] (Microsoft Corporation)
Task: {797DA656-4DE7-45E2-8FD6-AF6148F9D35C} - System32\Tasks\{F2DC5E45-DEEC-4BE3-96FB-3F9A520F9159} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {8AA2FA3E-0450-4E7B-BF60-97FD3D15A3CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CAEDC1B6-F1A4-4F86-9D1C-F8792E6B0588} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {D1B65E7C-0BC6-451E-A6C2-6CF34C2DC213} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {DE30020A-5FC3-499E-A924-1E228733E74F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11] (Google Inc.)
Task: {FB0BF60A-A68E-428C-AE73-2ADC727B7447} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-14 09:56 - 2012-08-03 17:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-01 14:47 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-06 10:26 - 2013-09-24 15:37 - 00352544 _____ () C:\Program Files (x86)\Connectify\NativeLibrary.dll
2013-11-06 10:26 - 2013-09-24 15:37 - 03147040 _____ () C:\Program Files (x86)\Connectify\ConnectifyNAT.dll
2013-11-06 10:26 - 2013-09-24 15:37 - 00714016 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2013-11-06 10:26 - 2013-09-24 15:37 - 00353568 _____ () C:\Program Files (x86)\Connectify\LibDispatch.dll
2012-09-19 02:10 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-11-15 23:27 - 2013-11-15 23:27 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2013 08:18:09 PM) (Source: ESENT) (User: )
Description: svchost (1588) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\WINDOWS\system32\SRU\SRU003CF.log.

Error: (12/08/2013 05:34:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6094

Error: (12/08/2013 05:34:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6094

Error: (12/08/2013 05:34:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/08/2013 05:34:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5078

Error: (12/08/2013 05:34:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5078

Error: (12/08/2013 05:34:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/08/2013 05:33:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4063

Error: (12/08/2013 05:33:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4063

Error: (12/08/2013 05:33:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/08/2013 01:53:49 PM) (Source: DCOM) (User: Cihad-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Cihad-PCCihadS-1-5-21-1871559601-2883593324-1732554410-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/08/2013 01:53:49 PM) (Source: DCOM) (User: Cihad-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Cihad-PCCihadS-1-5-21-1871559601-2883593324-1732554410-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/08/2013 01:53:49 PM) (Source: DCOM) (User: Cihad-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Cihad-PCCihadS-1-5-21-1871559601-2883593324-1732554410-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/08/2013 01:53:48 PM) (Source: DCOM) (User: Cihad-PC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Cihad-PCCihadS-1-5-21-1871559601-2883593324-1732554410-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/08/2013 01:50:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Gruppenrichtlinienclient" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/08/2013 01:50:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Gruppenrichtlinienclient" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/08/2013 01:49:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/08/2013 01:49:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/08/2013 01:49:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/08/2013 01:49:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (08/26/2013 02:44:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1206 seconds with 720 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8057.77 MB
Available physical RAM: 5838.34 MB
Total Pagefile: 9849.77 MB
Available Pagefile: 7061.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:418.43 GB) (Free:270.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3B09F474)

Partition: GPT Partition Type
==================== End Of Log ============================


Alt 11.12.2013, 09:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 
"Bundespolizei" Browser gesperrt - Standard

"Bundespolizei" Browser gesperrt


hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> "Bundespolizei" Browser gesperrt

Alt 11.12.2013, 11:28   #7
Löwe38
 
"Bundespolizei" Browser gesperrt - Standard

"Bundespolizei" Browser gesperrt


Code:
ATTFilter
ComboFix 13-12-10.01 - Cihad 11.12.2013  11:11:02.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.8058.5020 [GMT 1:00]
ausgeführt von:: c:\users\Cihad\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\users\Cihad\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-11 bis 2013-12-11  ))))))))))))))))))))))))))))))
.
.
2013-12-09 15:15 . 2013-12-09 15:15	--------	d-----w-	C:\FRST
2013-12-08 13:35 . 2013-12-08 13:35	--------	d-----w-	c:\program files (x86)\Common Files\Symantec Shared
2013-12-08 13:10 . 2013-12-08 16:03	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2013-12-08 13:08 . 2013-12-08 13:08	--------	d-----w-	c:\program files (x86)\Norton Internet Security
2013-12-08 13:08 . 2013-12-08 16:02	--------	d-----w-	c:\programdata\Norton
2013-12-08 13:07 . 2013-12-08 13:07	--------	d-----w-	c:\program files (x86)\NortonInstaller
2013-12-03 19:39 . 2013-12-08 16:04	--------	d-----w-	c:\program files (x86)\Free WMA to MP3 Converter
2013-12-01 15:10 . 2013-12-01 15:10	--------	d-----w-	c:\users\Cihad\AppData\Local\Diagnostics
2013-11-29 09:36 . 2013-12-09 19:49	--------	d-----w-	c:\users\Cihad\AppData\Roaming\vlc
2013-11-29 09:34 . 2013-11-29 09:34	--------	d-----w-	c:\program files\VideoLAN
2013-11-16 11:03 . 2013-11-05 22:58	78296	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-16 11:03 . 2013-11-05 22:58	694232	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-14 11:20 . 2013-10-01 23:37	1569280	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-11-14 11:19 . 2013-09-23 22:30	323072	----a-w-	c:\windows\SysWow64\schannel.dll
2013-11-14 11:19 . 2013-10-01 23:37	2035712	----a-w-	c:\windows\SysWow64\authui.dll
2013-11-14 11:19 . 2013-10-01 23:26	2304512	----a-w-	c:\windows\system32\authui.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-08 16:18 . 2013-05-07 10:12	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-12-08 16:18 . 2013-03-28 15:37	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-12-08 16:18 . 2013-03-28 15:37	132600	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-12-08 16:18 . 2013-03-28 15:37	107416	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-11-14 13:01 . 2012-12-17 21:44	82896128	----a-w-	c:\windows\system32\MRT.exe
2013-11-08 14:45 . 2013-11-08 14:46	312744	----a-w-	c:\windows\system32\javaws.exe
2013-11-08 14:45 . 2013-11-08 14:46	189352	----a-w-	c:\windows\system32\javaw.exe
2013-11-08 14:45 . 2013-11-08 14:46	189352	----a-w-	c:\windows\system32\java.exe
2013-11-08 14:45 . 2013-11-08 14:46	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-11-06 09:26 . 2013-11-06 09:26	35352	----a-w-	c:\windows\system32\drivers\cnnctfy3.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-06 14:14	220632	----a-w-	c:\users\Cihad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-06 14:14	220632	----a-w-	c:\users\Cihad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-06 14:14	220632	----a-w-	c:\users\Cihad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"GoogleChromeAutoLaunch_8F47C565F12AAF546C23731DD19702F3"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-12-04 863184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-07-25 508656]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-05-02 548864]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-07-27 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-07-27 167024]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-18 217088]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-08 683576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-17 152392]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\System32\drivers\MijXfilt.sys;c:\windows\SYSNATIVE\drivers\MijXfilt.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy3.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-09 12:46	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04	215416	----a-w-	c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 19:59]
.
2013-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 10:43]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 10:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-06 14:14	244696	----a-w-	c:\users\Cihad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-06 14:14	244696	----a-w-	c:\users\Cihad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-06 14:14	244696	----a-w-	c:\users\Cihad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-07 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-07 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-07 440640]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-08-19 764032]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-08-19 127616]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-09-19 17080376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-09-19 191544]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"Connectify Hotspot"="c:\program files (x86)\Connectify\Connectify.exe" [2013-09-24 4162336]
"Connectify Dispatch"="c:\program files (x86)\Connectify\DispatchUI.exe" [2013-09-24 2233120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Cihad\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 130.75.1.32 130.75.1.40
FF - ProfilePath - c:\users\Cihad\AppData\Roaming\Mozilla\Firefox\Profiles\c8ciwdq5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-12-11  11:22:58
ComboFix-quarantined-files.txt  2013-12-11 10:22
.
Vor Suchlauf: 12 Verzeichnis(se), 287.808.876.544 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 289.724.137.472 Bytes frei
.
- - End Of File - - 1457B22904B0DB39F5AAA794ACCA42D4

Alt 12.12.2013, 09:11   #8
schrauber
/// the machine
/// TB-Ausbilder
 
"Bundespolizei" Browser gesperrt - Standard

"Bundespolizei" Browser gesperrt


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.12.2013, 18:52   #9
Löwe38
 
"Bundespolizei" Browser gesperrt - Standard

"Bundespolizei" Browser gesperrt


Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.12.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Cihad :: CIHAD-PC [Administrator]

12.12.2013 18:17:30
mbam-log-2013-12-12 (18-17-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 238628
Laufzeit: 4 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ATTFilter
# AdwCleaner v3.015 - Bericht erstellt am 12/12/2013 um 18:38:10
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Cihad - CIHAD-PC
# Gestartet von : C:\Users\Cihad\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\StarApp
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
[x] Nicht Gelöscht : C:\Users\Cihad\AppData\Roaming\dvdvideosoftiehelpers
[x] Nicht Gelöscht : C:\Users\Cihad\AppData\Roaming\SendSpace

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Cihad\AppData\Roaming\Mozilla\Firefox\Profiles\c8ciwdq5.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1515 octets] - [12/12/2013 18:26:05]
AdwCleaner[S0].txt - [1446 octets] - [12/12/2013 18:38:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1506 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Cihad on 12.12.2013 at 18:46:43,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Cihad\AppData\Roaming\dvdvideosoftiehelpers"



~~~ FireFox

Emptied folder: C:\Users\Cihad\AppData\Roaming\mozilla\firefox\profiles\c8ciwdq5.default\minidumps [53 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.12.2013 at 18:50:14,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013
Ran by Cihad (administrator) on CIHAD-PC on 12-12-2013 18:51:55
Running from C:\Users\Cihad\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
(Connectify) C:\Program Files (x86)\Connectify\DispatchUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-19] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-19] (Atheros Communications)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-09-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [191544 2012-09-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [Connectify Hotspot] - C:\Program Files (x86)\Connectify\Connectify.exe [4162336 2013-09-24] (Connectify)
HKLM\...\Run: [Connectify Dispatch] - C:\Program Files (x86)\Connectify\DispatchUI.exe [2233120 2013-09-24] (Connectify)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_8F47C565F12AAF546C23731DD19702F3] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-09-25] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-09-25] (Lenovo)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {1A4FE10D-3B43-43A5-A284-632F165EE98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {1A4FE10D-3B43-43A5-A284-632F165EE98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {1A4FE10D-3B43-43A5-A284-632F165EE98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {1A4FE10D-3B43-43A5-A284-632F165EE98C} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Cihad\AppData\Roaming\Mozilla\Firefox\Profiles\c8ciwdq5.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firebug - C:\Users\Cihad\AppData\Roaming\Mozilla\Firefox\Profiles\c8ciwdq5.default\Extensions\firebug@software.joehewitt.com.xpi

Chrome: 
=======
CHR HomePage: hxxp://lenovo13.msn.com/
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Drive) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
CHR Extension: (Google Wallet) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Cihad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-08] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-19] (Qualcomm Atheros Commnucations)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2013-09-24] (Connectify)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-19] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-12-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-08] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-19] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [35352 2013-11-06] (Connectify)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 18:51 - 2013-12-12 18:51 - 00000000 ____D C:\Users\Cihad\Desktop\FRST-OlderVersion
2013-12-12 18:50 - 2013-12-12 18:50 - 00000833 _____ C:\Users\Cihad\Desktop\JRT.txt
2013-12-12 18:46 - 2013-12-12 18:46 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-12 18:44 - 2013-12-12 18:44 - 01034531 _____ (Thisisu) C:\Users\Cihad\Desktop\JRT.exe
2013-12-12 18:39 - 2013-12-12 18:39 - 00424616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 18:25 - 2013-12-12 18:38 - 00000000 ____D C:\AdwCleaner
2013-12-12 18:24 - 2013-12-12 18:24 - 01226802 _____ C:\Users\Cihad\Desktop\adwcleaner.exe
2013-12-12 18:14 - 2013-12-12 18:14 - 00001124 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-12 18:14 - 2013-12-12 18:14 - 00000000 ____D C:\Users\Cihad\AppData\Roaming\Malwarebytes
2013-12-12 18:14 - 2013-12-12 18:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 18:14 - 2013-12-12 18:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 18:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-12 18:12 - 2013-12-12 18:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Cihad\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-12 11:04 - 2013-12-12 17:40 - 00000000 ____D C:\Users\Cihad\Desktop\TAAHM
2013-12-12 11:04 - 2013-12-12 12:17 - 00000000 ____D C:\Users\Cihad\Universität
2013-12-12 00:15 - 2013-12-12 00:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 11:22 - 2013-12-11 11:22 - 00018673 _____ C:\ComboFix.txt
2013-12-11 11:08 - 2013-12-11 11:23 - 00000000 ____D C:\Qoobox
2013-12-11 11:08 - 2013-12-11 11:21 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-11 11:08 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-12-11 11:08 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-12-11 11:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-12-11 11:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-12-11 11:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-12-11 11:08 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-12-11 11:08 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-12-11 11:08 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-12-11 11:08 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-12-11 11:04 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-11 11:04 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-11 11:04 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-12-11 11:04 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-11 11:04 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-11 11:04 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-12-11 11:04 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-11 11:04 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-11 11:04 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-11 11:04 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-12-11 11:04 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-11 11:04 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-11 11:04 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-11 11:04 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-11 11:04 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-11 11:04 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-11 11:04 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-12-11 11:04 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-12-11 11:04 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-11 11:04 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-11 11:04 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-12-11 11:04 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2013-12-11 11:04 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-12-11 11:04 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-12-11 11:04 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-12-11 11:04 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-11 11:04 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-12-11 11:04 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2013-12-11 11:04 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2013-12-11 11:04 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-11 11:04 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2013-12-11 11:04 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2013-12-11 11:04 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2013-12-11 11:04 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2013-12-11 11:03 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-11 11:03 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-11 11:03 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-11 11:03 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2013-12-11 11:03 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2013-12-11 11:03 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2013-12-11 11:03 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2013-12-11 11:03 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-11 11:03 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2013-12-11 11:03 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2013-12-11 11:03 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2013-12-11 11:03 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-11 11:03 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2013-12-11 11:03 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2013-12-11 11:03 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2013-12-11 11:03 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-12-11 11:03 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-12-11 11:03 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-12-11 11:03 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-12-11 11:03 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-12-11 11:03 - 2013-10-03 23:09 - 00385528 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-12-11 11:03 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2013-12-11 10:56 - 2013-12-11 10:57 - 05153140 ____R (Swearware) C:\Users\Cihad\Desktop\ComboFix.exe
2013-12-10 11:37 - 2013-12-10 11:38 - 731238168 _____ C:\Users\Cihad\Desktop\Man of Tai Chi [2013]BRRip XViD-ETRG.avi
2013-12-09 16:18 - 2013-12-09 16:19 - 00022461 _____ C:\Users\Cihad\Desktop\Addition.txt
2013-12-09 16:17 - 2013-12-12 18:51 - 01927106 _____ (Farbar) C:\Users\Cihad\Desktop\FRST64.exe
2013-12-09 16:17 - 2013-12-12 18:51 - 00018025 _____ C:\Users\Cihad\Desktop\FRST.txt
2013-12-09 16:15 - 2013-12-12 18:51 - 00000000 ____D C:\FRST
2013-12-08 14:10 - 2013-12-08 17:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-08 14:08 - 2013-12-08 17:02 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 14:08 - 2013-12-08 14:08 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-12-07 18:03 - 2013-12-07 18:04 - 351195587 _____ C:\Users\Cihad\Downloads\Movie 43.flv
2013-12-07 18:02 - 2013-12-07 18:05 - 724180992 _____ C:\Users\Cihad\Downloads\lex-zohan.avi
2013-12-07 18:00 - 2013-12-07 18:04 - 840925456 _____ C:\Users\Cihad\Downloads\Evan Allmächtig.mpg
2013-12-07 17:58 - 2013-12-07 18:05 - 1520351232 _____ C:\Users\Cihad\Downloads\Der Informant (2009).avi
2013-12-07 17:57 - 2013-12-07 18:15 - 702562938 _____ C:\Users\Cihad\Downloads\8 Blickwinkel.mkv
2013-12-06 21:59 - 2013-12-06 22:29 - 228275367 _____ C:\Users\Cihad\Downloads\Matrix Revolutions.mkv
2013-12-03 22:37 - 2013-12-03 22:50 - 247807269 _____ C:\Users\Cihad\Downloads\Matrix Reloaded.mkv
2013-12-03 22:15 - 2013-12-03 22:27 - 2730365385 _____ C:\Users\Cihad\Downloads\Matrix(1).mkv
2013-12-03 20:39 - 2013-12-08 17:04 - 00000000 ____D C:\Program Files (x86)\Free WMA to MP3 Converter
2013-12-02 22:56 - 2013-12-02 22:58 - 92187320 _____ C:\Users\Cihad\Downloads\Matrix.mkv.part
2013-12-02 22:56 - 2013-12-02 22:56 - 00000000 _____ C:\Users\Cihad\Downloads\Matrix.mkv
2013-11-29 10:36 - 2013-12-09 20:49 - 00000000 ____D C:\Users\Cihad\AppData\Roaming\vlc
2013-11-29 10:35 - 2013-11-29 10:35 - 00000882 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-29 10:34 - 2013-11-29 10:34 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-29 10:33 - 2013-11-29 10:33 - 23679700 _____ C:\Users\Cihad\Downloads\vlc-2.1.1-win64.exe
2013-11-24 17:35 - 2013-11-24 17:35 - 00000000 ____D C:\Users\Cihad\Desktop\TOR
2013-11-24 14:42 - 2013-11-24 14:42 - 00000000 ____D C:\Users\Cihad\Documents\TOR
2013-11-24 14:41 - 2013-11-24 14:41 - 27252412 _____ (Igor Pavlov) C:\Users\Cihad\Downloads\tor-browser-2.3.25-15_de.exe
2013-11-20 23:31 - 2013-11-20 23:31 - 00006271 _____ C:\Users\Cihad\Desktop\eclipse - Verknüpfung.lnk
2013-11-19 23:48 - 2013-11-30 10:00 - 105070662 _____ C:\WINDOWS\SysWOW64\ꑬ뽟瀄V
2013-11-19 18:32 - 2013-11-19 18:44 - 3523459072 _____ C:\Users\Cihad\Downloads\sr-codbo.iso
2013-11-16 12:03 - 2013-12-04 01:53 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-11-16 12:03 - 2013-12-04 01:53 - 00078304 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-16 12:03 - 2013-11-18 17:00 - 104931504 _____ C:\WINDOWS\SysWOW64\ǐ⛨睃
2013-11-14 12:21 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-11-14 12:21 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-11-14 12:21 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-11-14 12:21 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-11-14 12:21 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-11-14 12:21 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2013-11-14 12:21 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-11-14 12:21 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2013-11-14 12:21 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-11-14 12:21 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-11-14 12:21 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2013-11-14 12:21 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-11-14 12:21 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-11-14 12:21 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-11-14 12:21 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2013-11-14 12:21 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-11-14 12:21 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-11-14 12:21 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-11-14 12:21 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2013-11-14 12:20 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-11-14 12:20 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-11-14 12:20 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2013-11-14 12:20 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-11-14 12:20 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-11-14 12:19 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-11-14 12:19 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-11-14 12:19 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

==================== One Month Modified Files and Folders =======

2013-12-12 18:52 - 2013-12-09 16:17 - 00018025 _____ C:\Users\Cihad\Desktop\FRST.txt
2013-12-12 18:51 - 2013-12-12 18:51 - 00000000 ____D C:\Users\Cihad\Desktop\FRST-OlderVersion
2013-12-12 18:51 - 2013-12-09 16:17 - 01927106 _____ (Farbar) C:\Users\Cihad\Desktop\FRST64.exe
2013-12-12 18:51 - 2013-12-09 16:15 - 00000000 ____D C:\FRST
2013-12-12 18:51 - 2012-09-19 02:48 - 01258722 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-12 18:50 - 2013-12-12 18:50 - 00000833 _____ C:\Users\Cihad\Desktop\JRT.txt
2013-12-12 18:46 - 2013-12-12 18:46 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-12 18:45 - 2012-12-11 11:44 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-12 18:44 - 2013-12-12 18:44 - 01034531 _____ (Thisisu) C:\Users\Cihad\Desktop\JRT.exe
2013-12-12 18:40 - 2013-11-09 21:54 - 00000506 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2013-12-12 18:40 - 2012-12-11 11:44 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 18:39 - 2013-12-12 18:39 - 00424616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 18:39 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-12 18:39 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-12-12 18:38 - 2013-12-12 18:25 - 00000000 ____D C:\AdwCleaner
2013-12-12 18:24 - 2013-12-12 18:24 - 01226802 _____ C:\Users\Cihad\Desktop\adwcleaner.exe
2013-12-12 18:14 - 2013-12-12 18:14 - 00001124 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-12 18:14 - 2013-12-12 18:14 - 00000000 ____D C:\Users\Cihad\AppData\Roaming\Malwarebytes
2013-12-12 18:14 - 2013-12-12 18:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 18:14 - 2013-12-12 18:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 18:12 - 2013-12-12 18:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Cihad\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-12 18:02 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-12 17:59 - 2012-12-11 18:39 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-12 17:40 - 2013-12-12 11:04 - 00000000 ____D C:\Users\Cihad\Desktop\TAAHM
2013-12-12 16:57 - 2012-09-19 11:56 - 00818446 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-12 16:57 - 2012-09-19 11:56 - 00180228 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-12 16:57 - 2012-07-26 08:28 - 01928686 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-12 16:51 - 2012-12-11 18:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-12 16:51 - 2012-08-01 16:51 - 00195808 _____ C:\WINDOWS\PFRO.log
2013-12-12 14:21 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2013-12-12 12:19 - 2012-12-11 00:00 - 00000000 ____D C:\Users\Cihad
2013-12-12 12:17 - 2013-12-12 11:04 - 00000000 ____D C:\Users\Cihad\Universität
2013-12-12 00:15 - 2013-12-12 00:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 19:55 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-12-11 12:41 - 2013-01-29 17:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 12:37 - 2012-07-26 06:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-12-11 11:23 - 2013-12-11 11:08 - 00000000 ____D C:\Qoobox
2013-12-11 11:23 - 2012-07-26 06:37 - 00000000 ___HD C:\Users\Default
2013-12-11 11:22 - 2013-12-11 11:22 - 00018673 _____ C:\ComboFix.txt
2013-12-11 11:21 - 2013-12-11 11:08 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-11 11:20 - 2012-07-26 06:26 - 00000215 _____ C:\WINDOWS\system.ini
2013-12-11 10:57 - 2013-12-11 10:56 - 05153140 ____R (Swearware) C:\Users\Cihad\Desktop\ComboFix.exe
2013-12-10 20:59 - 2012-12-11 18:39 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-10 11:38 - 2013-12-10 11:37 - 731238168 _____ C:\Users\Cihad\Desktop\Man of Tai Chi [2013]BRRip XViD-ETRG.avi
2013-12-09 20:49 - 2013-11-29 10:36 - 00000000 ____D C:\Users\Cihad\AppData\Roaming\vlc
2013-12-09 19:32 - 2012-12-11 00:06 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1871559601-2883593324-1732554410-1002
2013-12-09 16:19 - 2013-12-09 16:18 - 00022461 _____ C:\Users\Cihad\Desktop\Addition.txt
2013-12-08 17:18 - 2013-05-07 11:12 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-08 17:18 - 2013-03-28 16:37 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-08 17:18 - 2013-03-28 16:37 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-08 17:18 - 2013-03-28 16:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-12-08 17:17 - 2013-01-07 22:02 - 00000000 ____D C:\Users\Cihad\AppData\Local\CrashDumps
2013-12-08 17:08 - 2013-11-06 10:26 - 00000000 ____D C:\Program Files (x86)\Connectify
2013-12-08 17:04 - 2013-12-03 20:39 - 00000000 ____D C:\Program Files (x86)\Free WMA to MP3 Converter
2013-12-08 17:03 - 2013-12-08 14:10 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-08 17:02 - 2013-12-08 14:08 - 00000000 ____D C:\ProgramData\Norton
2013-12-08 17:00 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-12-08 17:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\registration
2013-12-08 14:12 - 2013-01-09 15:41 - 00000000 ____D C:\ldiag
2013-12-08 14:12 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-08 14:08 - 2013-12-08 14:08 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-12-07 21:32 - 2013-06-02 18:09 - 00000000 ____D C:\Users\Cihad\Documents\Bewerbung
2013-12-07 18:15 - 2013-12-07 17:57 - 702562938 _____ C:\Users\Cihad\Downloads\8 Blickwinkel.mkv
2013-12-07 18:05 - 2013-12-07 18:02 - 724180992 _____ C:\Users\Cihad\Downloads\lex-zohan.avi
2013-12-07 18:05 - 2013-12-07 17:58 - 1520351232 _____ C:\Users\Cihad\Downloads\Der Informant (2009).avi
2013-12-07 18:04 - 2013-12-07 18:03 - 351195587 _____ C:\Users\Cihad\Downloads\Movie 43.flv
2013-12-07 18:04 - 2013-12-07 18:00 - 840925456 _____ C:\Users\Cihad\Downloads\Evan Allmächtig.mpg
2013-12-07 17:07 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-12-06 22:29 - 2013-12-06 21:59 - 228275367 _____ C:\Users\Cihad\Downloads\Matrix Revolutions.mkv
2013-12-04 01:53 - 2013-11-16 12:03 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:53 - 2013-11-16 12:03 - 00078304 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 22:50 - 2013-12-03 22:37 - 247807269 _____ C:\Users\Cihad\Downloads\Matrix Reloaded.mkv
2013-12-03 22:27 - 2013-12-03 22:15 - 2730365385 _____ C:\Users\Cihad\Downloads\Matrix(1).mkv
2013-12-02 22:58 - 2013-12-02 22:56 - 92187320 _____ C:\Users\Cihad\Downloads\Matrix.mkv.part
2013-12-02 22:56 - 2013-12-02 22:56 - 00000000 _____ C:\Users\Cihad\Downloads\Matrix.mkv
2013-12-02 00:01 - 2013-09-30 17:28 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-30 10:00 - 2013-11-19 23:48 - 105070662 _____ C:\WINDOWS\SysWOW64\ꑬ뽟瀄V
2013-11-29 10:35 - 2013-11-29 10:35 - 00000882 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-29 10:34 - 2013-11-29 10:34 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-29 10:33 - 2013-11-29 10:33 - 23679700 _____ C:\Users\Cihad\Downloads\vlc-2.1.1-win64.exe
2013-11-28 17:40 - 2012-12-11 11:44 - 00004098 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-28 17:40 - 2012-12-11 11:44 - 00003862 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-25 13:25 - 2013-07-06 15:21 - 00000000 ____D C:\Users\Cihad\AppData\Roaming\Skype
2013-11-24 17:35 - 2013-11-24 17:35 - 00000000 ____D C:\Users\Cihad\Desktop\TOR
2013-11-24 14:42 - 2013-11-24 14:42 - 00000000 ____D C:\Users\Cihad\Documents\TOR
2013-11-24 14:41 - 2013-11-24 14:41 - 27252412 _____ (Igor Pavlov) C:\Users\Cihad\Downloads\tor-browser-2.3.25-15_de.exe
2013-11-23 22:49 - 2013-07-06 15:13 - 00000000 ____D C:\Users\Cihad\AppData\Local\Windows Live
2013-11-23 07:43 - 2013-12-11 11:03 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-11-23 06:05 - 2013-12-11 11:03 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-11-20 23:31 - 2013-11-20 23:31 - 00006271 _____ C:\Users\Cihad\Desktop\eclipse - Verknüpfung.lnk
2013-11-20 23:30 - 2013-11-08 15:44 - 00000000 ____D C:\Users\Cihad\Documents\JAVA
2013-11-19 18:44 - 2013-11-19 18:32 - 3523459072 _____ C:\Users\Cihad\Downloads\sr-codbo.iso
2013-11-18 17:00 - 2013-11-16 12:03 - 104931504 _____ C:\WINDOWS\SysWOW64\ǐ⛨睃
2013-11-16 18:45 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache
2013-11-16 01:21 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-11-16 01:20 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-11-14 14:02 - 2013-08-26 17:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-14 14:01 - 2012-12-17 22:44 - 82896128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Cihad\AppData\Local\temp\avgnt.exe
C:\Users\Cihad\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-08 12:07

==================== End Of Log ============================
--- --- ---

--- --- ---

Alt 13.12.2013, 17:11   #10
schrauber
/// the machine
/// TB-Ausbilder
 
"Bundespolizei" Browser gesperrt - Standard

"Bundespolizei" Browser gesperrt



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu "Bundespolizei" Browser gesperrt
ahnung, befall, board, browser, browser gesperrt, bundespolizei trojaner, ellung, gesperrt, hoffe, inter, interne, internet, kurzer, lange, laptop, leute, log-files, neu, neue, problem, systemwiederherstellung, tab, troja, trojaner, weiterhelfen, win, öfters


« Bluescreen bei entfernen von 3 Programmen | Laptop mit Windows XP von Antivirus Security Pro lahmgelegt »


Ähnliche Themen: "Bundespolizei" Browser gesperrt


  1. Internetseite öffnete sich "Bundespolizei 100 Euro Strafe innerhalb 48 Stunden sonst Laptop gesperrt "
    Plagegeister aller Art und deren Bekämpfung - 16.02.2015 (5)
  2. Tab "BKA hat den Browser gesperrt" lässt sich nicht schließen
    Log-Analyse und Auswertung - 22.02.2014 (17)
  3. Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt"
    Log-Analyse und Auswertung - 09.01.2014 (19)
  4. Trojaner/Virus, Firefoxfenster lässt sich nicht Schliessen "Ihr Browser hat gesperrt", Bundespolizei, Paysafe Card
    Log-Analyse und Auswertung - 07.01.2014 (10)
  5. "Ihr Computer wurde gesperrt... - Bundespolizei"
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (3)
  6. Bundespolizei "Firefox gesperrt" (Windows 7) / Trojaner ja oder nein
    Plagegeister aller Art und deren Bekämpfung - 20.11.2013 (17)
  7. "Firefox gesperrt" Bundespolizei virus - Win7
    Log-Analyse und Auswertung - 17.11.2013 (19)
  8. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  9. Win7 - Firefox - "Ihr Browser hat gesperrt" - Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 11.11.2013 (15)
  10. Bundespolizei-Trojaner "Light" - sperrt nur Browser, aber wie?
    Alles rund um Windows - 22.09.2013 (9)
  11. Bundespolizei "Ihr Computer wurde gesperrt."
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (5)
  12. Ihr Computer wurde gesperrt "Bundespolizei"...
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (1)
  13. WinXP verseucht: "...ihr Computer wurde gesperrt... Bundespolizei..."
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (1)
  14. Laie mit großem Problem - "Bundespolizei - Ihr PC wurde gesperrt"
    Log-Analyse und Auswertung - 30.07.2012 (2)
  15. Brauche Hilfe: Entfernen des Trojaners "BUNDESPOLIZEI - Ihr Computer wurde gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (29)
  16. PC durch Trojaner gesperrt "Bundespolizei"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (17)
  17. "Bundespolizei..."auf dem Notebook und der Book ist gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.08.2011 (19)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema "Bundespolizei" Browser gesperrt - Hi Leute, bin neu hier und gleich mit einem Problem, sorry Ich hab diesen, ich glaub mal, Trojaner auf meinem Laptop gehabt (Win8). Der öffnete sich eine neue Tab in - "Bundespolizei" Browser gesperrt...
Archiv
Du betrachtest: "Bundespolizei" Browser gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55