Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 14.02.2014, 21:00   #1
peter3232
 
Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten - Standard

Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten



Hallo,

Danke das es Euch gibt. Hoffe jmd. kann mir helfen. Spybot S&D und Avast konnten nichts finden. In Firefox öffnen sich sporadisch von Zeit zu Zeit sehr unseriöse Seiten, obwohl entweder keine Seite besucht wird, oder z.B. nur Ebay oder Amazaon.

Defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:23 on 14/02/2014 (Dell15RSE)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-
         
FRST.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Dell15RSE (administrator) on DELL15RSE-PC on 14-02-2014 20:24:25
Running from C:\Users\Dell15RSE\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [5729648 2012-02-07] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2894640 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-02] (AVAST Software)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1586903974-1950195157-1511178272-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1586903974-1950195157-1511178272-1000\...\MountPoints2: {d68b8633-d674-11e1-81ce-806e6f6e6963} - D:\autoRcd.exe
Startup: C:\Users\Dell15RSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk.disabled
ShortcutTarget: Dropbox.lnk.disabled -> C:\Users\Dell15RSE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Dell15RSE\AppData\Roaming\Mozilla\Firefox\Profiles\g44jbo5z.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Dell15RSE\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bitdefender QuickScan - C:\Users\Dell15RSE\AppData\Roaming\Mozilla\Firefox\Profiles\g44jbo5z.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-02-12]
FF Extension: PDF Download - C:\Users\Dell15RSE\AppData\Roaming\Mozilla\Firefox\Profiles\g44jbo5z.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013-01-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-25]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Dell15RSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-16]
CHR Extension: (Google Drive) - C:\Users\Dell15RSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-16]
CHR Extension: (YouTube) - C:\Users\Dell15RSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-16]
CHR Extension: (Google-Suche) - C:\Users\Dell15RSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-16]
CHR Extension: (Google Wallet) - C:\Users\Dell15RSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Google Mail) - C:\Users\Dell15RSE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-16]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-02] (AVAST Software)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-02] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-25] ()
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-14 20:24 - 2014-02-14 20:24 - 02152960 _____ (Farbar) C:\Users\Dell15RSE\Downloads\FRST64.exe
2014-02-14 20:24 - 2014-02-14 20:24 - 00016524 _____ () C:\Users\Dell15RSE\Downloads\FRST.txt
2014-02-14 20:24 - 2014-02-14 20:24 - 00000000 ____D () C:\FRST
2014-02-14 20:23 - 2014-02-14 20:23 - 00000480 _____ () C:\Users\Dell15RSE\Downloads\defogger_disable.log
2014-02-14 20:23 - 2014-02-14 20:23 - 00000000 _____ () C:\Users\Dell15RSE\defogger_reenable
2014-02-14 20:17 - 2014-02-14 20:17 - 00050477 _____ () C:\Users\Dell15RSE\Downloads\Defogger.exe
2014-02-14 07:52 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 07:52 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 07:51 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 07:51 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 07:51 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 07:51 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 07:51 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 07:51 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 07:51 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 07:51 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 07:51 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 07:51 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 07:51 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 07:51 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 07:51 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 07:51 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 07:51 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 07:51 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 07:51 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 07:51 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 07:51 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 07:51 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 07:51 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 07:51 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 07:51 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 07:51 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 07:51 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 07:51 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 07:51 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 07:51 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 07:51 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 07:51 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 07:51 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 07:51 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 07:51 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 07:51 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 07:51 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 07:51 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 07:51 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 07:51 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 07:51 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-14 07:36 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-14 07:36 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-14 07:36 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-14 07:36 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-14 07:36 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-14 07:36 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-14 07:36 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-14 07:36 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-14 07:36 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-14 07:36 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-14 07:36 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-14 07:36 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-14 07:36 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-14 07:36 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-14 07:36 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-14 07:36 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-14 07:36 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-14 07:36 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-14 07:36 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-14 07:36 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-14 07:36 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-14 07:36 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-14 07:36 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-14 07:36 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-14 07:36 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-14 07:36 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-14 07:36 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-14 07:36 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 19:36 - 2014-02-12 19:36 - 00000000 ____D () C:\Users\Dell15RSE\Documents\ProcAlyzer Dumps
2014-02-12 18:49 - 2014-02-12 19:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-12 18:49 - 2014-02-12 18:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-12 18:49 - 2014-02-12 18:49 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-12 18:49 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-12 18:48 - 2014-02-12 18:48 - 00614792 _____ (Chip Digital GmbH) C:\Users\Dell15RSE\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-02-12 18:22 - 2014-02-12 18:22 - 00001286 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-02-12 18:22 - 2014-02-12 18:22 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-02-12 18:22 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-02-12 18:21 - 2014-02-12 18:21 - 27959392 _____ (Panda Security ) C:\Users\Dell15RSE\Downloads\PandaCloudCleaner.exe
2014-02-12 18:18 - 2014-02-12 18:18 - 00000000 ____D () C:\Users\Dell15RSE\AppData\Roaming\QuickScan
2014-02-11 18:48 - 2014-02-12 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-02 19:26 - 2014-02-02 19:26 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-01 13:30 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-01 13:30 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-01 13:30 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-01 13:30 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-01 13:30 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-01 13:30 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-01 13:30 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-01 13:30 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-01 13:30 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-14 20:24 - 2014-02-14 20:24 - 02152960 _____ (Farbar) C:\Users\Dell15RSE\Downloads\FRST64.exe
2014-02-14 20:24 - 2014-02-14 20:24 - 00016524 _____ () C:\Users\Dell15RSE\Downloads\FRST.txt
2014-02-14 20:24 - 2014-02-14 20:24 - 00000000 ____D () C:\FRST
2014-02-14 20:23 - 2014-02-14 20:23 - 00000480 _____ () C:\Users\Dell15RSE\Downloads\defogger_disable.log
2014-02-14 20:23 - 2014-02-14 20:23 - 00000000 _____ () C:\Users\Dell15RSE\defogger_reenable
2014-02-14 20:23 - 2012-07-25 17:25 - 00000000 ____D () C:\Users\Dell15RSE
2014-02-14 20:17 - 2014-02-14 20:17 - 00050477 _____ () C:\Users\Dell15RSE\Downloads\Defogger.exe
2014-02-14 20:04 - 2013-08-16 09:30 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 19:52 - 2009-07-14 05:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 19:52 - 2009-07-14 05:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 19:50 - 2012-07-26 03:19 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-14 19:50 - 2012-07-26 03:19 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-14 19:50 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 19:48 - 2012-07-25 17:25 - 01110056 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 19:47 - 2013-08-16 09:30 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 19:44 - 2012-07-26 13:03 - 00067261 _____ () C:\Windows\setupact.log
2014-02-14 19:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 07:56 - 2012-09-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 17:07 - 2012-07-26 15:43 - 00098010 _____ () C:\Windows\PFRO.log
2014-02-13 17:07 - 2012-07-25 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-12 19:38 - 2012-07-25 17:25 - 00000000 ___RD () C:\Users\Dell15RSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-12 19:36 - 2014-02-12 19:36 - 00000000 ____D () C:\Users\Dell15RSE\Documents\ProcAlyzer Dumps
2014-02-12 19:36 - 2014-02-12 18:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-12 18:50 - 2014-02-12 18:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-12 18:49 - 2014-02-12 18:49 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-12 18:48 - 2014-02-12 18:48 - 00614792 _____ (Chip Digital GmbH) C:\Users\Dell15RSE\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-02-12 18:46 - 2013-07-07 10:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-12 18:46 - 2012-07-25 17:32 - 00000000 ____D () C:\Program Files (x86)\Samsung SSD Magician
2014-02-12 18:32 - 2014-02-11 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-12 18:22 - 2014-02-12 18:22 - 00001286 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-02-12 18:22 - 2014-02-12 18:22 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-02-12 18:21 - 2014-02-12 18:21 - 27959392 _____ (Panda Security ) C:\Users\Dell15RSE\Downloads\PandaCloudCleaner.exe
2014-02-12 18:18 - 2014-02-12 18:18 - 00000000 ____D () C:\Users\Dell15RSE\AppData\Roaming\QuickScan
2014-02-12 18:06 - 2012-10-08 19:39 - 00000000 ___RD () C:\Users\Dell15RSE\Dropbox
2014-02-12 18:06 - 2012-10-08 19:37 - 00000000 ____D () C:\Users\Dell15RSE\AppData\Roaming\Dropbox
2014-02-11 20:02 - 2012-11-29 21:52 - 00000000 ____D () C:\Users\Dell15RSE\AppData\Roaming\Skype
2014-02-09 21:08 - 2012-07-26 12:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-09 21:08 - 2012-07-26 12:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-06 13:16 - 2014-02-14 07:51 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-14 07:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-14 07:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-14 07:51 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-14 07:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-14 07:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-14 07:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-14 07:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-14 07:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-14 07:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-14 07:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-14 07:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-14 07:51 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-14 07:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-14 07:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-14 07:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-14 07:51 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-14 07:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-14 07:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-14 07:51 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-14 07:51 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-14 07:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-14 07:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-14 07:51 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-14 07:51 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-14 07:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-14 07:51 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-14 07:51 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-14 07:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-14 07:51 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-14 07:51 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-14 07:51 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-14 07:51 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-14 07:51 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-14 07:51 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-14 07:51 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-14 07:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-14 07:51 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-14 07:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-02 19:26 - 2014-02-02 19:26 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-02 19:26 - 2013-09-21 09:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-02 19:26 - 2013-07-07 10:22 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-02 19:14 - 2013-03-23 12:49 - 00000000 ____D () C:\Users\Dell15RSE\Documents\Mein Steuer-Sparbuch Heute
2014-02-02 16:50 - 2013-12-25 20:41 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-02 16:50 - 2013-11-30 20:03 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-02 16:50 - 2012-07-25 18:39 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-02 16:50 - 2012-07-25 18:39 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-02 16:50 - 2012-07-25 18:39 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-02 16:50 - 2012-07-25 18:39 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-02 16:50 - 2012-07-25 18:39 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-02 16:50 - 2012-07-25 18:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-02 16:26 - 2013-09-13 12:52 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-02-02 16:25 - 2012-07-26 10:59 - 00000000 ____D () C:\Users\Dell15RSE\AppData\Local\Adobe
2014-02-02 09:51 - 2009-07-14 05:45 - 05091880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-01 13:36 - 2013-08-15 22:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-01 13:35 - 2012-07-25 22:00 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-01 13:26 - 2012-10-08 19:38 - 00000000 ____D () C:\Users\Dell15RSE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 09:59 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 19:34

==================== End Of Log ============================
         
Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by Dell15RSE at 2014-02-14 20:24:45
Running from C:\Users\Dell15RSE\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.9 - Adobe Systems)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (x32 Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.3.103.20326 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
AP Tuner 3.08 (x32 Version:  - )
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)
BitNami WordPress-Modul (x32 Version: 3.6-0 - BitNami)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-J315W (x32 Version: 1.0.3.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0326.310.3601 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0326.310.3601 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0326.310.3601 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0326.310.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0326.0309.3601 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0326.310.3601 - Advanced Micro Devices, Inc.) Hidden
Conexant SmartAudio HD (Version: 8.54.29.0 - Conexant)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version:  - Microsoft)
Dell System Detect (HKCU Version: 3.3.2.0 - Dell)
Dell Touchpad (Version: 10.3.2.2 - ELAN Microelectronic Corp.)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
FilmConvert Pro AE (Version: 1.0.6 - Rubber Monkey Software)
GH13 Stream Parser (HKCU Version: 2.11.0.29 - GH13 Project)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.1.1399 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.219.2 - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JonDo (x32 Version:  - )
Magic Bullet Suite 64-bit (Version: 11.4.0 - Red Giant Software) Hidden
Magic Bullet Suite 64-bit (x32 Version: 11.4.0 - Red Giant Software)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (x32 Version: 24.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
MyFreeCodec (HKCU Version:  - )
Notepad++ (x32 Version: 6.4.3 - Notepad++ Team)
Panda Cloud Cleaner (x32 Version: 1.0.96 - Panda Security)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (x32 Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Portrait Professional 10.8 (x32 Version: 10.8 - Anthropics Technology Ltd.)
PowerXpressHybrid (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (Version: 10.14.010 - Dell Inc.)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.54.309.2012 - Realtek)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.39019 - Realtek Semiconductor Corp.)
Samsung SSD Magician (x32 Version: 3.1.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
Trapcode Suite 64-bit (Version: 12.0.0 - Red Giant Software) Hidden
Trapcode Suite 64-bit (x32 Version: 12.0.0 - Red Giant Software)
Twixtor 5, After Effects-compatible plugin set (x32 Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0 - Intel)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version:  - Microsoft)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)
WinSCP 5.1.4 (x32 Version: 5.1.4 - Martin Prikryl)
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (x32 Version: 21.00.8480 - Buhl Data Service GmbH)
XAMPP (x32 Version: 1.8.3-1 - BitNami)

==================== Restore Points  =========================

24-12-2013 11:52:01 Windows Update
25-12-2013 19:40:09 avast! antivirus system restore point
27-12-2013 15:28:25 Windows Update
01-01-2014 19:17:56 Windows Update
07-01-2014 16:57:28 Windows Update
11-01-2014 09:51:58 Windows Update
12-01-2014 19:13:51 Installiert WISO Steuer-Sparbuch 2014
01-02-2014 12:29:49 Windows Update
01-02-2014 12:34:59 Windows Update
02-02-2014 15:49:54 avast! antivirus system restore point
02-02-2014 18:26:31 Installed Java 7 Update 51
07-02-2014 13:17:33 Windows Update
11-02-2014 16:14:30 Windows Update
14-02-2014 06:51:19 Windows Update

==================== Hosts content: ==========================

2012-07-26 12:29 - 2012-07-26 12:51 - 00001771 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na2m-pr.licenses.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com
127.0.0.1 wip.adobe.com
127.0.0.1 wip1.adobe.com
127.0.0.1 wip2.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wip4.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

There are 1 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {74C39876-4291-4E0B-9F03-0434515F1008} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {8000FC26-DEE0-4636-AF78-06430DBCB497} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-02] (AVAST Software)
Task: {C51AD8E1-159E-4D65-A14A-0227600707C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-07-25 18:24 - 2012-01-10 14:36 - 00159360 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2012-07-25 18:02 - 2012-01-18 14:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-26 02:03 - 2012-03-26 02:03 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-13 15:10 - 2011-12-13 15:10 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-14 16:51 - 2014-02-14 11:26 - 02180096 _____ () C:\Program Files\AVAST Software\Avast\defs\14021401\algo.dll
2014-02-14 19:45 - 2014-02-14 18:53 - 02180608 _____ () C:\Program Files\AVAST Software\Avast\defs\14021402\algo.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-12 18:49 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-12 18:49 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-12 18:49 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-12 18:49 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-12 18:49 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-07-25 17:54 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-18 19:43 - 2013-12-18 19:43 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-11-30 20:03 - 2013-11-30 20:03 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-07-25 17:52 - 2012-01-21 02:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-20 16:18 - 2013-12-20 16:18 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-11 18:48 - 2014-02-11 18:48 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-02-11 18:48 - 2014-02-11 18:48 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-02-11 18:48 - 2014-02-11 18:48 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Dell15RSE\AppData\Local\Temporary Internet Files:4xHToUTl3I8YzV75daVZk

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2014 07:45:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2014 04:51:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2014 07:30:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 05:07:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 05:47:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 05:09:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 07:42:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 06:24:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 07:17:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 04:51:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/14/2014 05:21:47 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/14/2014 07:51:11 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/13/2014 08:18:02 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/12/2014 07:42:37 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/12/2014 06:22:18 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\System32\DRIVERS\PSKMAD.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/11/2014 10:10:43 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/11/2014 07:58:32 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/10/2014 08:29:18 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/09/2014 09:18:14 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/09/2014 06:58:59 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (02/14/2014 07:45:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2014 04:51:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/14/2014 07:30:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 05:07:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 05:47:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 05:09:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 07:42:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 06:24:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 07:17:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 04:51:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-11-30 10:48:01.776
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-30 10:48:01.706
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-30 10:48:01.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-30 10:48:01.549
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-30 10:48:01.462
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-20 19:55:10.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-20 19:52:06.152
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-20 19:52:06.082
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-20 19:48:28.108
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-20 19:48:28.030
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\MaxxAudioAPOShell64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 8094.36 MB
Available physical RAM: 5673.98 MB
Total Pagefile: 16186.89 MB
Available Pagefile: 13450.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:214.58 GB) (Free:72.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 8E4B82FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=215 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
GMER.log
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-14 20:50:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.CXM0 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\DELL15~1\AppData\Local\Temp\pfddquow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\wininit.exe[812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            0000000076dfeecd 1 byte [62]
.text   C:\Windows\system32\services.exe[876] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Windows\system32\atiesrxx.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Windows\system32\winlogon.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            0000000076dfeecd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            0000000076dfeecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Windows\system32\WLANExt.exe[1420] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Windows\System32\spoolsv.exe[1740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                              0000000074dba2ba 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112              0000000074dba2ba 1 byte [62]
.text   C:\Program Files\Conexant\SA3\CxUtilSvc.exe[1980] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                               0000000074dba2ba 1 byte [62]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                0000000076dfeecd 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                    0000000074dba2ba 1 byte [62]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            0000000076dfeecd 1 byte [62]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                            0000000074dba2ba 1 byte [62]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2144] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                          0000000076cb1465 2 bytes [CB, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2144] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                         0000000076cb14bb 2 bytes [CB, 76]
.text   ...                                                                                                                                                                   * 2
.text   C:\Windows\system32\svchost.exe[2584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                     0000000076dfeecd 1 byte [62]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2668] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                           0000000074dba2ba 1 byte [62]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                     0000000076dfeecd 1 byte [62]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1028] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                           0000000074dba2ba 1 byte [62]
.text   C:\Windows\system32\svchost.exe[3712] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[3760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  0000000076dfeecd 1 byte [62]
.text   C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[3868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                    0000000076dfeecd 1 byte [62]
.text   C:\Windows\system32\taskhost.exe[3808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                          0000000076dfeecd 1 byte [62]
.text   C:\Windows\Explorer.EXE[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                    0000000076dfeecd 1 byte [62]
.text   C:\Program Files\Dell\QuickSet\quickset.exe[3964] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000076dfeecd 1 byte [62]
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[1492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              0000000076dfeecd 1 byte [62]
.text   C:\Program Files\Elantech\ETDCtrl.exe[3832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                     0000000076dfeecd 1 byte [62]
.text   C:\Windows\System32\igfxtray.exe[3424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                          0000000076dfeecd 1 byte [62]
.text   C:\Program Files\Conexant\SA3\SmartAudio3.exe[996] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                              0000000076dfeecd 1 byte [62]
.text   C:\Windows\System32\hkcmd.exe[3680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                             0000000076dfeecd 1 byte [62]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[3796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                               0000000076dfeecd 1 byte [62]
.text   C:\Windows\System32\igfxpers.exe[2500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                          0000000076dfeecd 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1504] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                             0000000074dba2ba 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  0000000074dba2ba 1 byte [62]
.text   C:\Program Files\Elantech\ETDGesture.exe[3012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                  0000000076dfeecd 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4216] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                       0000000074dba2ba 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4372] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                            0000000074dba2ba 1 byte [62]
.text   C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[4516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                            0000000074dba2ba 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4628] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          0000000074dba2ba 1 byte [62]
.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[4636] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                         0000000074dba2ba 1 byte [62]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                             0000000074dba2ba 1 byte [62]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                           0000000076cb1465 2 bytes [CB, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4768] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                          0000000076cb14bb 2 bytes [CB, 76]
.text   ...                                                                                                                                                                   * 2
.text   C:\Windows\system32\SearchIndexer.exe[5056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                     0000000076dfeecd 1 byte [62]
.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[4456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                        0000000076dfeecd 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5044] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                            0000000074dba2ba 1 byte [62]
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5148] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                   0000000076dfeecd 1 byte [62]
.text   C:\Windows\system32\AUDIODG.EXE[4152] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076dfeecd 1 byte [62]
.text   C:\Users\Dell15RSE\Downloads\Gmer-19357.exe[1332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                               0000000074dba2ba 1 byte [62]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3400:1512]                                                                                                0000000076a57587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3400:1932]                                                                                                000000006f300cb3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3400:2560]                                                                                                00000000771f2e65
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3400:5932]                                                                                                00000000771f3e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3400:5292]                                                                                                00000000771f3e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3400:5496]                                                                                                00000000771f3e85

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43cef67a                                                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43cef67a@1c66aa9472d0                                                                              0xED 0x21 0xCC 0xC8 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43cef67a (not active ControlSet)                                                                       
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43cef67a@1c66aa9472d0                                                                                  0xED 0x21 0xCC 0xC8 ...

---- EOF - GMER 2.1 ----
         
Jetzt bin ich mal gespannt.

Alt 14.02.2014, 21:28   #2
Swisstreasure
/// Malwareteam
 
Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten - Standard

Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 3

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

__________________


Alt 14.02.2014, 22:38   #3
peter3232
 
Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten - Standard

Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten



Danke, und hier das Ergebniss:

AdWare
Code:
ATTFilter
# AdwCleaner v3.018 - Bericht erstellt am 14/02/2014 um 21:53:50
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Dell15RSE - DELL15RSE-PC
# Gestartet von : C:\Users\Dell15RSE\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Users\DELL15~1\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Dell15RSE\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Dell15RSE\AppData\Roaming\Mozilla\Firefox\Profiles\g44jbo5z.default\foxydeal.sqlite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Dell15RSE\AppData\Roaming\Mozilla\Firefox\Profiles\g44jbo5z.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ Datei : C:\Users\Dell15RSE\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2134 octets] - [14/02/2014 21:51:46]
AdwCleaner[S0].txt - [1881 octets] - [14/02/2014 21:53:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1941 octets] ##########
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dell15RSE on 14.02.2014 at 21:56:34,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Dell15RSE\AppData\Roaming\mozilla\firefox\profiles\g44jbo5z.default\minidumps [141 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.02.2014 at 22:01:50,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
MBAM

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.14.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Dell15RSE :: DELL15RSE-PC [Administrator]

Schutz: Aktiviert

14.02.2014 22:06:21
mbam-log-2014-02-14 (22-06-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210532
Laufzeit: 1 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 14.02.2014, 22:50   #4
Swisstreasure
/// Malwareteam
 
Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten - Standard

Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten



Zitat:
127.0.0.1 activate.adobe.com
Was meinst Du hierzu?

Alt 14.02.2014, 22:55   #5
peter3232
 
Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten - Standard

Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten



???


Antwort

Themen zu Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten
adobe, antivirus, avast, bonjour, branding, browser, defender, desktop, ebay, excel, explorer, firefox, flash player, ftp, home, mozilla, popup, registry, safer networking, scan, seiten, services.exe, software, svchost.exe, system, taskhost.exe, unseriöse seiten, usb, winlogon.exe




Ähnliche Themen: Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten


  1. Firefox lädt ständig - ununterbrochen neu/Werbung/neue Tabs/neue Fenster
    Log-Analyse und Auswertung - 28.10.2015 (11)
  2. Chrome und Mozilla öffnen dauernd neue Ad-Tabs wenn ich auf Links klicke
    Log-Analyse und Auswertung - 15.09.2015 (7)
  3. Mozilla Firefox öffnet nach gewisser Zeit immer neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 05.09.2015 (3)
  4. Mozilla Firefox öffnet ständig Werbung und neue Tabs mit Werbung
    Log-Analyse und Auswertung - 21.07.2015 (10)
  5. Es öffnen sich fast immer neue Tabs mit Werbung sei es, wenn ich webseiten öffne oder in textfelder klicke (wie hier)
    Plagegeister aller Art und deren Bekämpfung - 13.05.2015 (4)
  6. Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken
    Plagegeister aller Art und deren Bekämpfung - 10.11.2014 (8)
  7. Mozilla öffnet von alleine neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (8)
  8. Mozilla öffnet immer wieder neue Tabs
    Mülltonne - 29.07.2014 (1)
  9. Mozilla Firefox öffnet unerwünschte Tabs automatisch
    Log-Analyse und Auswertung - 26.07.2014 (13)
  10. Mozilla Firefox öffnet automatisch Tabs
    Netzwerk und Hardware - 20.07.2014 (2)
  11. Windows 7: Webseiten werden auf Werbung umgeleitet, dauernd neue Tabs und Seiten ohne das ich was mache
    Log-Analyse und Auswertung - 24.06.2014 (35)
  12. Windows 8 / Mozilla Firefox : Ständig öffnen sich neue Fenster und Tabs mit Werbung und Warnhinweisen
    Log-Analyse und Auswertung - 28.05.2014 (7)
  13. Mozilla Firefox öffnet neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 27.04.2014 (3)
  14. Mozilla Firefox öffnet neue Tabs, die mit "123srv" beginnen
    Log-Analyse und Auswertung - 13.04.2014 (13)
  15. Mozilla Firefox öffnet neue Tabs, die mit "123srv" beginnen inkl. hyperlinks auf Internetseiten
    Log-Analyse und Auswertung - 09.04.2014 (3)
  16. unerwünschte Werbung und neue Tabs bei fast jedem Klick - Windows8, mozilla Firefox
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (32)
  17. XXX in den Tabs von Mozilla Firefox und IE
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (18)

Zum Thema Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten - Hallo, Danke das es Euch gibt. Hoffe jmd. kann mir helfen. Spybot S&D und Avast konnten nichts finden. In Firefox öffnen sich sporadisch von Zeit zu Zeit sehr unseriöse Seiten, - Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten...
Archiv
Du betrachtest: Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.