Internetseiten mit Werbung überfüllt

fredl1212 · 03.02.2014, 08:53

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03
Ran by Lemmen (administrator) on LEMMEN-PC on 03-02-2014 08:30:59
Running from C:\Users\Lemmen\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(iAnywhere Solutions, Inc.) C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Lemmen\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [GDFirewallTray] - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM\...\Run: [G Data AntiVirus Tray] - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)
HKU\S-1-5-21-1436271994-3178008702-3354811721-1000\...\MountPoints2: {40e85345-1286-11e0-9300-806e6f6e6963} - D:\SYSTEM\AUTOSTRT.EXE
HKU\S-1-5-21-1436271994-3178008702-3354811721-1000\...\Winlogon: [Shell] explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs: c:\progra~2\wincert\win32c~1.dll => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20E57B0838B7CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.windowslive.de/startseite.aspx
hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&st=chrome&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&st=chrome&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3&q=
URLSearchHook: HKCU - (No Name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} -  No File
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=adk&from=adk&uid=395049983_397234_3CCE83CE&ts=4522033
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=adk&from=adk&uid=395049983_397234_3CCE83CE&ts=4522033
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=u10666-192&apn_uid=6516239640604431&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2409} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=409&v=a9795-143&apn_uid=6516239640604431&apn_dtid=BND409&o=APN10650&apn_ptnrs=AGB&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=41460&st=bs&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3&q={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.8010003&st=10&q={searchTerms}
SearchScopes: HKCU - DefaultScope {C1DE6CF3-E1D4-433B-8ECA-028B45C2BBFB} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=830
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_wls_Btisdt7&mntrId=3CCE001A4D8008CB&affID=121232&tl=gkn338225&tsp=4999
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=adk&from=adk&uid=395049983_397234_3CCE83CE&ts=4522033
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=u10666-192&apn_uid=6516239640604431&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2409} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=20&systemid=409&v=u10354-178&apn_uid=6516239640604431&apn_dtid=BND409&o=APN10650&apn_ptnrs=AGB&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=41460&st=bs&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3&q={searchTerms}
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = 
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80195&lng=de
SearchScopes: HKCU - {C1DE6CF3-E1D4-433B-8ECA-028B45C2BBFB} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {E373A859-F7F3-468C-9EA9-863B736CEE6D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=069E9D9D-0B45-4797-8ECF-8F4C5B217C66&apn_sauid=96666B1C-59C4-48CC-B786-66E2F340DCB9
SearchScopes: HKCU - {E706A176-350A-4DA0-B266-D2BB7A460E5E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.8010003&st=10&q={searchTerms}
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll ()
BHO: TBSB01620 Class - {58124A0B-DC32-4180-9BFF-E0E21AE34026} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CertifiedToolbar - {8d3ec233-b92d-4187-a506-284127cfba2d} - C:\Users\Lemmen\AppData\Roaming\CertifiedToolbar\CertifiedToolbar.dll (Simplytech Ltd.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: SpecialSavings.Addon - {bb184e6d-26d1-461a-9226-b93ca8da2af9} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Message Faces for Internet Explorer - {E3758FC2-BB95-4B86-84BF-D91F4748EC75} - C:\Program Files\Message Faces for Internet Explorer\x86\messagefaces-ie.dll ()
BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -  No File
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  No File
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKLM - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File
Toolbar: HKLM - CertifiedToolbar - {8d3ec233-b92d-4187-a506-284127cfba2d} - C:\Users\Lemmen\AppData\Roaming\CertifiedToolbar\CertifiedToolbar.dll (Simplytech Ltd.)
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll ()
Toolbar: HKCU - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} -  No File
Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {3AD61E5C-EECB-4896-9C8C-03D61F90D8FE} -  No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553549800} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 31.209.160.100 46.253.66.36

FireFox:
========
FF ProfilePath: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default
FF user.js: detected! => C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc;version=0.8.6f - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\holasearch.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\Linkury Smartbar Search.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: No Name - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\ffxtlbr@babylon.com [2013-09-08]
FF Extension: incredibar.com - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\ffxtlbr@incredibar.com [2012-06-15]
FF Extension: Yontoo - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\plugin@yontoo.com [2013-03-03]
FF Extension: No Name - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\staged [2013-10-03]
FF Extension: webblog Community Toolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{3ad61e5c-eecb-4896-9c8c-03d61f90d8fe} [2012-12-10]
FF Extension: New Tab - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{3C4B4EB3-3EB1-4621-9431-7160289E402F} [2013-06-15]
FF Extension: Shiny Profile - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{6236BA26-C117-4007-928C-DE0716C7FA80} [2013-12-14]
FF Extension: QuickShare Widget - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{6f1909e8-8186-4f90-8b1d-4b69b879e3d1} [2013-03-07]
FF Extension: Freeware.de Community Toolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2012-12-10]
FF Extension: MyAshampoo Community Toolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2012-12-10]
FF Extension: Elf 1.15 Community Toolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} [2012-12-10]
FF Extension: New Tab - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF} [2013-05-19]
FF Extension: IMinent Toolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012-06-23]
FF Extension: CertifiedToolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{dac70ad0-e58c-4d0b-9ac7-eee894ffb0fa} [2013-05-12]
FF Extension: anonymoX - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\client@anonymox.net.xpi [2012-12-30]
FF Extension: Online HD TV - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\onlinehdtv@onlinehd.tv.xpi [2012-12-25]
FF Extension: Adblock Plus - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-25]
FF Extension: COMPUTERBILD-Abzockschutz - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi [2011-11-25]
FF HKLM\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files\Iminent\webbooster@iminent.com
FF HKLM\...\Firefox\Extensions: [ntfdsaftsfdfdxx@mozilla.org] - C:\Users\Lemmen\AppData\Roaming\iPumper\extension_firefox.xpi
FF HKLM\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Lemmen\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF Extension: Babylon Translation Activation - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com [2013-09-23]
FF HKCU\...\Firefox\Extensions: [specialsavings@vshsolutions.com] - C:\Users\Lemmen\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
FF Extension: Special Savings - C:\Users\Lemmen\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2012-12-12]
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\KingTranslate\WCaptureMoz
FF Extension: WordCaptureX - C:\Program Files\KingTranslate\WCaptureMoz [2013-04-06]

Chrome: 
=======
CHR Extension: (VideoDownloadConverter) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldappccjhelkmbkpiibilgnnjakieg [2013-11-24]
CHR Extension: (SpecialSavings.com) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel [2013-05-18]
CHR Extension: (QuickShare Widget) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-05-18]
CHR Extension: (Produtools Maps) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmanpbfjipmicnlbchaifoomleljpal [2013-05-18]
CHR Extension: (Speed Analysis) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon [2013-05-18]
CHR Extension: (Babylon Translator) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2013-09-23]
CHR Extension: (Delta Toolbar) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-08]
CHR Extension: (deaal2dealait) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\leioibibakfojhcioghlfikbhejbhdjl [2014-01-29]
CHR Extension: (WordCaptureX) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2013-05-18]
CHR Extension: (PlusWinks) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog [2013-05-18]
CHR Extension: (Google Wallet) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (less2pay) - C:\ProgramData\hfdillgeaelfhhahfdhebgmehomoemef [2014-01-29]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Lemmen\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2014-01-29]
CHR HKLM\...\Chrome\Extension: [adldappccjhelkmbkpiibilgnnjakieg] - C:\Program Files\VideoDownloadConverter_4z Chrome Extension\bar\VideoDownloadConvert@mindspark.com.gen1 [2013-11-24]
CHR HKLM\...\Chrome\Extension: [aidbbndgjnlaclnmhkdimcdjiebjpdel] - C:\Users\Lemmen\AppData\Roaming\SpecialSavings\SpecialSavings_2.0.0.crx [2012-08-19]
CHR HKLM\...\Chrome\Extension: [bbmanpbfjipmicnlbchaifoomleljpal] - C:\Users\Lemmen\AppData\Local\CRE\bbmanpbfjipmicnlbchaifoomleljpal.crx [2012-04-19]
CHR HKLM\...\Chrome\Extension: [bkkhigdapmlbelnapanlfjbeccdbbpbg] - C:\Program Files\Search Results Toolbar\Datamngr\chromeExtension.crx [2012-04-19]
CHR HKLM\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Lemmen\AppData\Roaming\SpeedanAlysis\speedanalysis.crx [2013-02-14]
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2013-09-23]
CHR HKLM\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files\OnlineHD.TV\onhd11.crx [2013-09-23]
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Lemmen\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-08]
CHR HKLM\...\Chrome\Extension: [jbajpeofkjjeiamcglnmldoboonfkiol] - C:\Program Files\Search Results Toolbar\Datamngr\chromeExtension.crx [2013-09-08]
CHR HKLM\...\Chrome\Extension: [kekfoodhbhpjhjcdecjngamojfhknooc] - C:\Users\Lemmen\AppData\Roaming\iPumper\extension_chrome.crx [2013-09-08]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\KingTranslate\wcxChrome.crx [2013-02-04]
CHR HKLM\...\Chrome\Extension: [mocblcnaofikinigmceddfghppkkjbog] - C:\Users\Lemmen\AppData\Roaming\PlusWinks\pluswinks.crx [2013-03-20]
CHR HKLM\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\Lemmen\AppData\Local\Temp\ccex.crx [2013-03-20]
CHR HKCU\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Lemmen\AppData\Local\Smartbar/Application\0Extension.crx [2013-02-10]
CHR HKCU\...\Chrome\Extension: [bbmanpbfjipmicnlbchaifoomleljpal] - C:\Users\Lemmen\AppData\Local\CRE\bbmanpbfjipmicnlbchaifoomleljpal.crx [2012-04-19]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2101280 2013-10-15] (G Data Software AG)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2373712 2013-10-17] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)
R2 Lexware_Datenbank_Plus; C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2010-11-05] (iAnywhere Solutions, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2009-07-14] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435008 2012-01-27] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1052480 2011-11-21] (TuneUp Software)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 DatamngrCoordinator; No ImagePath
S2 DlProtectSvc; No ImagePath
S2 Util BrowseSmart; No ImagePath
S2 where32; No ImagePath

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [45912 2014-02-01] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [96600 2014-02-01] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon32.sys [29400 2011-09-21] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [52056 2014-02-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [54104 2014-02-01] (G Data Software AG)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [51032 2014-02-01] (G Data Software AG)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [141824 2010-11-20] (Microsoft Corporation)
S3 optousb; C:\Windows\System32\DRIVERS\optousb.sys [18432 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 optovcm; C:\Windows\System32\DRIVERS\optovcm.sys [26368 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S3 iSafeKrnl; No ImagePath
S1 iSafeNetFilter; No ImagePath
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-03 08:30 - 2014-02-03 08:30 - 01137152 _____ (Farbar) C:\Users\Lemmen\Downloads\FRST (1).exe
2014-02-03 08:30 - 2014-02-03 08:30 - 00030059 _____ () C:\Users\Lemmen\Downloads\FRST.txt
2014-02-02 19:35 - 2014-02-02 19:35 - 00021634 _____ () C:\Users\Lemmen\Downloads\يم يم.bmp
2014-02-02 18:11 - 2014-02-02 18:11 - 00009054 _____ () C:\Users\Lemmen\Downloads\1.bmp
2014-02-02 18:11 - 2014-02-02 18:11 - 00007614 _____ () C:\Users\Lemmen\Downloads\1.bmpa.bmp
2014-02-02 09:06 - 2014-02-02 09:06 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-01 17:07 - 2014-02-01 17:24 - 217079377 _____ () C:\Users\Lemmen\Downloads\Azov films - nudism - have.rar
2014-02-01 13:59 - 2014-02-01 13:59 - 00001936 _____ () C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2014-02-01 13:41 - 2014-02-01 13:59 - 00054104 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2014-02-01 13:41 - 2014-02-01 13:59 - 00052056 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-02-01 13:41 - 2014-02-01 13:59 - 00051032 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-02-01 13:41 - 2014-02-01 13:58 - 00096600 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-02-01 13:41 - 2014-02-01 13:58 - 00045912 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-02-01 11:19 - 2014-02-01 11:20 - 00135280 _____ () C:\Windows\Minidump\020114-15319-01.dmp
2014-02-01 10:41 - 2014-02-01 10:45 - 418836344 _____ (G Data Software AG) C:\Users\Lemmen\Downloads\INT_R_FUL_2014_IS.exe
2014-01-31 18:22 - 2014-01-31 18:22 - 00001667 _____ () C:\Users\Lemmen\Documents\G Data Protokoll ID 17258.html
2014-01-31 17:56 - 2014-02-01 09:17 - 00000246 _____ () C:\Users\Lemmen\Downloads\defogger_enable.log
2014-01-31 17:38 - 2014-01-31 18:07 - 00000474 _____ () C:\Users\Lemmen\Downloads\defogger_disable.log
2014-01-31 17:37 - 2014-01-31 17:38 - 00050477 _____ () C:\Users\Lemmen\Downloads\Defogger.exe
2014-01-31 16:49 - 2014-01-31 16:49 - 00000017 _____ () C:\Users\Lemmen\AppData\Local\resmon.resmoncfg
2014-01-31 11:19 - 2014-01-31 11:19 - 00001151 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\Nico Mak Computing
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-01-31 11:19 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-01-31 10:58 - 2014-01-31 10:59 - 00039573 _____ () C:\Users\Lemmen\Downloads\Addition.txt
2014-01-31 10:53 - 2014-02-03 08:30 - 00000000 ____D () C:\FRST
2014-01-31 10:51 - 2014-01-31 10:51 - 01137152 _____ (Farbar) C:\Users\Lemmen\Downloads\FRST.exe
2014-01-31 10:05 - 2014-01-31 10:05 - 00000000 ____D () C:\Program Files\less2pay
2014-01-31 10:03 - 2014-01-31 10:03 - 00000000 ____D () C:\Program Files\deaal2dealait
2014-01-29 18:50 - 2014-01-29 18:50 - 00003584 _____ () C:\Users\Lemmen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-29 15:23 - 2014-02-01 09:58 - 00000000 ____D () C:\ProgramData\deaal2dealait
2014-01-29 15:23 - 2014-01-31 10:05 - 00000000 ____D () C:\ProgramData\e2f9bc6965ac9ac3
2014-01-29 15:22 - 2014-02-01 09:58 - 00000000 ____D () C:\ProgramData\less2pay
2014-01-29 15:22 - 2014-01-29 15:22 - 00000000 ____D () C:\ProgramData\hfdillgeaelfhhahfdhebgmehomoemef
2014-01-17 10:22 - 2013-06-06 21:41 - 00489392 _____ (Ask Partner Network) C:\Users\Lemmen\Documents\APNSetup1.exe
2014-01-17 01:11 - 2014-01-17 01:11 - 00008701 _____ () C:\Users\Lemmen\Downloads\a_chp0054.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007546 _____ () C:\Users\Lemmen\Downloads\a_chp0049.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007181 _____ () C:\Users\Lemmen\Downloads\a_chp0045.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007100 _____ () C:\Users\Lemmen\Downloads\a_chp0046.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00006985 _____ () C:\Users\Lemmen\Downloads\a_chp0053.jpeg
2014-01-17 01:09 - 2014-01-17 01:09 - 00007363 _____ () C:\Users\Lemmen\Downloads\a_chp0043.jpeg
2014-01-16 21:39 - 2014-01-16 21:44 - 229754405 _____ () C:\Users\Lemmen\Downloads\All preview pics nude.rar
2014-01-15 19:04 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 19:04 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 19:04 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-04 15:25 - 2014-01-04 15:25 - 00000957 _____ () C:\Users\Lemmen\Desktop\UnZIPExpress.lnk
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D () C:\Program Files\UnZIPExpress
2014-01-04 15:24 - 2014-01-04 15:26 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\speedtest4354
2014-01-04 15:24 - 2014-01-04 15:26 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\freegames4357
2014-01-04 15:07 - 2014-01-04 15:08 - 02115264 _____ () C:\Users\Lemmen\Downloads\unZipExpressSetup.exe
2014-01-04 14:55 - 2014-01-04 14:58 - 110554776 _____ () C:\Users\Lemmen\Downloads\dvd - nude.rar

==================== One Month Modified Files and Folders =======

2014-02-03 08:32 - 2014-02-03 08:30 - 00030059 _____ () C:\Users\Lemmen\Downloads\FRST.txt
2014-02-03 08:30 - 2014-02-03 08:30 - 01137152 _____ (Farbar) C:\Users\Lemmen\Downloads\FRST (1).exe
2014-02-03 08:30 - 2014-01-31 10:53 - 00000000 ____D () C:\FRST
2014-02-03 08:08 - 2011-01-07 07:12 - 00000000 ____D () C:\Users\Lemmen\AppData\Local\Windows Live
2014-02-03 08:00 - 2013-11-26 11:20 - 00000284 _____ () C:\Windows\Tasks\RegistryBooster Maintenance.job
2014-02-03 07:44 - 2012-08-03 06:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 07:35 - 2009-07-14 05:34 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 07:35 - 2009-07-14 05:34 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 07:28 - 2012-02-02 10:04 - 00048925 _____ () C:\Windows\setupact.log
2014-02-03 07:28 - 2011-01-01 10:32 - 00000000 ____D () C:\Windows\system32\logishrd
2014-02-03 07:28 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 07:27 - 2012-02-02 10:04 - 00448684 _____ () C:\Windows\PFRO.log
2014-02-02 21:48 - 2012-02-02 10:06 - 01228540 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 21:26 - 2013-03-12 22:22 - 00000000 ___RD () C:\Users\Lemmen\SkyDrive
2014-02-02 19:35 - 2014-02-02 19:35 - 00021634 _____ () C:\Users\Lemmen\Downloads\يم يم.bmp
2014-02-02 18:11 - 2014-02-02 18:11 - 00009054 _____ () C:\Users\Lemmen\Downloads\1.bmp
2014-02-02 18:11 - 2014-02-02 18:11 - 00007614 _____ () C:\Users\Lemmen\Downloads\1.bmpa.bmp
2014-02-02 09:37 - 2012-03-31 11:21 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberMotion
2014-02-02 09:15 - 2013-05-08 17:49 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\Systweak
2014-02-02 09:14 - 2013-12-14 09:30 - 00000000 ____D () C:\Program Files\Opera
2014-02-02 09:10 - 2013-11-21 03:50 - 00000000 ____D () C:\Program Files\BonanzaDealsLive
2014-02-02 09:07 - 2013-11-21 03:50 - 00000000 ____D () C:\Program Files\BonanzaDeals
2014-02-02 09:06 - 2014-02-02 09:06 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-01 17:24 - 2014-02-01 17:07 - 217079377 _____ () C:\Users\Lemmen\Downloads\Azov films - nudism - have.rar
2014-02-01 13:59 - 2014-02-01 13:59 - 00001936 _____ () C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2014-02-01 13:59 - 2014-02-01 13:41 - 00054104 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2014-02-01 13:59 - 2014-02-01 13:41 - 00052056 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-02-01 13:59 - 2014-02-01 13:41 - 00051032 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-02-01 13:58 - 2014-02-01 13:41 - 00096600 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-02-01 13:58 - 2014-02-01 13:41 - 00045912 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-02-01 13:58 - 2011-02-08 18:42 - 00000000 ____D () C:\ProgramData\G Data
2014-02-01 13:57 - 2011-02-08 18:42 - 00000000 ____D () C:\Program Files\Common Files\G Data
2014-02-01 13:40 - 2011-02-08 18:42 - 00000000 ____D () C:\Program Files\G Data
2014-02-01 13:35 - 2011-02-08 18:24 - 00000000 ____D () C:\Users\Lemmen\AppData\Local\Downloaded Installations
2014-02-01 13:07 - 2013-03-03 13:09 - 00000000 ____D () C:\Program Files\Yontoo
2014-02-01 11:20 - 2014-02-01 11:19 - 00135280 _____ () C:\Windows\Minidump\020114-15319-01.dmp
2014-02-01 11:19 - 2012-04-27 11:13 - 204137607 _____ () C:\Windows\MEMORY.DMP
2014-02-01 11:19 - 2011-02-15 12:31 - 00000000 ____D () C:\Windows\Minidump
2014-02-01 11:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\spool
2014-02-01 11:09 - 2012-08-05 06:16 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 11:09 - 2012-08-05 06:16 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-01 11:08 - 2013-12-10 10:07 - 00014816 _____ () C:\Users\Lemmen\daemonprocess.txt
2014-02-01 11:07 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-02-01 11:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\winevt
2014-02-01 11:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\SMI
2014-02-01 11:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\MUI
2014-02-01 11:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-01 11:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\com
2014-02-01 10:45 - 2014-02-01 10:41 - 418836344 _____ (G Data Software AG) C:\Users\Lemmen\Downloads\INT_R_FUL_2014_IS.exe
2014-02-01 09:58 - 2014-01-29 15:23 - 00000000 ____D () C:\ProgramData\deaal2dealait
2014-02-01 09:58 - 2014-01-29 15:22 - 00000000 ____D () C:\ProgramData\less2pay
2014-02-01 09:17 - 2014-01-31 17:56 - 00000246 _____ () C:\Users\Lemmen\Downloads\defogger_enable.log
2014-02-01 09:11 - 2011-06-16 06:15 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-01 09:11 - 2010-12-29 10:06 - 00000000 ____D () C:\Program Files\Adobe
2014-02-01 09:11 - 2010-12-29 10:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-31 18:22 - 2014-01-31 18:22 - 00001667 _____ () C:\Users\Lemmen\Documents\G Data Protokoll ID 17258.html
2014-01-31 18:07 - 2014-01-31 17:38 - 00000474 _____ () C:\Users\Lemmen\Downloads\defogger_disable.log
2014-01-31 17:38 - 2014-01-31 17:37 - 00050477 _____ () C:\Users\Lemmen\Downloads\Defogger.exe
2014-01-31 16:49 - 2014-01-31 16:49 - 00000017 _____ () C:\Users\Lemmen\AppData\Local\resmon.resmoncfg
2014-01-31 11:19 - 2014-01-31 11:19 - 00001151 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\Nico Mak Computing
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-01-31 10:59 - 2014-01-31 10:58 - 00039573 _____ () C:\Users\Lemmen\Downloads\Addition.txt
2014-01-31 10:51 - 2014-01-31 10:51 - 01137152 _____ (Farbar) C:\Users\Lemmen\Downloads\FRST.exe
2014-01-31 10:06 - 2013-06-24 14:30 - 00000000 ____D () C:\ProgramData\Trymedia
2014-01-31 10:05 - 2014-01-31 10:05 - 00000000 ____D () C:\Program Files\less2pay
2014-01-31 10:05 - 2014-01-29 15:23 - 00000000 ____D () C:\ProgramData\e2f9bc6965ac9ac3
2014-01-31 10:03 - 2014-01-31 10:03 - 00000000 ____D () C:\Program Files\deaal2dealait
2014-01-29 18:50 - 2014-01-29 18:50 - 00003584 _____ () C:\Users\Lemmen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-29 15:22 - 2014-01-29 15:22 - 00000000 ____D () C:\ProgramData\hfdillgeaelfhhahfdhebgmehomoemef
2014-01-29 04:11 - 2013-10-03 12:52 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 10:35 - 2010-12-29 10:01 - 00000000 ____D () C:\EXCEL
2014-01-19 08:29 - 2013-10-17 11:09 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-01-17 11:04 - 2010-12-29 10:08 - 00000000 ____D () C:\Users\Lemmen\AppData\Local\Adobe
2014-01-17 01:11 - 2014-01-17 01:11 - 00008701 _____ () C:\Users\Lemmen\Downloads\a_chp0054.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007546 _____ () C:\Users\Lemmen\Downloads\a_chp0049.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007181 _____ () C:\Users\Lemmen\Downloads\a_chp0045.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007100 _____ () C:\Users\Lemmen\Downloads\a_chp0046.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00006985 _____ () C:\Users\Lemmen\Downloads\a_chp0053.jpeg
2014-01-17 01:09 - 2014-01-17 01:09 - 00007363 _____ () C:\Users\Lemmen\Downloads\a_chp0043.jpeg
2014-01-16 22:02 - 2013-12-10 23:07 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-16 21:44 - 2014-01-16 21:39 - 229754405 _____ () C:\Users\Lemmen\Downloads\All preview pics nude.rar
2014-01-16 03:45 - 2012-02-02 10:04 - 00500384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:22 - 2013-09-08 11:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 03:22 - 2009-07-14 03:04 - 00003659 _____ () C:\Windows\win.ini
2014-01-16 03:09 - 2010-12-29 10:14 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-09 02:36 - 2013-11-19 18:24 - 00000000 ____D () C:\Users\Lemmen\Downloads\Bad Boys & Bad Boys II
2014-01-04 15:26 - 2014-01-04 15:24 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\speedtest4354
2014-01-04 15:26 - 2014-01-04 15:24 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\freegames4357
2014-01-04 15:25 - 2014-01-04 15:25 - 00000957 _____ () C:\Users\Lemmen\Desktop\UnZIPExpress.lnk
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D () C:\Program Files\UnZIPExpress
2014-01-04 15:08 - 2014-01-04 15:07 - 02115264 _____ () C:\Users\Lemmen\Downloads\unZipExpressSetup.exe
2014-01-04 14:58 - 2014-01-04 14:55 - 110554776 _____ () C:\Users\Lemmen\Downloads\dvd - nude.rar

Files to move or delete:
====================
C:\Users\Lemmen\AppData\Roaming\skype.ini
C:\ProgramData\go_0molg.pad
C:\ProgramData\l_u0_0.pad
C:\ProgramData\to_r0tsef.pad


Some content of TEMP:
====================
C:\Users\Lemmen\AppData\Local\Temp\htmlayout.dll
C:\Users\Lemmen\AppData\Local\Temp\uninstall83224130.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-02 10:44

==================== End Of Log ============================

schrauber · 03.02.2014, 10:02

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Internetseiten mit Werbung überfüllt

Log-Analyse und Auswertung: Internetseiten mit Werbung überfüllt

Internetseiten mit Werbung überfüllt

Internetseiten mit Werbung überfüllt

Ähnliche Themen: Internetseiten mit Werbung überfüllt