Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner an Bord....

Trojaner an Bord....


Plagegeister aller Art und deren Bekämpfung: Trojaner an Bord....

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 24.01.2014, 00:10   #1
bwoi
 
Trojaner an Bord.... - Ausrufezeichen

Trojaner an Bord....


Hallo,
mein Problem ist die erhaltene Mail von bsi.de, mit der Mitteilung das meine Mail ein Sicherheitsrisiko sein soll.
Daraufhin habe ich mit Microsoft Security Essentials einen ganze PC System - Prüfung durchgeführt, mit dem Ergebnis eines schädlichen Trojaners Win32/Matsnu.

Allderdings hatte ich schon Malwarebytes Anti-Malware installiert und angewendet.. jetzt läuft das Essentials noch mal um zu prüfen was noch da ist!

Ich hatte zunächst geglaubt, daß Essentials diesen Trojaner gelöscht hätte, aber nach einer erneuten Prüfung, leider eben nicht, sodaß ich Malwerebytes benutzte!

Nachdem ich hier im Forum mich versuche ein bißchen schlau zu machen muß ich aber doch nach Lesung der 7 goldenen Regeln nachfragen wie jetzt die Vorgehensweise sein soll wenn dieser Trojaner erneut da sein sollte.

Wie soll denn das gefundene Element in Essestionals-Fenster mit dem Hinweis, empfohlene Aktion : diese Software sofort zu entfernen !

Ich habe auf Bootcamp Vista Professional 64 Bit installiert...

Danke schon mal im voraus für einen kleinen Hinweis...

https://www.sicherheitstest.bsi.de/
Geändert von bwoi (24.01.2014 um 00:12 Uhr) Grund: Verbessert

Alt 24.01.2014, 07:10   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 24.01.2014, 08:03   #3
bwoi
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


Hallo guten Morgen,
der Trojaner ist nach erneutem Essentials noch da. Ich habe auf dem Tisch jetzt FIRST und Addition .. wenn ich auf das an Symbol klicke erscheint nur = CODE CODE...

Ich weiß nicht was man da noch machen muß damit diese beiden Textdokumente gepostet werden können.
__________________
Alt 24.01.2014, 08:16   #4
bwoi
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


So noch mal probiert..

Alt 24.01.2014, 08:19   #5
bwoi
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


Noch die andere Datei Addition


Alt 24.01.2014, 08:22   #6
bwoi
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


Hier habe ich noch eine Ansicht..verstehe garnicht wieso dieser Trojaner nun da ist, denn ich hatte zu dieser Zeit einen bezahlten Avast Schutz !
Angehängte Grafiken
Dateityp: png Scan mit Essentials.PNG (152,6 KB, 159x aufgerufen)
Geändert von bwoi (24.01.2014 um 08:29 Uhr)

Alt 25.01.2014, 11:04   #7
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.01.2014, 11:18   #8
bwoi
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


Ich hab FRST als Zip gesendet...

Alt 25.01.2014, 21:21   #9
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


ehm, du hast meinen obigen Post gelesen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.01.2014, 21:50   #10
bwoi
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


Ja ich hab die Postings gelesen und die verlangten Textdatei gesendet. Ich gehe mal davon aus , dass ein IT Fachmann die öffnen kann. So wie die immer hier eingestellten Texte mit den sehr öffentlichen Angaben erscheinen mir zu Daten unsicher zu sein. Überdies könnte ich bisher keinen brauchbaren Lösungsansatz finden, wenn man mal absieht das die Malwalerebytes Tools angeboten sind. Auch die waren bei Verwendung ohne Erfolg! Falls die Möglichkeit vorhanden sein sollte bin ich gespannt wie dieser Trojaner entfernt werden kann.

Alt 26.01.2014, 08:06   #11
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


Klar kann ich den entfernen.

Zitat:
Ich gehe mal davon aus , dass ein IT Fachmann die öffnen kann.
nee bin ich zu blöd zu, sorry, wie geht denn das?

Ich will keine Anhänge, ich klicke auf keine Anhänge, mal abgesehen davon dass ich auf Arbeit gar keine Anhänge laden kann....

und es macht mir das Auswerten schwerer. Du bekommst hier den Rechner bereinigt, kostenlos, was in nem Laden 200€ und noch kostet, die können das nit mal, mit einer Antwort zeit Wochentags, Samstag, Sonntag und Feiertags, wo sich mancher Bezahl-Support ne Scheibe abschneiden kann, das einzige was Du machen musst ist Logfiles in das Thema posten.

Zuviel verlangt?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.01.2014, 10:14   #12
bwoi
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Bruno Woitke (administrator) on BRUNOWOITKE-PC on 26-01-2014 10:01:21
Running from C:\Users\Bruno Woitke\AppData\Local\Temp\6s1fkw6i.tmp
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Users\Bruno Woitke\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [EPSON SX125 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
MountPoints2: {c7d73c29-41f8-11e2-a3ac-3451c9f073a2} - G:\LaunchU3.exe -a
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28064DAE75CBCE01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=151111&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=151111&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={2EB3139A-5F2B-11E2-B30A-3451C9F073A2}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119656&babsrc=SP_ss&mntrId=3EAF2654530AAE4E
SearchScopes: HKCU - {226E4D82-07F6-44AF-A13E-624E89A8787E} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=3eaf69970000000000002654530aae4e&toi=16095&r=209
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={0CC91768-17B1-4F44-8D99-F916EA8CCE88}&mid=62651be1608c47d1a5d2e5188f149a51-003f5cbffa1e8d212e85183bcd3a0a8217f03ea3&lang=de&ds=tt014&pr=sa&d=2011-12-24 22:28:31&v=8.0.0.34&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=151111&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
SearchScopes: HKCU - {D9D2E472-C2FD-48F8-B29A-028C42606DAD} URL = hxxp://suche.aol.de/aol/search?s_it=tb50winamp&q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={2EB3139A-5F2B-11E2-B30A-3451C9F073A2}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Searchcore Toolbar - {af6ac4f2-9825-4fb6-a600-92bc5361f209} -  No File
BHO-x32: StumbleUpon - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Bruno Woitke\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Searchcore Toolbar - {af6ac4f2-9825-4fb6-a600-92bc5361f209} -  No File
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829
FF user.js: detected! => C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\user.js
FF Homepage: hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\aol-suche.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Yahoo! Toolbar - C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-01-23]
FF Extension: Speed Analysis 2 - C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\Extensions\speedanalysis02@SpeedAnalysis.com.xpi [2013-10-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-25]
FF HKCU\...\Firefox\Extensions: [specialsavings@superfish.com] - C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles/mwhfc4po.default\extensions\specialsavings@superfish.com

==================== Services (Whitelisted) =================

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-25] (AVAST Software)
R2 hasplms; C:\Windows\system32\hasplms.exe [4883400 2011-10-18] (SafeNet Inc.)
R2 StumbleUponUpdater; C:\Users\Bruno Woitke\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] ()
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-12-30] (Taiwan Shui Mu Chih Ching Technology Limited.)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-01-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-25] ()
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2013-06-14] (Devguru Co., Ltd)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-25] (Duplex Secure Ltd.)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [77312 2011-01-12] (© Guillemot R&D, 2011. All rights reserved.)
S3 TmBusEn; C:\Windows\System32\DRIVERS\TmBusEn.sys [30208 2011-01-26] (Guillemot Corporation)
S3 TmFilter; C:\Windows\System32\DRIVERS\TmFilter.sys [24576 2011-01-26] (Guillemot Corporation)
S3 TmHid; C:\Windows\System32\DRIVERS\TmHid.sys [24704 2011-01-26] (Guillemot Corporation)
U3 abfjjhdq; C:\Windows\System32\Drivers\abfjjhdq.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-25 14:39 - 2014-01-25 14:39 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2014-01-25 13:31 - 2014-01-25 13:31 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-25 13:15 - 2014-01-25 13:21 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\DAEMON Tools Lite
2014-01-25 13:15 - 2014-01-25 13:15 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-25 13:14 - 2014-01-25 13:15 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-25 13:05 - 2014-01-25 13:05 - 00000444 __RSH C:\Users\Bruno Woitke\ntuser.pol
2014-01-25 12:54 - 2014-01-25 13:15 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\OpenCandy
2014-01-25 10:24 - 2014-01-25 10:24 - 01977432 _____ C:\Users\Bruno Woitke\Downloads\winrar-x64-501.exe
2014-01-25 08:26 - 2014-01-25 08:26 - 00512784 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avastclear_9.0.2013.exe
2014-01-25 00:17 - 2014-01-25 00:17 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\AVAST Software
2014-01-25 00:16 - 2014-01-25 00:16 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-25 00:16 - 2014-01-25 00:16 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-25 00:16 - 2014-01-25 00:16 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-25 00:12 - 2014-01-25 00:15 - 126784568 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avast_internet_security_setup.exe
2014-01-25 00:12 - 2014-01-25 00:12 - 00001651 _____ C:\Users\Bruno Woitke\Downloads\License.avastlic
2014-01-25 00:06 - 2014-01-25 13:17 - 00431474 _____ C:\Windows\PFRO.log
2014-01-24 23:51 - 2014-01-26 08:54 - 00000392 _____ C:\Windows\setupact.log
2014-01-24 23:51 - 2014-01-24 23:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-24 19:38 - 2014-01-25 10:24 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-24 16:07 - 2014-01-25 00:31 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-24 14:47 - 2014-01-24 14:47 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\BrowserSafeguard
2014-01-24 14:39 - 2014-01-24 14:43 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-24 07:50 - 2014-01-24 07:51 - 00030496 _____ C:\Users\Bruno Woitke\Downloads\Addition.txt
2014-01-24 07:49 - 2014-01-24 07:49 - 00000000 ____D C:\FRST
2014-01-24 07:36 - 2014-01-24 07:36 - 02077696 _____ (Farbar) C:\Users\Bruno Woitke\Downloads\FRST64.exe
2014-01-23 16:35 - 2014-01-23 16:34 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 02434048 _____ C:\Users\Bruno Woitke\Downloads\msxml.msi
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Secunia PSI
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Program Files (x86)\Secunia
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Malwarebytes
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 12:15 - 2014-01-23 12:15 - 00000000 ____D C:\ProgramData\GridinSoft
2014-01-23 09:23 - 2014-01-23 09:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-23 09:22 - 2014-01-23 09:36 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-23 06:35 - 2014-01-23 06:35 - 01972945 _____ C:\Users\Bruno Woitke\Desktop\Definition Update für Windows Defender-Problembehandlung.webarchive
2014-01-21 16:57 - 2014-01-21 16:57 - 00000000 ____D C:\YOUR_XPLANE_ROOT_FOLDER
2014-01-20 12:09 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-20 12:09 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-20 12:09 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-20 12:09 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-20 12:09 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-20 12:09 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-20 12:09 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-20 12:09 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-20 12:09 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-20 12:09 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-20 12:09 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-20 12:09 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-20 12:09 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-20 12:09 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-20 12:09 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-20 12:09 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-20 12:09 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-20 12:09 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-20 12:09 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-20 12:09 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-20 12:09 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-20 12:09 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-20 12:09 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-20 12:09 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-20 12:09 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-16 20:47 - 2014-01-16 20:47 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 20:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-16 20:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-16 20:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-16 20:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 20:31 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 20:31 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 20:31 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-08 13:11 - 2014-01-08 16:56 - 00000000 ____D C:\Program Files (x86)\X-Plane 10
2013-12-30 10:41 - 2013-12-30 10:41 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-12-30 10:27 - 2014-01-26 09:57 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-12-30 10:27 - 2014-01-25 11:16 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\WinZipper
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Windows\system32\log
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\iSafe
2013-12-30 09:38 - 2013-12-30 09:39 - 00000000 ____D C:\ProgramData\VisualBee
2013-12-30 09:38 - 2013-12-30 09:38 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\emaze
2013-12-30 09:34 - 2014-01-23 14:11 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-30 09:34 - 2014-01-23 13:11 - 00000000 ____D C:\ProgramData\Updater
2013-12-30 09:34 - 2014-01-07 15:54 - 00000000 ____D C:\ProgramData\WPM
2013-12-28 18:37 - 2013-12-28 18:37 - 01911637 _____ C:\Users\Bruno Woitke\Desktop\Probleme Notenlesen Für Elise.webarchive
2013-12-28 17:22 - 2013-12-30 10:28 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Mobogenie
2013-12-28 17:22 - 2013-12-30 10:23 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\genienext
2013-12-28 17:22 - 2013-12-30 10:23 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\cache
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\Documents\Mobogenie
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\.android
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 _____ C:\Users\Bruno Woitke\daemonprocess.txt
2013-12-28 17:11 - 2013-12-28 17:28 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\systweak

==================== One Month Modified Files and Folders =======

2014-01-26 10:01 - 2009-07-14 05:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 10:01 - 2009-07-14 05:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 09:58 - 2012-04-18 13:38 - 01280516 _____ C:\Windows\WindowsUpdate.log
2014-01-26 09:57 - 2013-12-30 10:27 - 00000000 ____D C:\Program Files (x86)\WinZipper
2014-01-26 09:55 - 2012-02-18 15:46 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Skype
2014-01-26 08:54 - 2014-01-24 23:51 - 00000392 _____ C:\Windows\setupact.log
2014-01-26 08:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 15:03 - 2012-03-29 20:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 14:42 - 2012-03-25 10:57 - 00000073 _____ C:\Users\Bruno Woitke\AppData\Local\X-Plane_drm.prf
2014-01-25 14:39 - 2014-01-25 14:39 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2014-01-25 13:31 - 2014-01-25 13:31 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-25 13:21 - 2014-01-25 13:15 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\DAEMON Tools Lite
2014-01-25 13:19 - 2011-12-18 21:56 - 00000080 _____ C:\Users\Bruno Woitke\AppData\Local\X-Plane Installer.prf
2014-01-25 13:17 - 2014-01-25 00:06 - 00431474 _____ C:\Windows\PFRO.log
2014-01-25 13:15 - 2014-01-25 13:15 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-25 13:15 - 2014-01-25 13:14 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-25 13:15 - 2014-01-25 12:54 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\OpenCandy
2014-01-25 13:15 - 2011-12-31 12:42 - 00381440 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-01-25 13:05 - 2014-01-25 13:05 - 00000444 __RSH C:\Users\Bruno Woitke\ntuser.pol
2014-01-25 13:05 - 2011-12-18 16:36 - 00000000 ____D C:\Users\Bruno Woitke
2014-01-25 13:05 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-25 13:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2014-01-25 11:16 - 2013-12-30 10:27 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\WinZipper
2014-01-25 10:24 - 2014-01-25 10:24 - 01977432 _____ C:\Users\Bruno Woitke\Downloads\winrar-x64-501.exe
2014-01-25 10:24 - 2014-01-24 19:38 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-25 10:24 - 2013-03-01 07:42 - 00000000 ____D C:\Program Files\WinRAR
2014-01-25 08:26 - 2014-01-25 08:26 - 00512784 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avastclear_9.0.2013.exe
2014-01-25 00:31 - 2014-01-24 16:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-25 00:17 - 2014-01-25 00:17 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\AVAST Software
2014-01-25 00:16 - 2014-01-25 00:16 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-25 00:16 - 2014-01-25 00:16 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-25 00:16 - 2014-01-25 00:16 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-25 00:15 - 2014-01-25 00:12 - 126784568 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avast_internet_security_setup.exe
2014-01-25 00:15 - 2011-12-18 21:27 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-25 00:12 - 2014-01-25 00:12 - 00001651 _____ C:\Users\Bruno Woitke\Downloads\License.avastlic
2014-01-24 23:51 - 2014-01-24 23:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-24 23:47 - 2011-12-18 16:25 - 00000000 ____D C:\Windows\Panther
2014-01-24 23:37 - 2013-11-17 16:28 - 00001912 _____ C:\Windows\epplauncher.mif
2014-01-24 22:25 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-24 21:33 - 2012-11-21 09:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-24 18:48 - 2013-12-26 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-24 16:31 - 2012-11-24 14:52 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2014-01-24 16:13 - 2011-12-18 21:29 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2014-01-24 16:01 - 2011-12-21 19:25 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Google
2014-01-24 16:01 - 2011-12-21 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-24 15:42 - 2011-12-19 20:04 - 00000000 ____D C:\Users\Public\Documents\Avast Rechnung
2014-01-24 14:48 - 2013-10-26 11:17 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2014-01-24 14:48 - 2011-12-18 16:36 - 00000000 ___RD C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-24 14:47 - 2014-01-24 14:47 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\BrowserSafeguard
2014-01-24 14:43 - 2014-01-24 14:39 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-24 12:50 - 2012-09-26 18:30 - 00000000 ____D C:\Program Files (x86)\DIABASS5
2014-01-24 07:51 - 2014-01-24 07:50 - 00030496 _____ C:\Users\Bruno Woitke\Downloads\Addition.txt
2014-01-24 07:49 - 2014-01-24 07:49 - 00000000 ____D C:\FRST
2014-01-24 07:36 - 2014-01-24 07:36 - 02077696 _____ (Farbar) C:\Users\Bruno Woitke\Downloads\FRST64.exe
2014-01-23 16:38 - 2012-09-14 10:25 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2014-01-23 16:35 - 2012-03-29 20:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-23 16:35 - 2012-03-29 20:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-23 16:35 - 2011-12-18 23:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-23 16:34 - 2014-01-23 16:35 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 02434048 _____ C:\Users\Bruno Woitke\Downloads\msxml.msi
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-23 16:34 - 2011-12-20 16:28 - 00000000 ____D C:\Program Files\Java
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Secunia PSI
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Program Files (x86)\Secunia
2014-01-23 14:11 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-23 13:11 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\Updater
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Malwarebytes
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 12:15 - 2014-01-23 12:15 - 00000000 ____D C:\ProgramData\GridinSoft
2014-01-23 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-23 09:36 - 2014-01-23 09:22 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-23 09:23 - 2014-01-23 09:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-23 06:58 - 2011-04-12 08:43 - 00713556 _____ C:\Windows\system32\perfh007.dat
2014-01-23 06:58 - 2011-04-12 08:43 - 00155492 _____ C:\Windows\system32\perfc007.dat
2014-01-23 06:58 - 2009-07-14 06:13 - 01658748 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-23 06:35 - 2014-01-23 06:35 - 01972945 _____ C:\Users\Bruno Woitke\Desktop\Definition Update für Windows Defender-Problembehandlung.webarchive
2014-01-21 16:57 - 2014-01-21 16:57 - 00000000 ____D C:\YOUR_XPLANE_ROOT_FOLDER
2014-01-21 13:49 - 2011-12-18 23:03 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Adobe
2014-01-20 12:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-20 11:57 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-16 20:52 - 2009-07-14 05:45 - 00419352 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 20:50 - 2013-10-26 10:56 - 00000000 ____D C:\ProgramData\Oracle
2014-01-16 20:47 - 2014-01-16 20:47 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 20:47 - 2013-06-25 11:45 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-16 20:36 - 2013-07-26 15:06 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 20:36 - 2011-12-27 18:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 20:34 - 2011-12-18 18:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-08 16:56 - 2014-01-08 13:11 - 00000000 ____D C:\Program Files (x86)\X-Plane 10
2014-01-08 12:40 - 2012-02-17 18:04 - 00000147 _____ C:\Users\Bruno Woitke\AppData\Local\x-plane_install_10.txt
2014-01-07 15:54 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\WPM
2014-01-07 12:23 - 2013-11-23 18:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-30 13:38 - 2011-12-18 22:46 - 00139816 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-12-30 13:01 - 2013-03-27 10:54 - 00001641 _____ C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-30 10:41 - 2013-12-30 10:41 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-12-30 10:28 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Mobogenie
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Windows\system32\log
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\iSafe
2013-12-30 10:23 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\genienext
2013-12-30 10:23 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\cache
2013-12-30 09:39 - 2013-12-30 09:38 - 00000000 ____D C:\ProgramData\VisualBee
2013-12-30 09:38 - 2013-12-30 09:38 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\emaze
2013-12-30 09:34 - 2011-12-18 20:48 - 00108904 _____ C:\Users\Bruno Woitke\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-28 18:37 - 2013-12-28 18:37 - 01911637 _____ C:\Users\Bruno Woitke\Desktop\Probleme Notenlesen Für Elise.webarchive
2013-12-28 17:28 - 2013-12-28 17:11 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\systweak
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\Documents\Mobogenie
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\.android
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 _____ C:\Users\Bruno Woitke\daemonprocess.txt

Some content of TEMP:
====================
C:\Users\Bruno Woitke\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\Installer_Windows.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nsaA02.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nsaE744.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nskC15.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nskE957.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nspECB1.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\SHSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\SpeedAnalysisSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite18043.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite50149.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite74442.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-23 10:08

==================== End Of Log ============================
--- --- ---

--- --- ---

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Bruno Woitke (administrator) on BRUNOWOITKE-PC on 26-01-2014 10:01:21
Running from C:\Users\Bruno Woitke\AppData\Local\Temp\6s1fkw6i.tmp
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Users\Bruno Woitke\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [EPSON SX125 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
MountPoints2: {c7d73c29-41f8-11e2-a3ac-3451c9f073a2} - G:\LaunchU3.exe -a
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28064DAE75CBCE01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=151111&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=151111&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={2EB3139A-5F2B-11E2-B30A-3451C9F073A2}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119656&babsrc=SP_ss&mntrId=3EAF2654530AAE4E
SearchScopes: HKCU - {226E4D82-07F6-44AF-A13E-624E89A8787E} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=3eaf69970000000000002654530aae4e&toi=16095&r=209
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={0CC91768-17B1-4F44-8D99-F916EA8CCE88}&mid=62651be1608c47d1a5d2e5188f149a51-003f5cbffa1e8d212e85183bcd3a0a8217f03ea3&lang=de&ds=tt014&pr=sa&d=2011-12-24 22:28:31&v=8.0.0.34&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=151111&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
SearchScopes: HKCU - {D9D2E472-C2FD-48F8-B29A-028C42606DAD} URL = hxxp://suche.aol.de/aol/search?s_it=tb50winamp&q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={2EB3139A-5F2B-11E2-B30A-3451C9F073A2}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Searchcore Toolbar - {af6ac4f2-9825-4fb6-a600-92bc5361f209} -  No File
BHO-x32: StumbleUpon - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Bruno Woitke\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Searchcore Toolbar - {af6ac4f2-9825-4fb6-a600-92bc5361f209} -  No File
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829
FF user.js: detected! => C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\user.js
FF Homepage: hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\aol-suche.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Yahoo! Toolbar - C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-01-23]
FF Extension: Speed Analysis 2 - C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\Extensions\speedanalysis02@SpeedAnalysis.com.xpi [2013-10-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-25]
FF HKCU\...\Firefox\Extensions: [specialsavings@superfish.com] - C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles/mwhfc4po.default\extensions\specialsavings@superfish.com

==================== Services (Whitelisted) =================

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-25] (AVAST Software)
R2 hasplms; C:\Windows\system32\hasplms.exe [4883400 2011-10-18] (SafeNet Inc.)
R2 StumbleUponUpdater; C:\Users\Bruno Woitke\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] ()
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-12-30] (Taiwan Shui Mu Chih Ching Technology Limited.)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-01-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-25] ()
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2013-06-14] (Devguru Co., Ltd)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-25] (Duplex Secure Ltd.)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [77312 2011-01-12] (© Guillemot R&D, 2011. All rights reserved.)
S3 TmBusEn; C:\Windows\System32\DRIVERS\TmBusEn.sys [30208 2011-01-26] (Guillemot Corporation)
S3 TmFilter; C:\Windows\System32\DRIVERS\TmFilter.sys [24576 2011-01-26] (Guillemot Corporation)
S3 TmHid; C:\Windows\System32\DRIVERS\TmHid.sys [24704 2011-01-26] (Guillemot Corporation)
U3 abfjjhdq; C:\Windows\System32\Drivers\abfjjhdq.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-25 14:39 - 2014-01-25 14:39 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2014-01-25 13:31 - 2014-01-25 13:31 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-25 13:15 - 2014-01-25 13:21 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\DAEMON Tools Lite
2014-01-25 13:15 - 2014-01-25 13:15 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-25 13:14 - 2014-01-25 13:15 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-25 13:05 - 2014-01-25 13:05 - 00000444 __RSH C:\Users\Bruno Woitke\ntuser.pol
2014-01-25 12:54 - 2014-01-25 13:15 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\OpenCandy
2014-01-25 10:24 - 2014-01-25 10:24 - 01977432 _____ C:\Users\Bruno Woitke\Downloads\winrar-x64-501.exe
2014-01-25 08:26 - 2014-01-25 08:26 - 00512784 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avastclear_9.0.2013.exe
2014-01-25 00:17 - 2014-01-25 00:17 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\AVAST Software
2014-01-25 00:16 - 2014-01-25 00:16 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-25 00:16 - 2014-01-25 00:16 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-25 00:16 - 2014-01-25 00:16 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-25 00:12 - 2014-01-25 00:15 - 126784568 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avast_internet_security_setup.exe
2014-01-25 00:12 - 2014-01-25 00:12 - 00001651 _____ C:\Users\Bruno Woitke\Downloads\License.avastlic
2014-01-25 00:06 - 2014-01-25 13:17 - 00431474 _____ C:\Windows\PFRO.log
2014-01-24 23:51 - 2014-01-26 08:54 - 00000392 _____ C:\Windows\setupact.log
2014-01-24 23:51 - 2014-01-24 23:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-24 19:38 - 2014-01-25 10:24 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-24 16:07 - 2014-01-25 00:31 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-24 14:47 - 2014-01-24 14:47 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\BrowserSafeguard
2014-01-24 14:39 - 2014-01-24 14:43 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-24 07:50 - 2014-01-24 07:51 - 00030496 _____ C:\Users\Bruno Woitke\Downloads\Addition.txt
2014-01-24 07:49 - 2014-01-24 07:49 - 00000000 ____D C:\FRST
2014-01-24 07:36 - 2014-01-24 07:36 - 02077696 _____ (Farbar) C:\Users\Bruno Woitke\Downloads\FRST64.exe
2014-01-23 16:35 - 2014-01-23 16:34 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 02434048 _____ C:\Users\Bruno Woitke\Downloads\msxml.msi
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Secunia PSI
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Program Files (x86)\Secunia
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Malwarebytes
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 12:15 - 2014-01-23 12:15 - 00000000 ____D C:\ProgramData\GridinSoft
2014-01-23 09:23 - 2014-01-23 09:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-23 09:22 - 2014-01-23 09:36 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-23 06:35 - 2014-01-23 06:35 - 01972945 _____ C:\Users\Bruno Woitke\Desktop\Definition Update für Windows Defender-Problembehandlung.webarchive
2014-01-21 16:57 - 2014-01-21 16:57 - 00000000 ____D C:\YOUR_XPLANE_ROOT_FOLDER
2014-01-20 12:09 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-20 12:09 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-20 12:09 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-20 12:09 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-20 12:09 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-20 12:09 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-20 12:09 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-20 12:09 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-20 12:09 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-20 12:09 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-20 12:09 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-20 12:09 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-20 12:09 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-20 12:09 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-20 12:09 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-20 12:09 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-20 12:09 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-20 12:09 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-20 12:09 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-20 12:09 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-20 12:09 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-20 12:09 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-20 12:09 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-20 12:09 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-20 12:09 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-16 20:47 - 2014-01-16 20:47 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 20:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-16 20:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-16 20:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-16 20:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 20:31 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 20:31 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 20:31 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-08 13:11 - 2014-01-08 16:56 - 00000000 ____D C:\Program Files (x86)\X-Plane 10
2013-12-30 10:41 - 2013-12-30 10:41 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-12-30 10:27 - 2014-01-26 09:57 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-12-30 10:27 - 2014-01-25 11:16 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\WinZipper
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Windows\system32\log
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\iSafe
2013-12-30 09:38 - 2013-12-30 09:39 - 00000000 ____D C:\ProgramData\VisualBee
2013-12-30 09:38 - 2013-12-30 09:38 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\emaze
2013-12-30 09:34 - 2014-01-23 14:11 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-30 09:34 - 2014-01-23 13:11 - 00000000 ____D C:\ProgramData\Updater
2013-12-30 09:34 - 2014-01-07 15:54 - 00000000 ____D C:\ProgramData\WPM
2013-12-28 18:37 - 2013-12-28 18:37 - 01911637 _____ C:\Users\Bruno Woitke\Desktop\Probleme Notenlesen Für Elise.webarchive
2013-12-28 17:22 - 2013-12-30 10:28 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Mobogenie
2013-12-28 17:22 - 2013-12-30 10:23 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\genienext
2013-12-28 17:22 - 2013-12-30 10:23 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\cache
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\Documents\Mobogenie
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\.android
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 _____ C:\Users\Bruno Woitke\daemonprocess.txt
2013-12-28 17:11 - 2013-12-28 17:28 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\systweak

==================== One Month Modified Files and Folders =======

2014-01-26 10:01 - 2009-07-14 05:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 10:01 - 2009-07-14 05:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 09:58 - 2012-04-18 13:38 - 01280516 _____ C:\Windows\WindowsUpdate.log
2014-01-26 09:57 - 2013-12-30 10:27 - 00000000 ____D C:\Program Files (x86)\WinZipper
2014-01-26 09:55 - 2012-02-18 15:46 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Skype
2014-01-26 08:54 - 2014-01-24 23:51 - 00000392 _____ C:\Windows\setupact.log
2014-01-26 08:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 15:03 - 2012-03-29 20:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 14:42 - 2012-03-25 10:57 - 00000073 _____ C:\Users\Bruno Woitke\AppData\Local\X-Plane_drm.prf
2014-01-25 14:39 - 2014-01-25 14:39 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2014-01-25 13:31 - 2014-01-25 13:31 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-25 13:21 - 2014-01-25 13:15 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\DAEMON Tools Lite
2014-01-25 13:19 - 2011-12-18 21:56 - 00000080 _____ C:\Users\Bruno Woitke\AppData\Local\X-Plane Installer.prf
2014-01-25 13:17 - 2014-01-25 00:06 - 00431474 _____ C:\Windows\PFRO.log
2014-01-25 13:15 - 2014-01-25 13:15 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-25 13:15 - 2014-01-25 13:14 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-25 13:15 - 2014-01-25 12:54 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\OpenCandy
2014-01-25 13:15 - 2011-12-31 12:42 - 00381440 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-01-25 13:05 - 2014-01-25 13:05 - 00000444 __RSH C:\Users\Bruno Woitke\ntuser.pol
2014-01-25 13:05 - 2011-12-18 16:36 - 00000000 ____D C:\Users\Bruno Woitke
2014-01-25 13:05 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-25 13:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2014-01-25 11:16 - 2013-12-30 10:27 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\WinZipper
2014-01-25 10:24 - 2014-01-25 10:24 - 01977432 _____ C:\Users\Bruno Woitke\Downloads\winrar-x64-501.exe
2014-01-25 10:24 - 2014-01-24 19:38 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-25 10:24 - 2013-03-01 07:42 - 00000000 ____D C:\Program Files\WinRAR
2014-01-25 08:26 - 2014-01-25 08:26 - 00512784 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avastclear_9.0.2013.exe
2014-01-25 00:31 - 2014-01-24 16:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-25 00:17 - 2014-01-25 00:17 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\AVAST Software
2014-01-25 00:16 - 2014-01-25 00:16 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-25 00:16 - 2014-01-25 00:16 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-25 00:16 - 2014-01-25 00:16 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-25 00:15 - 2014-01-25 00:12 - 126784568 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avast_internet_security_setup.exe
2014-01-25 00:15 - 2011-12-18 21:27 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-25 00:12 - 2014-01-25 00:12 - 00001651 _____ C:\Users\Bruno Woitke\Downloads\License.avastlic
2014-01-24 23:51 - 2014-01-24 23:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-24 23:47 - 2011-12-18 16:25 - 00000000 ____D C:\Windows\Panther
2014-01-24 23:37 - 2013-11-17 16:28 - 00001912 _____ C:\Windows\epplauncher.mif
2014-01-24 22:25 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-24 21:33 - 2012-11-21 09:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-24 18:48 - 2013-12-26 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-24 16:31 - 2012-11-24 14:52 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2014-01-24 16:13 - 2011-12-18 21:29 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2014-01-24 16:01 - 2011-12-21 19:25 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Google
2014-01-24 16:01 - 2011-12-21 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-24 15:42 - 2011-12-19 20:04 - 00000000 ____D C:\Users\Public\Documents\Avast Rechnung
2014-01-24 14:48 - 2013-10-26 11:17 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2014-01-24 14:48 - 2011-12-18 16:36 - 00000000 ___RD C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-24 14:47 - 2014-01-24 14:47 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\BrowserSafeguard
2014-01-24 14:43 - 2014-01-24 14:39 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-24 12:50 - 2012-09-26 18:30 - 00000000 ____D C:\Program Files (x86)\DIABASS5
2014-01-24 07:51 - 2014-01-24 07:50 - 00030496 _____ C:\Users\Bruno Woitke\Downloads\Addition.txt
2014-01-24 07:49 - 2014-01-24 07:49 - 00000000 ____D C:\FRST
2014-01-24 07:36 - 2014-01-24 07:36 - 02077696 _____ (Farbar) C:\Users\Bruno Woitke\Downloads\FRST64.exe
2014-01-23 16:38 - 2012-09-14 10:25 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2014-01-23 16:35 - 2012-03-29 20:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-23 16:35 - 2012-03-29 20:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-23 16:35 - 2011-12-18 23:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-23 16:34 - 2014-01-23 16:35 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 02434048 _____ C:\Users\Bruno Woitke\Downloads\msxml.msi
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-23 16:34 - 2011-12-20 16:28 - 00000000 ____D C:\Program Files\Java
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Secunia PSI
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Program Files (x86)\Secunia
2014-01-23 14:11 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-23 13:11 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\Updater
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Malwarebytes
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 12:15 - 2014-01-23 12:15 - 00000000 ____D C:\ProgramData\GridinSoft
2014-01-23 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-23 09:36 - 2014-01-23 09:22 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-23 09:23 - 2014-01-23 09:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-23 06:58 - 2011-04-12 08:43 - 00713556 _____ C:\Windows\system32\perfh007.dat
2014-01-23 06:58 - 2011-04-12 08:43 - 00155492 _____ C:\Windows\system32\perfc007.dat
2014-01-23 06:58 - 2009-07-14 06:13 - 01658748 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-23 06:35 - 2014-01-23 06:35 - 01972945 _____ C:\Users\Bruno Woitke\Desktop\Definition Update für Windows Defender-Problembehandlung.webarchive
2014-01-21 16:57 - 2014-01-21 16:57 - 00000000 ____D C:\YOUR_XPLANE_ROOT_FOLDER
2014-01-21 13:49 - 2011-12-18 23:03 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Adobe
2014-01-20 12:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-20 11:57 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-16 20:52 - 2009-07-14 05:45 - 00419352 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 20:50 - 2013-10-26 10:56 - 00000000 ____D C:\ProgramData\Oracle
2014-01-16 20:47 - 2014-01-16 20:47 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 20:47 - 2013-06-25 11:45 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-16 20:36 - 2013-07-26 15:06 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 20:36 - 2011-12-27 18:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 20:34 - 2011-12-18 18:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-08 16:56 - 2014-01-08 13:11 - 00000000 ____D C:\Program Files (x86)\X-Plane 10
2014-01-08 12:40 - 2012-02-17 18:04 - 00000147 _____ C:\Users\Bruno Woitke\AppData\Local\x-plane_install_10.txt
2014-01-07 15:54 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\WPM
2014-01-07 12:23 - 2013-11-23 18:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-30 13:38 - 2011-12-18 22:46 - 00139816 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-12-30 13:01 - 2013-03-27 10:54 - 00001641 _____ C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-30 10:41 - 2013-12-30 10:41 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-12-30 10:28 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Mobogenie
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Windows\system32\log
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\iSafe
2013-12-30 10:23 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\genienext
2013-12-30 10:23 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\cache
2013-12-30 09:39 - 2013-12-30 09:38 - 00000000 ____D C:\ProgramData\VisualBee
2013-12-30 09:38 - 2013-12-30 09:38 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\emaze
2013-12-30 09:34 - 2011-12-18 20:48 - 00108904 _____ C:\Users\Bruno Woitke\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-28 18:37 - 2013-12-28 18:37 - 01911637 _____ C:\Users\Bruno Woitke\Desktop\Probleme Notenlesen Für Elise.webarchive
2013-12-28 17:28 - 2013-12-28 17:11 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\systweak
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\Documents\Mobogenie
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\.android
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 _____ C:\Users\Bruno Woitke\daemonprocess.txt

Some content of TEMP:
====================
C:\Users\Bruno Woitke\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\Installer_Windows.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nsaA02.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nsaE744.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nskC15.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nskE957.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nspECB1.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\SHSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\SpeedAnalysisSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite18043.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite50149.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite74442.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-23 10:08

==================== End Of Log ============================
--- --- ---

--- --- ---
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Bruno Woitke (administrator) on BRUNOWOITKE-PC on 26-01-2014 10:01:21
Running from C:\Users\Bruno Woitke\AppData\Local\Temp\6s1fkw6i.tmp
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Users\Bruno Woitke\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [EPSON SX125 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
MountPoints2: {c7d73c29-41f8-11e2-a3ac-3451c9f073a2} - G:\LaunchU3.exe -a
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28064DAE75CBCE01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388392424&from=adks&uid=WDCXWD1001FALS-403AA0_WD-WCATR829158891588&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=151111&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=151111&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={2EB3139A-5F2B-11E2-B30A-3451C9F073A2}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119656&babsrc=SP_ss&mntrId=3EAF2654530AAE4E
SearchScopes: HKCU - {226E4D82-07F6-44AF-A13E-624E89A8787E} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=3eaf69970000000000002654530aae4e&toi=16095&r=209
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={0CC91768-17B1-4F44-8D99-F916EA8CCE88}&mid=62651be1608c47d1a5d2e5188f149a51-003f5cbffa1e8d212e85183bcd3a0a8217f03ea3&lang=de&ds=tt014&pr=sa&d=2011-12-24 22:28:31&v=8.0.0.34&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=151111&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
SearchScopes: HKCU - {D9D2E472-C2FD-48F8-B29A-028C42606DAD} URL = hxxp://suche.aol.de/aol/search?s_it=tb50winamp&q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={2EB3139A-5F2B-11E2-B30A-3451C9F073A2}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Searchcore Toolbar - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - No File
BHO-x32: StumbleUpon - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Bruno Woitke\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Searchcore Toolbar - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - No File
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829
FF user.js: detected! => C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\user.js
FF Homepage: hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP9B1FA831-7F1E-4CE6-ABA7-52EF3B662FC5&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\aol-suche.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Yahoo! Toolbar - C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-01-23]
FF Extension: Speed Analysis 2 - C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles\5ya9jzsl.default-1353517694829\Extensions\speedanalysis02@SpeedAnalysis.com.xpi [2013-10-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-25]
FF HKCU\...\Firefox\Extensions: [specialsavings@superfish.com] - C:\Users\Bruno Woitke\AppData\Roaming\Mozilla\Firefox\Profiles/mwhfc4po.default\extensions\specialsavings@superfish.com

==================== Services (Whitelisted) =================

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-25] (AVAST Software)
R2 hasplms; C:\Windows\system32\hasplms.exe [4883400 2011-10-18] (SafeNet Inc.)
R2 StumbleUponUpdater; C:\Users\Bruno Woitke\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] ()
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-12-30] (Taiwan Shui Mu Chih Ching Technology Limited.)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-01-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-25] ()
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2013-06-14] (Devguru Co., Ltd)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-25] (Duplex Secure Ltd.)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [77312 2011-01-12] (© Guillemot R&D, 2011. All rights reserved.)
S3 TmBusEn; C:\Windows\System32\DRIVERS\TmBusEn.sys [30208 2011-01-26] (Guillemot Corporation)
S3 TmFilter; C:\Windows\System32\DRIVERS\TmFilter.sys [24576 2011-01-26] (Guillemot Corporation)
S3 TmHid; C:\Windows\System32\DRIVERS\TmHid.sys [24704 2011-01-26] (Guillemot Corporation)
U3 abfjjhdq; C:\Windows\System32\Drivers\abfjjhdq.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-25 14:39 - 2014-01-25 14:39 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2014-01-25 13:31 - 2014-01-25 13:31 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-25 13:15 - 2014-01-25 13:21 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\DAEMON Tools Lite
2014-01-25 13:15 - 2014-01-25 13:15 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-25 13:14 - 2014-01-25 13:15 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-25 13:05 - 2014-01-25 13:05 - 00000444 __RSH C:\Users\Bruno Woitke\ntuser.pol
2014-01-25 12:54 - 2014-01-25 13:15 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\OpenCandy
2014-01-25 10:24 - 2014-01-25 10:24 - 01977432 _____ C:\Users\Bruno Woitke\Downloads\winrar-x64-501.exe
2014-01-25 08:26 - 2014-01-25 08:26 - 00512784 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avastclear_9.0.2013.exe
2014-01-25 00:17 - 2014-01-25 00:17 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\AVAST Software
2014-01-25 00:16 - 2014-01-25 00:16 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-25 00:16 - 2014-01-25 00:16 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-25 00:16 - 2014-01-25 00:16 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-25 00:12 - 2014-01-25 00:15 - 126784568 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avast_internet_security_setup.exe
2014-01-25 00:12 - 2014-01-25 00:12 - 00001651 _____ C:\Users\Bruno Woitke\Downloads\License.avastlic
2014-01-25 00:06 - 2014-01-25 13:17 - 00431474 _____ C:\Windows\PFRO.log
2014-01-24 23:51 - 2014-01-26 08:54 - 00000392 _____ C:\Windows\setupact.log
2014-01-24 23:51 - 2014-01-24 23:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-24 19:38 - 2014-01-25 10:24 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-24 16:07 - 2014-01-25 00:31 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-24 14:47 - 2014-01-24 14:47 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\BrowserSafeguard
2014-01-24 14:39 - 2014-01-24 14:43 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-24 07:50 - 2014-01-24 07:51 - 00030496 _____ C:\Users\Bruno Woitke\Downloads\Addition.txt
2014-01-24 07:49 - 2014-01-24 07:49 - 00000000 ____D C:\FRST
2014-01-24 07:36 - 2014-01-24 07:36 - 02077696 _____ (Farbar) C:\Users\Bruno Woitke\Downloads\FRST64.exe
2014-01-23 16:35 - 2014-01-23 16:34 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 02434048 _____ C:\Users\Bruno Woitke\Downloads\msxml.msi
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Secunia PSI
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Program Files (x86)\Secunia
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Malwarebytes
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 12:15 - 2014-01-23 12:15 - 00000000 ____D C:\ProgramData\GridinSoft
2014-01-23 09:23 - 2014-01-23 09:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-23 09:22 - 2014-01-23 09:36 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-23 06:35 - 2014-01-23 06:35 - 01972945 _____ C:\Users\Bruno Woitke\Desktop\Definition Update für Windows Defender-Problembehandlung.webarchive
2014-01-21 16:57 - 2014-01-21 16:57 - 00000000 ____D C:\YOUR_XPLANE_ROOT_FOLDER
2014-01-20 12:09 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-20 12:09 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-20 12:09 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-20 12:09 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-20 12:09 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-20 12:09 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-20 12:09 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-20 12:09 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-20 12:09 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-20 12:09 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-20 12:09 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-20 12:09 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-20 12:09 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-20 12:09 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-20 12:09 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-20 12:09 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-20 12:09 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-20 12:09 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-20 12:09 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-20 12:09 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-20 12:09 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-20 12:09 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-20 12:09 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-20 12:09 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-20 12:09 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-16 20:47 - 2014-01-16 20:47 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 20:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-16 20:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-16 20:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-16 20:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 20:31 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 20:31 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 20:31 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 20:31 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-08 13:11 - 2014-01-08 16:56 - 00000000 ____D C:\Program Files (x86)\X-Plane 10
2013-12-30 10:41 - 2013-12-30 10:41 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-12-30 10:27 - 2014-01-26 09:57 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-12-30 10:27 - 2014-01-25 11:16 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\WinZipper
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Windows\system32\log
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\iSafe
2013-12-30 09:38 - 2013-12-30 09:39 - 00000000 ____D C:\ProgramData\VisualBee
2013-12-30 09:38 - 2013-12-30 09:38 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\emaze
2013-12-30 09:34 - 2014-01-23 14:11 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-30 09:34 - 2014-01-23 13:11 - 00000000 ____D C:\ProgramData\Updater
2013-12-30 09:34 - 2014-01-07 15:54 - 00000000 ____D C:\ProgramData\WPM
2013-12-28 18:37 - 2013-12-28 18:37 - 01911637 _____ C:\Users\Bruno Woitke\Desktop\Probleme Notenlesen Für Elise.webarchive
2013-12-28 17:22 - 2013-12-30 10:28 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Mobogenie
2013-12-28 17:22 - 2013-12-30 10:23 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\genienext
2013-12-28 17:22 - 2013-12-30 10:23 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\cache
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\Documents\Mobogenie
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\.android
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 _____ C:\Users\Bruno Woitke\daemonprocess.txt
2013-12-28 17:11 - 2013-12-28 17:28 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\systweak

Rest sende ich weil zu groß gewesen

Alt 26.01.2014, 10:41   #13
bwoi
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


Code:
ATTFilter
==================== One Month Modified Files and Folders =======

2014-01-26 10:01 - 2009-07-14 05:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 10:01 - 2009-07-14 05:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 09:58 - 2012-04-18 13:38 - 01280516 _____ C:\Windows\WindowsUpdate.log
2014-01-26 09:57 - 2013-12-30 10:27 - 00000000 ____D C:\Program Files (x86)\WinZipper
2014-01-26 09:55 - 2012-02-18 15:46 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Skype
2014-01-26 08:54 - 2014-01-24 23:51 - 00000392 _____ C:\Windows\setupact.log
2014-01-26 08:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 15:03 - 2012-03-29 20:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 14:42 - 2012-03-25 10:57 - 00000073 _____ C:\Users\Bruno Woitke\AppData\Local\X-Plane_drm.prf
2014-01-25 14:39 - 2014-01-25 14:39 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2014-01-25 13:31 - 2014-01-25 13:31 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-25 13:21 - 2014-01-25 13:15 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\DAEMON Tools Lite
2014-01-25 13:19 - 2011-12-18 21:56 - 00000080 _____ C:\Users\Bruno Woitke\AppData\Local\X-Plane Installer.prf
2014-01-25 13:17 - 2014-01-25 00:06 - 00431474 _____ C:\Windows\PFRO.log
2014-01-25 13:15 - 2014-01-25 13:15 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-25 13:15 - 2014-01-25 13:14 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-25 13:15 - 2014-01-25 12:54 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\OpenCandy
2014-01-25 13:15 - 2011-12-31 12:42 - 00381440 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-01-25 13:05 - 2014-01-25 13:05 - 00000444 __RSH C:\Users\Bruno Woitke\ntuser.pol
2014-01-25 13:05 - 2011-12-18 16:36 - 00000000 ____D C:\Users\Bruno Woitke
2014-01-25 13:05 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-25 13:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2014-01-25 11:16 - 2013-12-30 10:27 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\WinZipper
2014-01-25 10:24 - 2014-01-25 10:24 - 01977432 _____ C:\Users\Bruno Woitke\Downloads\winrar-x64-501.exe
2014-01-25 10:24 - 2014-01-24 19:38 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-25 10:24 - 2013-03-01 07:42 - 00000000 ____D C:\Program Files\WinRAR
2014-01-25 08:26 - 2014-01-25 08:26 - 00512784 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avastclear_9.0.2013.exe
2014-01-25 00:31 - 2014-01-24 16:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-25 00:17 - 2014-01-25 00:17 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\AVAST Software
2014-01-25 00:16 - 2014-01-25 00:16 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-25 00:16 - 2014-01-25 00:16 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-25 00:16 - 2014-01-25 00:16 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-25 00:15 - 2014-01-25 00:12 - 126784568 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avast_internet_security_setup.exe
2014-01-25 00:15 - 2011-12-18 21:27 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-25 00:12 - 2014-01-25 00:12 - 00001651 _____ C:\Users\Bruno Woitke\Downloads\License.avastlic
2014-01-24 23:51 - 2014-01-24 23:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-24 23:47 - 2011-12-18 16:25 - 00000000 ____D C:\Windows\Panther
2014-01-24 23:37 - 2013-11-17 16:28 - 00001912 _____ C:\Windows\epplauncher.mif
2014-01-24 22:25 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-24 21:33 - 2012-11-21 09:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-24 18:48 - 2013-12-26 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-24 16:31 - 2012-11-24 14:52 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2014-01-24 16:13 - 2011-12-18 21:29 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2014-01-24 16:01 - 2011-12-21 19:25 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Google
2014-01-24 16:01 - 2011-12-21 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-24 15:42 - 2011-12-19 20:04 - 00000000 ____D C:\Users\Public\Documents\Avast Rechnung
2014-01-24 14:48 - 2013-10-26 11:17 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2014-01-24 14:48 - 2011-12-18 16:36 - 00000000 ___RD C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-24 14:47 - 2014-01-24 14:47 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\BrowserSafeguard
2014-01-24 14:43 - 2014-01-24 14:39 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-24 12:50 - 2012-09-26 18:30 - 00000000 ____D C:\Program Files (x86)\DIABASS5
2014-01-24 07:51 - 2014-01-24 07:50 - 00030496 _____ C:\Users\Bruno Woitke\Downloads\Addition.txt
2014-01-24 07:49 - 2014-01-24 07:49 - 00000000 ____D C:\FRST
2014-01-24 07:36 - 2014-01-24 07:36 - 02077696 _____ (Farbar) C:\Users\Bruno Woitke\Downloads\FRST64.exe
2014-01-23 16:38 - 2012-09-14 10:25 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2014-01-23 16:35 - 2012-03-29 20:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-23 16:35 - 2012-03-29 20:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-23 16:35 - 2011-12-18 23:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-23 16:34 - 2014-01-23 16:35 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 02434048 _____ C:\Users\Bruno Woitke\Downloads\msxml.msi
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-23 16:34 - 2011-12-20 16:28 - 00000000 ____D C:\Program Files\Java
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Secunia PSI
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Program Files (x86)\Secunia
2014-01-23 14:11 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-23 13:11 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\Updater
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Malwarebytes
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 12:15 - 2014-01-23 12:15 - 00000000 ____D C:\ProgramData\GridinSoft
2014-01-23 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-23 09:36 - 2014-01-23 09:22 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-23 09:23 - 2014-01-23 09:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-23 06:58 - 2011-04-12 08:43 - 00713556 _____ C:\Windows\system32\perfh007.dat
2014-01-23 06:58 - 2011-04-12 08:43 - 00155492 _____ C:\Windows\system32\perfc007.dat
2014-01-23 06:58 - 2009-07-14 06:13 - 01658748 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-23 06:35 - 2014-01-23 06:35 - 01972945 _____ C:\Users\Bruno Woitke\Desktop\Definition Update für Windows Defender-Problembehandlung.webarchive
2014-01-21 16:57 - 2014-01-21 16:57 - 00000000 ____D C:\YOUR_XPLANE_ROOT_FOLDER
2014-01-21 13:49 - 2011-12-18 23:03 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Adobe
2014-01-20 12:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-20 11:57 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-16 20:52 - 2009-07-14 05:45 - 00419352 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 20:50 - 2013-10-26 10:56 - 00000000 ____D C:\ProgramData\Oracle
2014-01-16 20:47 - 2014-01-16 20:47 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 20:47 - 2013-06-25 11:45 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-16 20:36 - 2013-07-26 15:06 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 20:36 - 2011-12-27 18:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 20:34 - 2011-12-18 18:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-08 16:56 - 2014-01-08 13:11 - 00000000 ____D C:\Program Files (x86)\X-Plane 10
2014-01-08 12:40 - 2012-02-17 18:04 - 00000147 _____ C:\Users\Bruno Woitke\AppData\Local\x-plane_install_10.txt
2014-01-07 15:54 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\WPM
2014-01-07 12:23 - 2013-11-23 18:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-30 13:38 - 2011-12-18 22:46 - 00139816 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-12-30 13:01 - 2013-03-27 10:54 - 00001641 _____ C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-30 10:41 - 2013-12-30 10:41 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-12-30 10:28 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Mobogenie
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Windows\system32\log
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\iSafe
2013-12-30 10:23 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\genienext
2013-12-30 10:23 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\cache
2013-12-30 09:39 - 2013-12-30 09:38 - 00000000 ____D C:\ProgramData\VisualBee
2013-12-30 09:38 - 2013-12-30 09:38 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\emaze
2013-12-30 09:34 - 2011-12-18 20:48 - 00108904 _____ C:\Users\Bruno Woitke\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-28 18:37 - 2013-12-28 18:37 - 01911637 _____ C:\Users\Bruno Woitke\Desktop\Probleme Notenlesen Für Elise.webarchive
2013-12-28 17:28 - 2013-12-28 17:11 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\systweak
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\Documents\Mobogenie
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\.android
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 _____ C:\Users\Bruno Woitke\daemonprocess.txt

Some content of TEMP:
====================
C:\Users\Bruno Woitke\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\Installer_Windows.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nsaA02.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nsaE744.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nskC15.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nskE957.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nspECB1.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\SHSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\SpeedAnalysisSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite18043.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite50149.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite74442.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-23 10:08

==================== End Of Log ============================
[/CODE]

Ja da bin ich gespannt wo der trojanische Schädling ist Win32/Matsnu ...:-)

Code:
ATTFilter
==================== One Month Modified Files and Folders =======

2014-01-26 10:01 - 2009-07-14 05:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 10:01 - 2009-07-14 05:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 09:58 - 2012-04-18 13:38 - 01280516 _____ C:\Windows\WindowsUpdate.log
2014-01-26 09:57 - 2013-12-30 10:27 - 00000000 ____D C:\Program Files (x86)\WinZipper
2014-01-26 09:55 - 2012-02-18 15:46 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Skype
2014-01-26 08:54 - 2014-01-24 23:51 - 00000392 _____ C:\Windows\setupact.log
2014-01-26 08:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 15:03 - 2012-03-29 20:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 14:42 - 2012-03-25 10:57 - 00000073 _____ C:\Users\Bruno Woitke\AppData\Local\X-Plane_drm.prf
2014-01-25 14:39 - 2014-01-25 14:39 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2014-01-25 13:31 - 2014-01-25 13:31 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-25 13:21 - 2014-01-25 13:15 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\DAEMON Tools Lite
2014-01-25 13:19 - 2011-12-18 21:56 - 00000080 _____ C:\Users\Bruno Woitke\AppData\Local\X-Plane Installer.prf
2014-01-25 13:17 - 2014-01-25 00:06 - 00431474 _____ C:\Windows\PFRO.log
2014-01-25 13:15 - 2014-01-25 13:15 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2014-01-25 13:15 - 2014-01-25 13:14 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-25 13:15 - 2014-01-25 12:54 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\OpenCandy
2014-01-25 13:15 - 2011-12-31 12:42 - 00381440 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-01-25 13:05 - 2014-01-25 13:05 - 00000444 __RSH C:\Users\Bruno Woitke\ntuser.pol
2014-01-25 13:05 - 2011-12-18 16:36 - 00000000 ____D C:\Users\Bruno Woitke
2014-01-25 13:05 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-25 13:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2014-01-25 11:16 - 2013-12-30 10:27 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\WinZipper
2014-01-25 10:24 - 2014-01-25 10:24 - 01977432 _____ C:\Users\Bruno Woitke\Downloads\winrar-x64-501.exe
2014-01-25 10:24 - 2014-01-24 19:38 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-25 10:24 - 2013-03-01 07:42 - 00000000 ____D C:\Program Files\WinRAR
2014-01-25 08:26 - 2014-01-25 08:26 - 00512784 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avastclear_9.0.2013.exe
2014-01-25 00:31 - 2014-01-24 16:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-25 00:17 - 2014-01-25 00:17 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\AVAST Software
2014-01-25 00:16 - 2014-01-25 00:16 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-25 00:16 - 2014-01-25 00:16 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-25 00:16 - 2014-01-25 00:16 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-25 00:16 - 2014-01-25 00:16 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-25 00:15 - 2014-01-25 00:12 - 126784568 _____ (AVAST Software) C:\Users\Bruno Woitke\Downloads\avast_internet_security_setup.exe
2014-01-25 00:15 - 2011-12-18 21:27 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-25 00:12 - 2014-01-25 00:12 - 00001651 _____ C:\Users\Bruno Woitke\Downloads\License.avastlic
2014-01-24 23:51 - 2014-01-24 23:51 - 00000000 _____ C:\Windows\setuperr.log
2014-01-24 23:47 - 2011-12-18 16:25 - 00000000 ____D C:\Windows\Panther
2014-01-24 23:37 - 2013-11-17 16:28 - 00001912 _____ C:\Windows\epplauncher.mif
2014-01-24 22:25 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-24 21:33 - 2012-11-21 09:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-24 18:48 - 2013-12-26 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-24 16:31 - 2012-11-24 14:52 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2014-01-24 16:13 - 2011-12-18 21:29 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2014-01-24 16:01 - 2011-12-21 19:25 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Google
2014-01-24 16:01 - 2011-12-21 19:25 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-24 15:42 - 2011-12-19 20:04 - 00000000 ____D C:\Users\Public\Documents\Avast Rechnung
2014-01-24 14:48 - 2013-10-26 11:17 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2014-01-24 14:48 - 2011-12-18 16:36 - 00000000 ___RD C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-24 14:47 - 2014-01-24 14:47 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\BrowserSafeguard
2014-01-24 14:43 - 2014-01-24 14:39 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-24 12:50 - 2012-09-26 18:30 - 00000000 ____D C:\Program Files (x86)\DIABASS5
2014-01-24 07:51 - 2014-01-24 07:50 - 00030496 _____ C:\Users\Bruno Woitke\Downloads\Addition.txt
2014-01-24 07:49 - 2014-01-24 07:49 - 00000000 ____D C:\FRST
2014-01-24 07:36 - 2014-01-24 07:36 - 02077696 _____ (Farbar) C:\Users\Bruno Woitke\Downloads\FRST64.exe
2014-01-23 16:38 - 2012-09-14 10:25 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2014-01-23 16:35 - 2012-03-29 20:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-23 16:35 - 2012-03-29 20:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-23 16:35 - 2011-12-18 23:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-23 16:34 - 2014-01-23 16:35 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 02434048 _____ C:\Users\Bruno Woitke\Downloads\msxml.msi
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 16:34 - 2014-01-23 16:34 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-23 16:34 - 2011-12-20 16:28 - 00000000 ____D C:\Program Files\Java
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Secunia PSI
2014-01-23 16:29 - 2014-01-23 16:29 - 00000000 ____D C:\Program Files (x86)\Secunia
2014-01-23 14:11 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-23 13:11 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\Updater
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\Malwarebytes
2014-01-23 12:40 - 2014-01-23 12:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 12:15 - 2014-01-23 12:15 - 00000000 ____D C:\ProgramData\GridinSoft
2014-01-23 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-23 09:36 - 2014-01-23 09:22 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-23 09:23 - 2014-01-23 09:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-23 06:58 - 2011-04-12 08:43 - 00713556 _____ C:\Windows\system32\perfh007.dat
2014-01-23 06:58 - 2011-04-12 08:43 - 00155492 _____ C:\Windows\system32\perfc007.dat
2014-01-23 06:58 - 2009-07-14 06:13 - 01658748 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-23 06:35 - 2014-01-23 06:35 - 01972945 _____ C:\Users\Bruno Woitke\Desktop\Definition Update für Windows Defender-Problembehandlung.webarchive
2014-01-21 16:57 - 2014-01-21 16:57 - 00000000 ____D C:\YOUR_XPLANE_ROOT_FOLDER
2014-01-21 13:49 - 2011-12-18 23:03 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Adobe
2014-01-20 12:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-20 11:57 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-16 20:52 - 2009-07-14 05:45 - 00419352 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 20:50 - 2013-10-26 10:56 - 00000000 ____D C:\ProgramData\Oracle
2014-01-16 20:47 - 2014-01-16 20:47 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 20:47 - 2013-06-25 11:45 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-16 20:36 - 2013-07-26 15:06 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 20:36 - 2011-12-27 18:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 20:34 - 2011-12-18 18:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-08 16:56 - 2014-01-08 13:11 - 00000000 ____D C:\Program Files (x86)\X-Plane 10
2014-01-08 12:40 - 2012-02-17 18:04 - 00000147 _____ C:\Users\Bruno Woitke\AppData\Local\x-plane_install_10.txt
2014-01-07 15:54 - 2013-12-30 09:34 - 00000000 ____D C:\ProgramData\WPM
2014-01-07 12:23 - 2013-11-23 18:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-30 13:38 - 2011-12-18 22:46 - 00139816 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-12-30 13:01 - 2013-03-27 10:54 - 00001641 _____ C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-30 10:41 - 2013-12-30 10:41 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-12-30 10:28 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\Mobogenie
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Windows\system32\log
2013-12-30 10:27 - 2013-12-30 10:27 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\iSafe
2013-12-30 10:23 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\genienext
2013-12-30 10:23 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\cache
2013-12-30 09:39 - 2013-12-30 09:38 - 00000000 ____D C:\ProgramData\VisualBee
2013-12-30 09:38 - 2013-12-30 09:38 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Local\emaze
2013-12-30 09:34 - 2011-12-18 20:48 - 00108904 _____ C:\Users\Bruno Woitke\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-28 18:37 - 2013-12-28 18:37 - 01911637 _____ C:\Users\Bruno Woitke\Desktop\Probleme Notenlesen Für Elise.webarchive
2013-12-28 17:28 - 2013-12-28 17:11 - 00000000 ____D C:\Users\Bruno Woitke\AppData\Roaming\systweak
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\Documents\Mobogenie
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Users\Bruno Woitke\.android
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 _____ C:\Users\Bruno Woitke\daemonprocess.txt

Some content of TEMP:
====================
C:\Users\Bruno Woitke\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\Installer_Windows.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nsaA02.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nsaE744.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nskC15.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nskE957.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\nspECB1.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\SHSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\SpeedAnalysisSetup.exe
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite18043.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite50149.dll
C:\Users\Bruno Woitke\AppData\Local\Temp\System.Data.SQLite74442.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-23 10:08

==================== End Of Log ============================
[/CODE]

Die FRS.text Datei war von heute !

Diese Additon von gestern wo ich noch das Essentials drauf hatte. Habe zwischenzeitlich das neuste Avast Security Antivirus installiert!
Heute kam kein Addition.txt auf den Schreibtisch wie beim letzenmal, auch sonst war dieser Text nicht zu finden, weiß nicht warum ?
Mein Besorgnis ist nur das mein Echtname jetzt im Internet sichtbar ist, so im Log-Text zu lesen !
Geändert von bwoi (26.01.2014 um 10:56 Uhr)

Alt 27.01.2014, 07:59   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


1) Die Additonal wird nur beim ersten Scan erstellt, passt

2) Du hast die Forenregeln und die 7 Goldenen Regeln gelesen bzw den Thread wie man hier ein Thema eröffnet? Da steht drin dass in den Logs nichts wichtiges privates drin ist, ausser eben vielleicht der Realname, den kann man aber vor dem Posten der Logs editieren.

Aber kein Stress, das Board hat ein Script, welches von zeit zu zeit durch alle Threads geht und Realnamen entfernt.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste den Inhalt mit deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.01.2014, 22:15   #15
bwoi
 
Trojaner an Bord.... - Standard

Trojaner an Bord....


Hallo Schrauber,
habe im abgesicherten Modus Vista gestartet, mit Microsoft Security Essentials -Vollscan den Trojaner Win32/ Matsnu löschen können.
Hatte es schon 2x mit normal Star versucht und konnte ihn da nur identifizieren, aber nicht löschen...so aber war er weg !

Mache aber trotzdem die von Dir vorgeschlagenen Toolanwendungen ...hoffentlich ist das Ding auch tatsächlich weg, denn Malwarebytes ist nur die Testversion

Gruß Bruno

JRT Logfile:
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Bruno Woitke on 27.01.2014 at 21:48:44,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Bruno Woitke\AppData\Roaming\mozilla\firefox\profiles\5ya9jzsl.default-1353517694829\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2014 at 21:56:03,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Bruno Woitke on 27.01.2014 at 21:48:44,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Bruno Woitke\AppData\Roaming\mozilla\firefox\profiles\5ya9jzsl.default-1353517694829\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2014 at 21:56:03,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Bruno Woitke on 27.01.2014 at 21:48:44,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Bruno Woitke\AppData\Roaming\mozilla\firefox\profiles\5ya9jzsl.default-1353517694829\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2014 at 21:56:03,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Bruno Woitke on 27.01.2014 at 21:48:44,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Bruno Woitke\AppData\Roaming\mozilla\firefox\profiles\5ya9jzsl.default-1353517694829\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2014 at 21:56:03,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Bruno Woitke on 27.01.2014 at 21:48:44,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Bruno Woitke\AppData\Roaming\mozilla\firefox\profiles\5ya9jzsl.default-1353517694829\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2014 at 21:56:03,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Bruno Woitke on 27.01.2014 at 21:48:44,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Bruno Woitke\AppData\Roaming\mozilla\firefox\profiles\5ya9jzsl.default-1353517694829\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2014 at 21:56:03,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Bruno Woitke on 27.01.2014 at 21:48:44,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Bruno Woitke\AppData\Roaming\mozilla\firefox\profiles\5ya9jzsl.default-1353517694829\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2014 at 21:56:03,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Bruno Woitke on 27.01.2014 at 21:48:44,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Bruno Woitke\AppData\Roaming\mozilla\firefox\profiles\5ya9jzsl.default-1353517694829\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.01.2014 at 21:56:03,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/CODE]
--- --- ---

[/CODE]

Code:
ATTFilter
Shortcut Cleaner 1.2.6 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Professional Service Pack 1
Program started at: 01/27/2014 09:57:30 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Bruno Woitke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Bruno Woitke\Desktop


0 bad shortcuts found.

Program finished at: 01/27/2014 09:57:30 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.27.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Bruno Woitke :: BRUNOWOITKE-PC [Administrator]

Schutz: Aktiviert

27.01.2014 21:59:42
mbam-log-2014-01-27 (21-59-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212386
Laufzeit: 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.27.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Bruno Woitke :: BRUNOWOITKE-PC [Administrator]

Schutz: Aktiviert

27.01.2014 21:59:42
mbam-log-2014-01-27 (21-59-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212386
Laufzeit: 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



	
Code: 

 
ATTFilter


  

	
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.27.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Bruno Woitke :: BRUNOWOITKE-PC [Administrator]

Schutz: Aktiviert

27.01.2014 21:59:42
mbam-log-2014-01-27 (21-59-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212386
Laufzeit: 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Geändert von bwoi (27.01.2014 um 21:32 Uhr)

Antwort
Seite 1 von 2 1 2

Themen zu Trojaner an Bord....
aktion, anti-malware, entfernen, ergebnis, erhalte, erneut, forum, gelöscht, hinweis, installiert, kleine, kleinen, mail, malwarebytes, microsoft, problem, professional, prüfen, regeln, security, software, system, trojaner, trojaner "system repair, vista, win


« Internet und Windows 8 Problem | Pornographische Stöhngeräusche aus dem Hintergrund. Trojaner? »


Ähnliche Themen: Trojaner an Bord....


  1. Trojaner an Bord
    Log-Analyse und Auswertung - 20.03.2015 (9)
  2. Trojaner an Bord: searchnu 406
    Log-Analyse und Auswertung - 19.04.2013 (12)
  3. GVU Trojaner an bord :-(
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (23)
  4. Ein Trojaner an Bord?
    Plagegeister aller Art und deren Bekämpfung - 28.03.2011 (28)
  5. Trojaner an bord
    Log-Analyse und Auswertung - 28.02.2010 (1)
  6. Trojaner an Bord
    Log-Analyse und Auswertung - 13.03.2009 (4)
  7. Trojaner on bord
    Plagegeister aller Art und deren Bekämpfung - 29.01.2009 (0)
  8. Trojaner an Bord
    Plagegeister aller Art und deren Bekämpfung - 08.01.2009 (1)
  9. 5 Trojaner an Bord
    Mülltonne - 19.10.2008 (0)
  10. Trojaner an Bord ?
    Mülltonne - 24.08.2008 (0)
  11. Trojaner an Bord, was nun?
    Plagegeister aller Art und deren Bekämpfung - 16.06.2008 (4)
  12. Trojaner an Bord?
    Plagegeister aller Art und deren Bekämpfung - 31.10.2006 (4)
  13. Trojaner an Bord
    Plagegeister aller Art und deren Bekämpfung - 05.02.2006 (1)
  14. Trojaner an Bord
    Log-Analyse und Auswertung - 17.01.2005 (3)
  15. Trojaner an Bord...
    Plagegeister aller Art und deren Bekämpfung - 17.01.2005 (3)
  16. Trojaner an Bord???
    Log-Analyse und Auswertung - 10.08.2004 (1)
  17. Trojaner an Bord?
    Plagegeister aller Art und deren Bekämpfung - 24.02.2003 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner an Bord.... - Hallo, mein Problem ist die erhaltene Mail von bsi.de, mit der Mitteilung das meine Mail ein Sicherheitsrisiko sein soll. Daraufhin habe ich mit Microsoft Security Essentials einen ganze PC System - Trojaner an Bord.......
Archiv
Du betrachtest: Trojaner an Bord.... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131