Win7: Firefox öffnet ständig Tabs mit Werbung und Warnungen

Häschen91 · 06.03.2014, 10:27

Hi.

Ich habe mich von meinem Freund getrennt und meinen Computer erst später geholt.
Währendessen hat er darauf Spiele und etc gezogen und gespielt.
Ich habe einigen Müll entfernen müssen. Unter anderem "Lollipop" und einige Toolbar.
Ich habe auch zig Viren gefunden und beseitigt. Malware waren auch 25 mit drauf.
Bei Firefox öffnen sich immer noch ständig neue Tabs mit Werbung
oder die Seite wird selbst zur Werbung und in manchen Tabs steht,
ich solle mir FLV Player ziehen oder irgendwas updaten und manchmal,
dass mein Windows kaputt wäre.
Auf Webseiten habe ich auch so extrem aufdringliche Werbung,
die meinem scrollen folgen und nicht an Ort und Stelle bleiben.
Alles scannen bringt nichts, es wird natürlich nichts gefunden.

Ich habe FRST mal so eine Logfile erstellen lassen.

Ich danke vorab für eure Hilfe.

FRST.txt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by Sabrina (administrator) on SABRINA-PC on 06-03-2014 10:06:38
Running from C:\Users\Sabrina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-466219987-2582930442-4141336138-1001\...\MountPoints2: {487cfa83-9e17-11da-a42e-806e6f6e6963} - D:\Autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovigo.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP4A50CBDA-75C0-4A23-BC1B-77BC32A2919F&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE2B37D39978ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP4A50CBDA-75C0-4A23-BC1B-77BC32A2919F&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\itcodjjx.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\itcodjjx.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FlexibleShoppEr - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\itcodjjx.default\Extensions\amvs-tel@otmdvyau.net [2014-01-05]
FF Extension: FinoEDeealSoft - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\itcodjjx.default\Extensions\vh.versebr@atdiv-.com [2014-01-05]

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-04]
CHR Extension: (Google-Suche) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-04]
CHR Extension: (SuperLyrics-16) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-25]
CHR Extension: (FinoEDeealSoft) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbcpaikhhkgbbpfcgllehmdgjfaelji [2014-01-05]
CHR Extension: (Helper extension) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-11-23]
CHR Extension: (Google Mail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-04]
CHR Extension: (FlexibleShoppEr) - C:\ProgramData\ajpdighabmlafiemfbcnljljgloedfik [2014-01-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-08] (Avira Operations GmbH & Co. KG)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fet6x64.sys [47872 2009-06-10] (VIA Technologies, Inc.              )

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 10:06 - 2014-03-06 10:06 - 00009610 _____ () C:\Users\Sabrina\Downloads\FRST.txt
2014-03-06 10:06 - 2014-03-06 10:06 - 00000000 ____D () C:\FRST
2014-03-06 09:57 - 2014-03-06 09:57 - 02156544 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-03-06 09:52 - 2014-03-06 09:52 - 04110135 _____ () C:\Users\Sabrina\Downloads\tdsskiller.zip
2014-03-06 08:49 - 2014-03-06 09:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 08:49 - 2014-03-06 08:49 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-06 08:48 - 2014-03-06 08:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 15:00 - 2014-03-05 15:00 - 00263065 _____ () C:\Users\Sabrina\Downloads\lay_325.zip
2014-03-05 14:59 - 2014-03-05 14:59 - 00862549 _____ () C:\Users\Sabrina\Downloads\lay_341.zip
2014-03-05 14:47 - 2014-03-05 14:47 - 00022906 _____ () C:\Users\Sabrina\Downloads\yellow.zip
2014-03-05 13:53 - 2014-03-05 15:23 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\FileZilla
2014-03-05 13:53 - 2014-03-05 13:53 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-05 13:52 - 2014-03-05 13:52 - 04822473 _____ (Tim Kosse) C:\Users\Sabrina\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-03-05 13:36 - 2014-03-05 13:39 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\PSpad
2014-03-05 12:44 - 2014-03-05 12:44 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2014-03-05 12:43 - 2014-03-05 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-05 12:43 - 2014-03-05 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 12:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-05 12:42 - 2014-03-05 12:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-05 12:34 - 2014-03-05 12:34 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
2014-03-05 12:32 - 2014-03-05 12:32 - 04681159 _____ (Jan Fiala ) C:\Users\Sabrina\Downloads\pspad457inst_en.exe
2014-03-05 12:00 - 2014-03-05 12:00 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\AVG2014
2014-03-05 11:58 - 2014-03-05 11:58 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-05 11:57 - 2014-03-05 11:59 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ___HD () C:\$AVG
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-05 11:53 - 2014-03-06 09:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-05 11:53 - 2014-03-05 13:03 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Avg2014
2014-03-05 11:53 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\MFAData
2014-03-05 11:52 - 2014-03-05 11:53 - 143231560 _____ (AVG Technologies) C:\Users\Sabrina\Downloads\avg_free_x86_all_2014_4335a7045.exe
2014-03-05 11:35 - 2014-03-05 11:35 - 00006340 _____ () C:\Users\Sabrina\Downloads\hijackthis.log
2014-03-05 11:33 - 2014-03-05 11:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sabrina\Downloads\HiJackThis204.exe
2014-03-05 11:26 - 2014-03-05 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-05 11:26 - 2014-03-05 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Program Files (x86)\phase5
2014-03-05 11:14 - 2014-03-05 11:14 - 03746496 _____ (Systemberatung Schommer) C:\Users\Sabrina\Downloads\phase5623install.exe
2014-02-19 12:37 - 2014-02-19 12:37 - 00003711 _____ () C:\Windows\avmadd321.log
2014-02-19 12:32 - 2014-02-19 12:33 - 00000000 ____D () C:\AdwCleaner
2014-02-19 10:51 - 2014-02-19 10:51 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-19 10:51 - 2014-02-19 10:51 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-02-19 10:43 - 2014-03-05 11:58 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\TuneUp Software
2014-02-19 10:40 - 2014-03-05 11:55 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-19 10:39 - 2014-02-19 10:51 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-17 20:39 - 2014-03-06 09:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 20:39 - 2014-02-24 10:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-15 18:19 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-15 18:19 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-15 18:18 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-15 18:18 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-15 18:18 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-15 18:18 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-15 18:18 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-15 18:18 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-15 18:18 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-15 18:18 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-15 18:18 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-15 18:18 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-15 18:18 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-15 18:18 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-15 18:18 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-15 18:18 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-15 18:18 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-15 18:18 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-15 18:18 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-15 18:18 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-15 18:18 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-15 18:18 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-15 18:18 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-15 18:18 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-15 18:18 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-15 18:18 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-15 18:18 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-15 18:18 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-15 18:18 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-15 18:18 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-15 18:18 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-15 18:18 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-15 18:18 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-15 18:18 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-15 18:18 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-15 18:18 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-15 18:18 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-15 18:18 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-15 18:18 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-15 18:18 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-15 18:18 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Sun
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-15 17:04 - 2014-02-15 17:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-15 17:03 - 2014-02-15 17:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-15 16:56 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-15 16:56 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-15 16:56 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-15 16:56 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-15 16:56 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-15 16:56 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-15 16:56 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-15 16:56 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-15 16:56 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-15 16:56 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-15 16:56 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-15 16:56 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-15 16:56 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-15 16:56 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-15 16:56 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-15 16:56 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-15 16:56 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-15 16:56 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-15 16:56 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-15 16:56 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-15 16:55 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-15 16:55 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-15 16:55 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-15 16:55 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-06 10:06 - 2014-03-06 10:06 - 00009610 _____ () C:\Users\Sabrina\Downloads\FRST.txt
2014-03-06 10:06 - 2014-03-06 10:06 - 00000000 ____D () C:\FRST
2014-03-06 09:57 - 2014-03-06 09:57 - 02156544 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-03-06 09:52 - 2014-03-06 09:52 - 04110135 _____ () C:\Users\Sabrina\Downloads\tdsskiller.zip
2014-03-06 09:35 - 2014-03-05 11:53 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-06 09:35 - 2014-02-17 20:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 09:11 - 2014-03-06 08:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 08:49 - 2014-03-06 08:49 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-06 08:48 - 2014-03-06 08:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-06 08:35 - 2009-07-14 05:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 08:35 - 2009-07-14 05:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 08:33 - 2006-02-15 12:39 - 01338333 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 08:26 - 2012-09-02 20:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-06 08:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 08:26 - 2009-07-14 05:51 - 00035135 _____ () C:\Windows\setupact.log
2014-03-05 16:39 - 2013-10-25 20:36 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-05 16:39 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-03-05 16:39 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-03-05 16:39 - 2009-07-14 06:13 - 01594028 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-05 15:23 - 2014-03-05 13:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\FileZilla
2014-03-05 15:00 - 2014-03-05 15:00 - 00263065 _____ () C:\Users\Sabrina\Downloads\lay_325.zip
2014-03-05 14:59 - 2014-03-05 14:59 - 00862549 _____ () C:\Users\Sabrina\Downloads\lay_341.zip
2014-03-05 14:47 - 2014-03-05 14:47 - 00022906 _____ () C:\Users\Sabrina\Downloads\yellow.zip
2014-03-05 13:53 - 2014-03-05 13:53 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-05 13:52 - 2014-03-05 13:52 - 04822473 _____ (Tim Kosse) C:\Users\Sabrina\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-03-05 13:39 - 2014-03-05 13:36 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\PSpad
2014-03-05 13:03 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Avg2014
2014-03-05 12:58 - 2012-09-04 12:57 - 03289240 _____ () C:\Windows\PFRO.log
2014-03-05 12:44 - 2014-03-05 12:44 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2014-03-05 12:44 - 2014-03-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-05 12:43 - 2014-03-05 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 12:42 - 2014-03-05 12:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-05 12:34 - 2014-03-05 12:34 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
2014-03-05 12:32 - 2014-03-05 12:32 - 04681159 _____ (Jan Fiala ) C:\Users\Sabrina\Downloads\pspad457inst_en.exe
2014-03-05 12:00 - 2014-03-05 12:00 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\AVG2014
2014-03-05 11:59 - 2014-03-05 11:57 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-05 11:58 - 2014-03-05 11:58 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-05 11:58 - 2014-02-19 10:43 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\TuneUp Software
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ___HD () C:\$AVG
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-05 11:55 - 2014-02-19 10:40 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-03-05 11:53 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\MFAData
2014-03-05 11:53 - 2014-03-05 11:52 - 143231560 _____ (AVG Technologies) C:\Users\Sabrina\Downloads\avg_free_x86_all_2014_4335a7045.exe
2014-03-05 11:35 - 2014-03-05 11:35 - 00006340 _____ () C:\Users\Sabrina\Downloads\hijackthis.log
2014-03-05 11:33 - 2014-03-05 11:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sabrina\Downloads\HiJackThis204.exe
2014-03-05 11:33 - 2006-02-15 21:10 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\VirtualStore
2014-03-05 11:26 - 2014-03-05 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-05 11:26 - 2014-03-05 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Program Files (x86)\phase5
2014-03-05 11:14 - 2014-03-05 11:14 - 03746496 _____ (Systemberatung Schommer) C:\Users\Sabrina\Downloads\phase5623install.exe
2014-02-24 10:35 - 2014-02-17 20:39 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-24 10:35 - 2012-09-02 20:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-24 10:35 - 2012-09-02 20:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 12:43 - 2006-02-15 21:11 - 00000000 ___RD () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 12:38 - 2012-09-02 20:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Opera
2014-02-19 12:38 - 2012-09-02 20:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Opera
2014-02-19 12:38 - 2012-09-02 20:28 - 00000000 ____D () C:\Program Files\Opera Next x64
2014-02-19 12:37 - 2014-02-19 12:37 - 00003711 _____ () C:\Windows\avmadd321.log
2014-02-19 12:37 - 2013-08-06 14:14 - 00001981 _____ () C:\Windows\avmadd32.log
2014-02-19 12:35 - 2014-01-05 19:19 - 00000000 ____D () C:\ProgramData\FlexibleShoppEr
2014-02-19 12:35 - 2014-01-05 19:19 - 00000000 ____D () C:\ProgramData\FinoEDeealSoft
2014-02-19 12:33 - 2014-02-19 12:32 - 00000000 ____D () C:\AdwCleaner
2014-02-19 12:13 - 2014-01-05 19:19 - 00000000 ____D () C:\ProgramData\781c9a2fc4df931b
2014-02-19 12:12 - 2012-11-16 13:44 - 00000000 ____D () C:\ProgramData\Origin
2014-02-19 10:51 - 2014-02-19 10:51 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-19 10:51 - 2014-02-19 10:51 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-02-19 10:51 - 2014-02-19 10:39 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-19 10:51 - 2013-07-29 18:33 - 00000000 __HDC () C:\ProgramData\{2AF39B1A-CB0D-4FEF-AC24-182469F89F9C}
2014-02-17 21:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-17 20:43 - 2012-09-05 14:44 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Adobe
2014-02-17 20:42 - 2012-09-05 13:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-17 20:42 - 2012-09-02 20:54 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-17 13:13 - 2013-07-19 21:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 13:11 - 2013-01-01 23:01 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 12:49 - 2012-11-16 00:15 - 00000000 ____D () C:\Users\Sabrina\Documents\Bewerbung
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Sun
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-15 17:03 - 2014-02-15 17:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-15 17:03 - 2014-02-15 17:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-06 13:16 - 2014-02-15 18:18 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-15 18:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-15 18:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-15 18:18 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-15 18:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-15 18:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-15 18:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-15 18:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-15 18:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-15 18:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-15 18:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-15 18:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-15 18:18 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-15 18:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-15 18:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-15 18:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-15 18:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-15 18:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-15 18:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-15 18:18 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-15 18:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-15 18:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-15 18:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-15 18:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-15 18:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-15 18:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-15 18:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-15 18:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-15 18:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-15 18:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-15 18:18 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-15 18:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-15 18:18 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-15 18:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-15 18:18 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-15 18:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-15 18:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-15 18:18 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-15 18:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Sabrina\AppData\Local\Temp\AskSLib.dll
C:\Users\Sabrina\AppData\Local\Temp\avgnt.exe
C:\Users\Sabrina\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sabrina\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Sabrina\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Sabrina\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Sabrina\AppData\Local\Temp\EADE7DD.exe
C:\Users\Sabrina\AppData\Local\Temp\globalKeyChecker.exe
C:\Users\Sabrina\AppData\Local\Temp\IEHistory.exe
C:\Users\Sabrina\AppData\Local\Temp\InstalledPrograms.exe
C:\Users\Sabrina\AppData\Local\Temp\installerdll4768562.dll
C:\Users\Sabrina\AppData\Local\Temp\Quarantine.exe
C:\Users\Sabrina\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Sabrina\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Sabrina\AppData\Local\Temp\Setup.exe
C:\Users\Sabrina\AppData\Local\Temp\SetupDataMngr_BearShare.exe
C:\Users\Sabrina\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Sabrina\AppData\Local\Temp\tester.dll
C:\Users\Sabrina\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Sabrina\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Sabrina\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Sabrina\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 21:46

==================== End Of Log ============================

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-03-2014
Ran by Sabrina at 2014-03-06 10:07:12
Running from C:\Users\Sabrina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
BearShare (x32 Version: 10.0.0.124833 - Musiclab, LLC) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF24 Creator 5.3.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.5.7.2450 - Jan Fiala)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

19-02-2014 20:53:38 Geplanter Prüfpunkt
21-02-2014 15:52:20 Windows Update
03-03-2014 14:11:41 Windows Update
03-03-2014 16:21:18 Windows Update
05-03-2014 10:17:25 Phase 5 HTML-Editor wird installiert
05-03-2014 10:56:25 Installed AVG 2014
05-03-2014 10:57:15 Installed AVG 2014
05-03-2014 15:34:21 Windows Update
06-03-2014 08:49:00 TuneUp Utilities 2014 wird entfernt
06-03-2014 08:50:05 TuneUp Utilities 2014 (de-DE) wird entfernt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0CA1581B-4D6F-4CB7-8077-CAEF68584C3D} - \Omiga Plus RunAsStdUser No Task File
Task: {2A3A6BEC-5C96-4D38-B1AA-DF3545450D27} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {5CCF44AF-DD69-4743-8317-8451ED9DF637} - \Desk 365 RunAsStdUser No Task File
Task: {74B1C323-A843-4B6F-9B8A-B0670572BC99} - \DealPly No Task File
Task: {94C13A99-0A94-4760-ACC3-15FBAF81579A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-24] (Adobe Systems Incorporated)
Task: {A58FA23E-8C74-4432-B229-09894FF72518} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-09-02 20:36 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-07-29 11:46 - 2013-07-29 09:28 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-05 11:26 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-24 10:35 - 2014-02-24 10:35 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2014 11:54:05 AM) (Source: Application Hang) (User: )
Description: Programm Shredder.exe, Version 14.0.1000.221 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 814

Startzeit: 01cf3860a3c2c420

Endzeit: 8

Anwendungspfad: C:\Program Files (x86)\TuneUp Utilities 2014\Shredder.exe

Berichts-ID: 608b208b-a454-11e3-b7ca-0019dbaea411

Error: (01/08/2014 07:56:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x81c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (01/01/2014 09:29:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: UPDATE~1.EXE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: netprofm.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a5bda75
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6e464f2a
ID des fehlerhaften Prozesses: 0xb8c
Startzeit der fehlerhaften Anwendung: 0xUPDATE~1.EXE0
Pfad der fehlerhaften Anwendung: UPDATE~1.EXE1
Pfad des fehlerhaften Moduls: UPDATE~1.EXE2
Berichtskennung: UPDATE~1.EXE3

Error: (12/22/2013 02:39:27 AM) (Source: Application Hang) (User: )
Description: Programm League of Legends.exe, Version 3.15.0.260 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11e4

Startzeit: 01cefeb67a7c2863

Endzeit: 32

Anwendungspfad: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.4\deploy\League of Legends.exe

Berichts-ID:

Error: (12/22/2013 02:26:07 AM) (Source: Application Hang) (User: )
Description: Programm League of Legends.exe, Version 3.15.0.260 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d78

Startzeit: 01cefeb38c235ffe

Endzeit: 37

Anwendungspfad: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.4\deploy\League of Legends.exe

Berichts-ID:

Error: (12/21/2013 11:23:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.15.0.260, Zeitstempel: 0x52b20b88
Name des fehlerhaften Moduls: League of Legends.exe, Version: 3.15.0.260, Zeitstempel: 0x52b20b88
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0042c6b0
ID des fehlerhaften Prozesses: 0x1090
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3

Error: (12/18/2013 02:45:09 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.15.0.255, Zeitstempel: 0x52abb394
Name des fehlerhaften Moduls: League of Legends.exe, Version: 3.15.0.255, Zeitstempel: 0x52abb394
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0042c6b0
ID des fehlerhaften Prozesses: 0x1178
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3

Error: (12/18/2013 01:59:15 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.15.0.255, Zeitstempel: 0x52abb394
Name des fehlerhaften Moduls: League of Legends.exe, Version: 3.15.0.255, Zeitstempel: 0x52abb394
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0042c6b0
ID des fehlerhaften Prozesses: 0xfe4
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3

Error: (12/10/2013 09:06:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16428, Zeitstempel: 0x525b664c
Name des fehlerhaften Moduls: glindorusbho.dll, Version: 1.0.0.1, Zeitstempel: 0x524f6527
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00006fd1
ID des fehlerhaften Prozesses: 0x1268
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (12/10/2013 07:52:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.14.0.738, Zeitstempel: 0x52945869
Name des fehlerhaften Moduls: League of Legends.exe, Version: 3.14.0.738, Zeitstempel: 0x52945869
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0042c7b0
ID des fehlerhaften Prozesses: 0x7c4
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3


System errors:
=============
Error: (03/06/2014 08:48:50 AM) (Source: DCOM) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}5{56EA1054-1959-467F-BE3B-A2A787C4B6EA}

Error: (03/06/2014 08:29:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/06/2014 08:29:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/05/2014 01:01:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/05/2014 01:01:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/05/2014 11:25:56 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/05/2014 11:25:56 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/05/2014 11:12:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/05/2014 11:12:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/03/2014 03:07:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (03/05/2014 11:54:05 AM) (Source: Application Hang)(User: )
Description: Shredder.exe14.0.1000.22181401cf3860a3c2c4208C:\Program Files (x86)\TuneUp Utilities 2014\Shredder.exe608b208b-a454-11e3-b7ca-0019dbaea411

Error: (01/08/2014 07:56:04 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a881c01cf0ca25544b821C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll856fa6f0-7896-11e3-9ede-0019dbaea411

Error: (01/01/2014 09:29:46 PM) (Source: Application Error)(User: )
Description: UPDATE~1.EXE0.0.0.02a425e19netprofm.dll_unloaded0.0.0.04a5bda75c00000056e464f2ab8c01cf073020879e63C:\Users\Sabrina\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXEnetprofm.dll738a0960-7323-11e3-bfad-0019dbaea411

Error: (12/22/2013 02:39:27 AM) (Source: Application Hang)(User: )
Description: League of Legends.exe3.15.0.26011e401cefeb67a7c286332C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.4\deploy\League of Legends.exe

Error: (12/22/2013 02:26:07 AM) (Source: Application Hang)(User: )
Description: League of Legends.exe3.15.0.260d7801cefeb38c235ffe37C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.4\deploy\League of Legends.exe

Error: (12/21/2013 11:23:24 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.15.0.26052b20b88League of Legends.exe3.15.0.26052b20b88c00000050042c6b0109001cefe97d7fc843aC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.4\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.4\deploy\League of Legends.exe81419176-6a8e-11e3-9a2e-0019dbaea411

Error: (12/18/2013 02:45:09 AM) (Source: Application Error)(User: )
Description: League of Legends.exe3.15.0.25552abb394League of Legends.exe3.15.0.25552abb394c00000050042c6b0117801cefb8cec4e3ef3C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exe06b9eaf6-6786-11e3-892c-0019dbaea411

Error: (12/18/2013 01:59:15 AM) (Source: Application Error)(User: )
Description: League of Legends.exe3.15.0.25552abb394League of Legends.exe3.15.0.25552abb394c00000050042c6b0fe401cefb8b107625afC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.3\deploy\League of Legends.exe9d0d711b-677f-11e3-892c-0019dbaea411

Error: (12/10/2013 09:06:28 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cglindorusbho.dll1.0.0.1524f6527c000000500006fd1126801cef5e34bf57d50C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\glindorus\glindorusbho.dll8d32e185-61d6-11e3-a065-0019dbaea411

Error: (12/10/2013 07:52:13 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.14.0.73852945869League of Legends.exe3.14.0.73852945869c00000050042c7b07c401cef5d37ebef6c3C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.0\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.0\deploy\League of Legends.exe2dc34fac-61cc-11e3-a065-0019dbaea411


==================== Memory info =========================== 

Percentage of memory in use: 64%
Total physical RAM: 2046.49 MB
Available physical RAM: 722.56 MB
Total Pagefile: 4092.98 MB
Available Pagefile: 2417.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:169.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 06590658)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 06.03.2014, 10:34

hi,

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Häschen91 · 06.03.2014, 21:14

Malwarebytes Anti-Malware

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Sabrina :: SABRINA-PC [Administrator]

06.03.2014 10:35:55
mbam-log-2014-03-06 (10-35-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 237484
Laufzeit: 5 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

AdwCleaner

Code:

ATTFilter

# AdwCleaner v3.020 - Bericht erstellt am 06/03/2014 um 10:49:16
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Sabrina - SABRINA-PC
# Gestartet von : C:\Users\Sabrina\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
Datei Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\itcodjjx.default\searchplugins\conduit-search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\caphyon

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\itcodjjx.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search");
Zeile gelöscht : user_pref("extensions.N4mk4DI7TNh.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url[...]
Zeile gelöscht : user_pref("extensions.mUNN2xl.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.ind[...]

-\\ Google Chrome v

[ Datei : C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [21694 octets] - [19/02/2014 12:32:38]
AdwCleaner[R1].txt - [2237 octets] - [06/03/2014 10:43:19]
AdwCleaner[S0].txt - [20297 octets] - [19/02/2014 12:33:36]
AdwCleaner[S1].txt - [1975 octets] - [06/03/2014 10:49:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2035 octets] ##########

Junkware Removal Tool

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sabrina on 06.03.2014 at 11:02:51,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Sabrina\AppData\Roaming\mozilla\firefox\profiles\itcodjjx.default\prefs.js

user_pref("extensions.N4mk4DI7TNh.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.inde
user_pref("extensions.mUNN2xl.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.03.2014 at 11:11:45,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by Sabrina (administrator) on SABRINA-PC on 06-03-2014 11:13:06
Running from C:\Users\Sabrina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-466219987-2582930442-4141336138-1001\...\MountPoints2: {487cfa83-9e17-11da-a42e-806e6f6e6963} - D:\Autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE2B37D39978ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP4A50CBDA-75C0-4A23-BC1B-77BC32A2919F&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\itcodjjx.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FlexibleShoppEr - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\itcodjjx.default\Extensions\amvs-tel@otmdvyau.net [2014-01-05]
FF Extension: FinoEDeealSoft - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\itcodjjx.default\Extensions\vh.versebr@atdiv-.com [2014-01-05]

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-04]
CHR Extension: (Google-Suche) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-04]
CHR Extension: (SuperLyrics-16) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-25]
CHR Extension: (FinoEDeealSoft) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbcpaikhhkgbbpfcgllehmdgjfaelji [2014-01-05]
CHR Extension: (Google Mail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-04]
CHR Extension: (FlexibleShoppEr) - C:\ProgramData\ajpdighabmlafiemfbcnljljgloedfik [2014-01-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-08] (Avira Operations GmbH & Co. KG)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fet6x64.sys [47872 2009-06-10] (VIA Technologies, Inc.              )

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 11:11 - 2014-03-06 11:11 - 00001129 _____ () C:\Users\Sabrina\Desktop\JRT.txt
2014-03-06 10:58 - 2014-03-06 10:58 - 00002115 _____ () C:\Users\Sabrina\Desktop\AdwCleaner[S1].txt
2014-03-06 10:45 - 2014-03-06 10:45 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 10:44 - 2014-03-06 10:44 - 01037734 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT.exe
2014-03-06 10:39 - 2014-03-06 10:39 - 01244192 _____ () C:\Users\Sabrina\Downloads\adwcleaner.exe
2014-03-06 10:07 - 2014-03-06 10:07 - 00022624 _____ () C:\Users\Sabrina\Downloads\Addition.txt
2014-03-06 10:06 - 2014-03-06 11:13 - 00008768 _____ () C:\Users\Sabrina\Downloads\FRST.txt
2014-03-06 10:06 - 2014-03-06 11:13 - 00000000 ____D () C:\FRST
2014-03-06 09:57 - 2014-03-06 09:57 - 02156544 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-03-06 09:52 - 2014-03-06 09:52 - 04110135 _____ () C:\Users\Sabrina\Downloads\tdsskiller.zip
2014-03-06 08:49 - 2014-03-06 09:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 08:48 - 2014-03-06 08:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 15:00 - 2014-03-05 15:00 - 00263065 _____ () C:\Users\Sabrina\Downloads\lay_325.zip
2014-03-05 14:59 - 2014-03-05 14:59 - 00862549 _____ () C:\Users\Sabrina\Downloads\lay_341.zip
2014-03-05 14:47 - 2014-03-05 14:47 - 00022906 _____ () C:\Users\Sabrina\Downloads\yellow.zip
2014-03-05 13:53 - 2014-03-05 15:23 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\FileZilla
2014-03-05 13:53 - 2014-03-05 13:53 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-05 13:52 - 2014-03-05 13:52 - 04822473 _____ (Tim Kosse) C:\Users\Sabrina\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-03-05 13:36 - 2014-03-05 13:39 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\PSpad
2014-03-05 12:44 - 2014-03-05 12:44 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2014-03-05 12:43 - 2014-03-05 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-05 12:43 - 2014-03-05 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 12:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-05 12:42 - 2014-03-05 12:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-05 12:34 - 2014-03-05 12:34 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
2014-03-05 12:32 - 2014-03-05 12:32 - 04681159 _____ (Jan Fiala ) C:\Users\Sabrina\Downloads\pspad457inst_en.exe
2014-03-05 12:00 - 2014-03-05 12:00 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\AVG2014
2014-03-05 11:58 - 2014-03-05 11:58 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-05 11:57 - 2014-03-05 11:59 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ___HD () C:\$AVG
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-05 11:53 - 2014-03-06 09:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-05 11:53 - 2014-03-05 13:03 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Avg2014
2014-03-05 11:53 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\MFAData
2014-03-05 11:52 - 2014-03-05 11:53 - 143231560 _____ (AVG Technologies) C:\Users\Sabrina\Downloads\avg_free_x86_all_2014_4335a7045.exe
2014-03-05 11:35 - 2014-03-05 11:35 - 00006340 _____ () C:\Users\Sabrina\Downloads\hijackthis.log
2014-03-05 11:33 - 2014-03-05 11:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sabrina\Downloads\HiJackThis204.exe
2014-03-05 11:26 - 2014-03-05 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-05 11:26 - 2014-03-05 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Program Files (x86)\phase5
2014-03-05 11:14 - 2014-03-05 11:14 - 03746496 _____ (Systemberatung Schommer) C:\Users\Sabrina\Downloads\phase5623install.exe
2014-02-19 12:37 - 2014-02-19 12:37 - 00003711 _____ () C:\Windows\avmadd321.log
2014-02-19 12:32 - 2014-03-06 10:49 - 00000000 ____D () C:\AdwCleaner
2014-02-19 10:51 - 2014-02-19 10:51 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-19 10:51 - 2014-02-19 10:51 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-02-19 10:43 - 2014-03-05 11:58 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\TuneUp Software
2014-02-19 10:40 - 2014-03-05 11:55 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-19 10:39 - 2014-02-19 10:51 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-17 20:39 - 2014-03-06 10:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 20:39 - 2014-02-24 10:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-15 18:19 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-15 18:19 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-15 18:18 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-15 18:18 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-15 18:18 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-15 18:18 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-15 18:18 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-15 18:18 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-15 18:18 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-15 18:18 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-15 18:18 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-15 18:18 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-15 18:18 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-15 18:18 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-15 18:18 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-15 18:18 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-15 18:18 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-15 18:18 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-15 18:18 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-15 18:18 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-15 18:18 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-15 18:18 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-15 18:18 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-15 18:18 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-15 18:18 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-15 18:18 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-15 18:18 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-15 18:18 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-15 18:18 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-15 18:18 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-15 18:18 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-15 18:18 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-15 18:18 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-15 18:18 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-15 18:18 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-15 18:18 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-15 18:18 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-15 18:18 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-15 18:18 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-15 18:18 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-15 18:18 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Sun
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-15 17:04 - 2014-02-15 17:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-15 17:03 - 2014-02-15 17:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-15 16:56 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-15 16:56 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-15 16:56 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-15 16:56 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-15 16:56 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-15 16:56 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-15 16:56 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-15 16:56 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-15 16:56 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-15 16:56 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-15 16:56 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-15 16:56 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-15 16:56 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-15 16:56 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-15 16:56 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-15 16:56 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-15 16:56 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-15 16:56 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-15 16:56 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-15 16:56 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-15 16:55 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-15 16:55 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-15 16:55 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-15 16:55 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-06 11:13 - 2014-03-06 10:06 - 00008768 _____ () C:\Users\Sabrina\Downloads\FRST.txt
2014-03-06 11:13 - 2014-03-06 10:06 - 00000000 ____D () C:\FRST
2014-03-06 11:11 - 2014-03-06 11:11 - 00001129 _____ () C:\Users\Sabrina\Desktop\JRT.txt
2014-03-06 11:05 - 2009-07-14 05:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 11:05 - 2009-07-14 05:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 10:58 - 2014-03-06 10:58 - 00002115 _____ () C:\Users\Sabrina\Desktop\AdwCleaner[S1].txt
2014-03-06 10:57 - 2012-09-02 20:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-06 10:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 10:57 - 2009-07-14 05:51 - 00035191 _____ () C:\Windows\setupact.log
2014-03-06 10:56 - 2012-09-04 12:57 - 03290396 _____ () C:\Windows\PFRO.log
2014-03-06 10:55 - 2006-02-15 12:39 - 01346465 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 10:49 - 2014-02-19 12:32 - 00000000 ____D () C:\AdwCleaner
2014-03-06 10:45 - 2014-03-06 10:45 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 10:44 - 2014-03-06 10:44 - 01037734 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT.exe
2014-03-06 10:39 - 2014-03-06 10:39 - 01244192 _____ () C:\Users\Sabrina\Downloads\adwcleaner.exe
2014-03-06 10:35 - 2014-02-17 20:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 10:07 - 2014-03-06 10:07 - 00022624 _____ () C:\Users\Sabrina\Downloads\Addition.txt
2014-03-06 09:57 - 2014-03-06 09:57 - 02156544 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-03-06 09:52 - 2014-03-06 09:52 - 04110135 _____ () C:\Users\Sabrina\Downloads\tdsskiller.zip
2014-03-06 09:35 - 2014-03-05 11:53 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-06 09:11 - 2014-03-06 08:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 08:48 - 2014-03-06 08:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 16:39 - 2013-10-25 20:36 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-05 16:39 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-03-05 16:39 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-03-05 16:39 - 2009-07-14 06:13 - 01594028 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-05 15:23 - 2014-03-05 13:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\FileZilla
2014-03-05 15:00 - 2014-03-05 15:00 - 00263065 _____ () C:\Users\Sabrina\Downloads\lay_325.zip
2014-03-05 14:59 - 2014-03-05 14:59 - 00862549 _____ () C:\Users\Sabrina\Downloads\lay_341.zip
2014-03-05 14:47 - 2014-03-05 14:47 - 00022906 _____ () C:\Users\Sabrina\Downloads\yellow.zip
2014-03-05 13:53 - 2014-03-05 13:53 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-05 13:52 - 2014-03-05 13:52 - 04822473 _____ (Tim Kosse) C:\Users\Sabrina\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-03-05 13:39 - 2014-03-05 13:36 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\PSpad
2014-03-05 13:03 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Avg2014
2014-03-05 12:44 - 2014-03-05 12:44 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2014-03-05 12:44 - 2014-03-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-05 12:43 - 2014-03-05 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 12:42 - 2014-03-05 12:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-05 12:34 - 2014-03-05 12:34 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
2014-03-05 12:32 - 2014-03-05 12:32 - 04681159 _____ (Jan Fiala ) C:\Users\Sabrina\Downloads\pspad457inst_en.exe
2014-03-05 12:00 - 2014-03-05 12:00 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\AVG2014
2014-03-05 11:59 - 2014-03-05 11:57 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-05 11:58 - 2014-03-05 11:58 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-05 11:58 - 2014-02-19 10:43 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\TuneUp Software
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ___HD () C:\$AVG
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-05 11:55 - 2014-02-19 10:40 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-03-05 11:53 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\MFAData
2014-03-05 11:53 - 2014-03-05 11:52 - 143231560 _____ (AVG Technologies) C:\Users\Sabrina\Downloads\avg_free_x86_all_2014_4335a7045.exe
2014-03-05 11:35 - 2014-03-05 11:35 - 00006340 _____ () C:\Users\Sabrina\Downloads\hijackthis.log
2014-03-05 11:33 - 2014-03-05 11:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sabrina\Downloads\HiJackThis204.exe
2014-03-05 11:33 - 2006-02-15 21:10 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\VirtualStore
2014-03-05 11:26 - 2014-03-05 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-05 11:26 - 2014-03-05 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Program Files (x86)\phase5
2014-03-05 11:14 - 2014-03-05 11:14 - 03746496 _____ (Systemberatung Schommer) C:\Users\Sabrina\Downloads\phase5623install.exe
2014-02-24 10:35 - 2014-02-17 20:39 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-24 10:35 - 2012-09-02 20:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-24 10:35 - 2012-09-02 20:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 12:43 - 2006-02-15 21:11 - 00000000 ___RD () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 12:38 - 2012-09-02 20:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Opera
2014-02-19 12:38 - 2012-09-02 20:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Opera
2014-02-19 12:38 - 2012-09-02 20:28 - 00000000 ____D () C:\Program Files\Opera Next x64
2014-02-19 12:37 - 2014-02-19 12:37 - 00003711 _____ () C:\Windows\avmadd321.log
2014-02-19 12:37 - 2013-08-06 14:14 - 00001981 _____ () C:\Windows\avmadd32.log
2014-02-19 12:35 - 2014-01-05 19:19 - 00000000 ____D () C:\ProgramData\FlexibleShoppEr
2014-02-19 12:35 - 2014-01-05 19:19 - 00000000 ____D () C:\ProgramData\FinoEDeealSoft
2014-02-19 12:13 - 2014-01-05 19:19 - 00000000 ____D () C:\ProgramData\781c9a2fc4df931b
2014-02-19 12:12 - 2012-11-16 13:44 - 00000000 ____D () C:\ProgramData\Origin
2014-02-19 10:51 - 2014-02-19 10:51 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-19 10:51 - 2014-02-19 10:51 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-02-19 10:51 - 2014-02-19 10:39 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-19 10:51 - 2013-07-29 18:33 - 00000000 __HDC () C:\ProgramData\{2AF39B1A-CB0D-4FEF-AC24-182469F89F9C}
2014-02-17 21:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-17 20:43 - 2012-09-05 14:44 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Adobe
2014-02-17 20:42 - 2012-09-05 13:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-17 20:42 - 2012-09-02 20:54 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-17 13:13 - 2013-07-19 21:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 13:11 - 2013-01-01 23:01 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 12:49 - 2012-11-16 00:15 - 00000000 ____D () C:\Users\Sabrina\Documents\Bewerbung
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Sun
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-15 17:03 - 2014-02-15 17:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-15 17:03 - 2014-02-15 17:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-06 13:16 - 2014-02-15 18:18 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-15 18:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-15 18:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-15 18:18 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-15 18:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-15 18:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-15 18:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-15 18:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-15 18:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-15 18:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-15 18:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-15 18:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-15 18:18 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-15 18:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-15 18:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-15 18:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-15 18:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-15 18:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-15 18:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-15 18:18 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-15 18:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-15 18:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-15 18:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-15 18:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-15 18:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-15 18:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-15 18:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-15 18:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-15 18:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-15 18:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-15 18:18 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-15 18:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-15 18:18 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-15 18:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-15 18:18 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-15 18:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-15 18:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-15 18:18 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-15 18:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Sabrina\AppData\Local\Temp\AskSLib.dll
C:\Users\Sabrina\AppData\Local\Temp\avgnt.exe
C:\Users\Sabrina\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sabrina\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Sabrina\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Sabrina\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Sabrina\AppData\Local\Temp\EADE7DD.exe
C:\Users\Sabrina\AppData\Local\Temp\globalKeyChecker.exe
C:\Users\Sabrina\AppData\Local\Temp\IEHistory.exe
C:\Users\Sabrina\AppData\Local\Temp\InstalledPrograms.exe
C:\Users\Sabrina\AppData\Local\Temp\installerdll4768562.dll
C:\Users\Sabrina\AppData\Local\Temp\Quarantine.exe
C:\Users\Sabrina\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Sabrina\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Sabrina\AppData\Local\Temp\Setup.exe
C:\Users\Sabrina\AppData\Local\Temp\SetupDataMngr_BearShare.exe
C:\Users\Sabrina\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Sabrina\AppData\Local\Temp\tester.dll
C:\Users\Sabrina\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Sabrina\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Sabrina\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 21:46

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Hi. Ich hab mal diesen ESET Scanner durchlaufen lassen. Und der hat auch etwas gefunden.

Ist die Frage, ob und wie ich das loswerde und ob das die Störenfriede sind!?

Ich werd hier echt noch wahnsinnig mit diesem Virenscheiß... Ich hatte nie.. wirklich NIE Probleme mit meinem Computer... Ich könnte so kotzen... um mir mal gerade Luft zu machen. Sorry...

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b86535ebaa51724693bd2e8f4b45faea
# engine=17340
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-06 03:38:17
# local_time=2014-03-06 04:38:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 11206 164791602 3955 0
# compatibility_mode=5893 16776574 100 94 105659 145750147 0 0
# scanned=159516
# found=6
# cleaned=0
# scan_time=4810
sh=3F2FA3515F9E9972D6DF5AE42B1947135112015F ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\ProgramData\ajpdighabmlafiemfbcnljljgloedfik\YIlCg4O.js"
sh=3F2FA3515F9E9972D6DF5AE42B1947135112015F ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\All Users\ajpdighabmlafiemfbcnljljgloedfik\YIlCg4O.js"
sh=9FF73064B17F855504D681DC64EFFAA4592F4156 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbcpaikhhkgbbpfcgllehmdgjfaelji\4.4\EGAypZK3Ej3.js"
sh=86F684719F29437F6ADD3B3E95AB1F6F4C011A02 ft=1 fh=3cb5f896bc0aaafc vn="multiple threats" ac=I fn="C:\Users\Sabrina\AppData\Local\Temp\{CF520186-6EF3-48D7-91EB-00FD9EF04D35}\setup.exe"
sh=7B4C3936ED03557EDAE7DED7FA449DBF1523F5A5 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\itcodjjx.default\extensions\amvs-tel@otmdvyau.net\content\bg.js"
sh=3D9829CD0D24BF10996CD5FAA64D190EEF9700E4 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\itcodjjx.default\extensions\vh.versebr@atdiv-.com\content\bg.js"

Ich hoffe ihr könnt mir helfen.

schrauber · 07.03.2014, 19:04

Nur zu, lass dich ruhig gehen

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Revo Uninstaller - Download - Filepony
damit Firefox komplett deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\ProgramData\ajpdighabmlafiemfbcnljljgloedfik

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST Log bitte.

Häschen91 · 08.03.2014, 09:00

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2014
Ran by Sabrina at 2014-03-08 08:58:06 Run:1
Running from C:\Users\Sabrina\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\ajpdighabmlafiemfbcnljljgloedfik
*****************

C:\ProgramData\ajpdighabmlafiemfbcnljljgloedfik => Moved successfully.

==== End of Fixlog ====

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by Sabrina (administrator) on SABRINA-PC on 08-03-2014 08:58:34
Running from C:\Users\Sabrina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-466219987-2582930442-4141336138-1001\...\Run: [AVG-Secure-Search-Update_0214c] - C:\Users\Sabrina\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=ed356aa58f5847d283aad1509d4a4de2-eb431e0e2f214f7842164be415a55361cce47dcf /CMPID=0214c
HKU\S-1-5-21-466219987-2582930442-4141336138-1001\...\MountPoints2: {487cfa83-9e17-11da-a42e-806e6f6e6963} - D:\Autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE2B37D39978ACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP4A50CBDA-75C0-4A23-BC1B-77BC32A2919F&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\2on8ve63.default-1394265358710
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-04]
CHR Extension: (Google-Suche) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-04]
CHR Extension: (SuperLyrics-16) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc [2013-10-25]
CHR Extension: (FinoEDeealSoft) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbcpaikhhkgbbpfcgllehmdgjfaelji [2014-01-05]
CHR Extension: (Google Mail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-08] (Avira Operations GmbH & Co. KG)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fet6x64.sys [47872 2009-06-10] (VIA Technologies, Inc.              )

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 08:56 - 2014-03-08 08:56 - 00000000 ____D () C:\Users\Sabrina\Desktop\Alte Firefox-Daten
2014-03-08 08:54 - 2014-03-08 08:54 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-08 08:54 - 2014-03-08 08:54 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Mozilla
2014-03-08 08:54 - 2014-03-08 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-08 08:35 - 2014-03-08 08:35 - 00001264 _____ () C:\Users\Sabrina\Desktop\Revo Uninstaller.lnk
2014-03-08 08:35 - 2014-03-08 08:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-08 08:34 - 2014-03-08 08:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sabrina\Downloads\revosetup95.exe
2014-03-08 08:25 - 2014-03-08 08:25 - 00448512 _____ (OldTimer Tools) C:\Users\Sabrina\Desktop\TFC.exe
2014-03-06 21:17 - 2014-03-06 21:17 - 00002002 _____ () C:\Users\Sabrina\Desktop\eset.txt
2014-03-06 15:12 - 2014-03-06 15:13 - 02347384 _____ (ESET) C:\Users\Sabrina\Downloads\esetsmartinstaller_enu.exe
2014-03-06 11:14 - 2014-03-06 11:14 - 00037445 _____ () C:\Users\Sabrina\Desktop\FRST.txt
2014-03-06 11:11 - 2014-03-06 11:11 - 00001129 _____ () C:\Users\Sabrina\Desktop\JRT.txt
2014-03-06 10:58 - 2014-03-06 10:58 - 00002115 _____ () C:\Users\Sabrina\Desktop\AdwCleaner[S1].txt
2014-03-06 10:45 - 2014-03-06 10:45 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 10:44 - 2014-03-06 10:44 - 01037734 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT.exe
2014-03-06 10:39 - 2014-03-06 10:39 - 01244192 _____ () C:\Users\Sabrina\Downloads\adwcleaner.exe
2014-03-06 10:07 - 2014-03-06 10:07 - 00022624 _____ () C:\Users\Sabrina\Downloads\Addition.txt
2014-03-06 10:06 - 2014-03-08 08:58 - 00008462 _____ () C:\Users\Sabrina\Downloads\FRST.txt
2014-03-06 10:06 - 2014-03-08 08:58 - 00000000 ____D () C:\FRST
2014-03-06 09:57 - 2014-03-06 09:57 - 02156544 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-03-06 08:49 - 2014-03-06 09:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 08:48 - 2014-03-06 08:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 15:00 - 2014-03-05 15:00 - 00263065 _____ () C:\Users\Sabrina\Downloads\lay_325.zip
2014-03-05 14:59 - 2014-03-05 14:59 - 00862549 _____ () C:\Users\Sabrina\Downloads\lay_341.zip
2014-03-05 14:47 - 2014-03-05 14:47 - 00022906 _____ () C:\Users\Sabrina\Downloads\yellow.zip
2014-03-05 13:53 - 2014-03-05 15:23 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\FileZilla
2014-03-05 13:53 - 2014-03-05 13:53 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-05 13:52 - 2014-03-05 13:52 - 04822473 _____ (Tim Kosse) C:\Users\Sabrina\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-03-05 13:36 - 2014-03-05 13:39 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\PSpad
2014-03-05 12:44 - 2014-03-05 12:44 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2014-03-05 12:43 - 2014-03-05 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-05 12:43 - 2014-03-05 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 12:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-05 12:42 - 2014-03-05 12:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-05 12:34 - 2014-03-05 12:34 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
2014-03-05 12:32 - 2014-03-05 12:32 - 04681159 _____ (Jan Fiala ) C:\Users\Sabrina\Downloads\pspad457inst_en.exe
2014-03-05 12:00 - 2014-03-05 12:00 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\AVG2014
2014-03-05 11:58 - 2014-03-05 11:58 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-05 11:57 - 2014-03-05 11:59 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ___HD () C:\$AVG
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-05 11:53 - 2014-03-08 08:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-05 11:53 - 2014-03-05 13:03 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Avg2014
2014-03-05 11:53 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\MFAData
2014-03-05 11:52 - 2014-03-05 11:53 - 143231560 _____ (AVG Technologies) C:\Users\Sabrina\Downloads\avg_free_x86_all_2014_4335a7045.exe
2014-03-05 11:35 - 2014-03-05 11:35 - 00006340 _____ () C:\Users\Sabrina\Downloads\hijackthis.log
2014-03-05 11:33 - 2014-03-05 11:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sabrina\Downloads\HiJackThis204.exe
2014-03-05 11:26 - 2014-03-08 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Program Files (x86)\phase5
2014-03-05 11:14 - 2014-03-05 11:14 - 03746496 _____ (Systemberatung Schommer) C:\Users\Sabrina\Downloads\phase5623install.exe
2014-02-19 12:37 - 2014-02-19 12:37 - 00003711 _____ () C:\Windows\avmadd321.log
2014-02-19 12:32 - 2014-03-06 10:49 - 00000000 ____D () C:\AdwCleaner
2014-02-19 10:51 - 2014-02-19 10:51 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-19 10:51 - 2014-02-19 10:51 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-02-19 10:43 - 2014-03-05 11:58 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\TuneUp Software
2014-02-19 10:40 - 2014-03-05 11:55 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-19 10:39 - 2014-02-19 10:51 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-17 20:39 - 2014-03-08 08:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-17 20:39 - 2014-02-24 10:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-15 18:19 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-15 18:19 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-15 18:18 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-15 18:18 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-15 18:18 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-15 18:18 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-15 18:18 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-15 18:18 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-15 18:18 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-15 18:18 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-15 18:18 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-15 18:18 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-15 18:18 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-15 18:18 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-15 18:18 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-15 18:18 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-15 18:18 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-15 18:18 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-15 18:18 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-15 18:18 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-15 18:18 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-15 18:18 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-15 18:18 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-15 18:18 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-15 18:18 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-15 18:18 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-15 18:18 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-15 18:18 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-15 18:18 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-15 18:18 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-15 18:18 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-15 18:18 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-15 18:18 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-15 18:18 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-15 18:18 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-15 18:18 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-15 18:18 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-15 18:18 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-15 18:18 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-15 18:18 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-15 18:18 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Sun
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-15 17:04 - 2014-02-15 17:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-15 17:03 - 2014-02-15 17:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-15 16:56 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-15 16:56 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-15 16:56 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-15 16:56 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-15 16:56 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-15 16:56 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-15 16:56 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-15 16:56 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-15 16:56 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-15 16:56 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-15 16:56 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-15 16:56 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-15 16:56 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-15 16:56 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-15 16:56 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-15 16:56 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-15 16:56 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-15 16:56 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-15 16:56 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-15 16:56 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-15 16:56 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-15 16:55 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-15 16:55 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-15 16:55 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-15 16:55 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-08 08:59 - 2014-03-06 10:06 - 00008462 _____ () C:\Users\Sabrina\Downloads\FRST.txt
2014-03-08 08:58 - 2014-03-06 10:06 - 00000000 ____D () C:\FRST
2014-03-08 08:56 - 2014-03-08 08:56 - 00000000 ____D () C:\Users\Sabrina\Desktop\Alte Firefox-Daten
2014-03-08 08:54 - 2014-03-08 08:54 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-08 08:54 - 2014-03-08 08:54 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Mozilla
2014-03-08 08:54 - 2014-03-08 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-08 08:54 - 2014-03-05 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-08 08:35 - 2014-03-08 08:35 - 00001264 _____ () C:\Users\Sabrina\Desktop\Revo Uninstaller.lnk
2014-03-08 08:35 - 2014-03-08 08:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-08 08:35 - 2014-02-17 20:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 08:34 - 2014-03-08 08:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sabrina\Downloads\revosetup95.exe
2014-03-08 08:28 - 2009-07-14 05:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 08:28 - 2009-07-14 05:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 08:25 - 2014-03-08 08:25 - 00448512 _____ (OldTimer Tools) C:\Users\Sabrina\Desktop\TFC.exe
2014-03-08 08:23 - 2014-03-05 11:53 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-08 08:20 - 2012-09-04 12:57 - 03292472 _____ () C:\Windows\PFRO.log
2014-03-08 08:20 - 2012-09-02 20:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-08 08:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-08 08:20 - 2009-07-14 05:51 - 00035583 _____ () C:\Windows\setupact.log
2014-03-06 21:21 - 2006-02-15 12:39 - 01365307 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 21:18 - 2006-02-15 21:10 - 00000000 ____D () C:\Users\Sabrina
2014-03-06 21:17 - 2014-03-06 21:17 - 00002002 _____ () C:\Users\Sabrina\Desktop\eset.txt
2014-03-06 15:13 - 2014-03-06 15:12 - 02347384 _____ (ESET) C:\Users\Sabrina\Downloads\esetsmartinstaller_enu.exe
2014-03-06 11:14 - 2014-03-06 11:14 - 00037445 _____ () C:\Users\Sabrina\Desktop\FRST.txt
2014-03-06 11:11 - 2014-03-06 11:11 - 00001129 _____ () C:\Users\Sabrina\Desktop\JRT.txt
2014-03-06 10:58 - 2014-03-06 10:58 - 00002115 _____ () C:\Users\Sabrina\Desktop\AdwCleaner[S1].txt
2014-03-06 10:49 - 2014-02-19 12:32 - 00000000 ____D () C:\AdwCleaner
2014-03-06 10:45 - 2014-03-06 10:45 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 10:44 - 2014-03-06 10:44 - 01037734 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT.exe
2014-03-06 10:39 - 2014-03-06 10:39 - 01244192 _____ () C:\Users\Sabrina\Downloads\adwcleaner.exe
2014-03-06 10:07 - 2014-03-06 10:07 - 00022624 _____ () C:\Users\Sabrina\Downloads\Addition.txt
2014-03-06 09:57 - 2014-03-06 09:57 - 02156544 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2014-03-06 09:11 - 2014-03-06 08:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 08:48 - 2014-03-06 08:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 16:39 - 2013-10-25 20:36 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-05 16:39 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-03-05 16:39 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-03-05 16:39 - 2009-07-14 06:13 - 01594028 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-05 15:23 - 2014-03-05 13:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\FileZilla
2014-03-05 15:00 - 2014-03-05 15:00 - 00263065 _____ () C:\Users\Sabrina\Downloads\lay_325.zip
2014-03-05 14:59 - 2014-03-05 14:59 - 00862549 _____ () C:\Users\Sabrina\Downloads\lay_341.zip
2014-03-05 14:47 - 2014-03-05 14:47 - 00022906 _____ () C:\Users\Sabrina\Downloads\yellow.zip
2014-03-05 13:53 - 2014-03-05 13:53 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-05 13:52 - 2014-03-05 13:52 - 04822473 _____ (Tim Kosse) C:\Users\Sabrina\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-03-05 13:39 - 2014-03-05 13:36 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\PSpad
2014-03-05 13:03 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Avg2014
2014-03-05 12:44 - 2014-03-05 12:44 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Malwarebytes
2014-03-05 12:44 - 2014-03-05 12:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-05 12:43 - 2014-03-05 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 12:42 - 2014-03-05 12:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-05 12:34 - 2014-03-05 12:34 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
2014-03-05 12:32 - 2014-03-05 12:32 - 04681159 _____ (Jan Fiala ) C:\Users\Sabrina\Downloads\pspad457inst_en.exe
2014-03-05 12:00 - 2014-03-05 12:00 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\AVG2014
2014-03-05 11:59 - 2014-03-05 11:57 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-05 11:58 - 2014-03-05 11:58 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-05 11:58 - 2014-02-19 10:43 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\TuneUp Software
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ___HD () C:\$AVG
2014-03-05 11:57 - 2014-03-05 11:57 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-05 11:55 - 2014-02-19 10:40 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-03-05 11:53 - 2014-03-05 11:53 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\MFAData
2014-03-05 11:53 - 2014-03-05 11:52 - 143231560 _____ (AVG Technologies) C:\Users\Sabrina\Downloads\avg_free_x86_all_2014_4335a7045.exe
2014-03-05 11:35 - 2014-03-05 11:35 - 00006340 _____ () C:\Users\Sabrina\Downloads\hijackthis.log
2014-03-05 11:33 - 2014-03-05 11:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sabrina\Downloads\HiJackThis204.exe
2014-03-05 11:33 - 2006-02-15 21:10 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\VirtualStore
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
2014-03-05 11:20 - 2014-03-05 11:20 - 00000000 ____D () C:\Program Files (x86)\phase5
2014-03-05 11:14 - 2014-03-05 11:14 - 03746496 _____ (Systemberatung Schommer) C:\Users\Sabrina\Downloads\phase5623install.exe
2014-02-24 10:35 - 2014-02-17 20:39 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-24 10:35 - 2012-09-02 20:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-24 10:35 - 2012-09-02 20:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 12:43 - 2006-02-15 21:11 - 00000000 ___RD () C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 12:38 - 2012-09-02 20:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Opera
2014-02-19 12:38 - 2012-09-02 20:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Opera
2014-02-19 12:38 - 2012-09-02 20:28 - 00000000 ____D () C:\Program Files\Opera Next x64
2014-02-19 12:37 - 2014-02-19 12:37 - 00003711 _____ () C:\Windows\avmadd321.log
2014-02-19 12:37 - 2013-08-06 14:14 - 00001981 _____ () C:\Windows\avmadd32.log
2014-02-19 12:35 - 2014-01-05 19:19 - 00000000 ____D () C:\ProgramData\FlexibleShoppEr
2014-02-19 12:35 - 2014-01-05 19:19 - 00000000 ____D () C:\ProgramData\FinoEDeealSoft
2014-02-19 12:13 - 2014-01-05 19:19 - 00000000 ____D () C:\ProgramData\781c9a2fc4df931b
2014-02-19 12:12 - 2012-11-16 13:44 - 00000000 ____D () C:\ProgramData\Origin
2014-02-19 10:51 - 2014-02-19 10:51 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-02-19 10:51 - 2014-02-19 10:51 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-02-19 10:51 - 2014-02-19 10:39 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-19 10:51 - 2013-07-29 18:33 - 00000000 __HDC () C:\ProgramData\{2AF39B1A-CB0D-4FEF-AC24-182469F89F9C}
2014-02-17 21:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-17 20:43 - 2012-09-05 14:44 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\Adobe
2014-02-17 20:42 - 2012-09-05 13:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-17 20:42 - 2012-09-02 20:54 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-17 13:13 - 2013-07-19 21:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 13:11 - 2013-01-01 23:01 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 12:49 - 2012-11-16 00:15 - 00000000 ____D () C:\Users\Sabrina\Documents\Bewerbung
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Sun
2014-02-15 17:04 - 2014-02-15 17:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-15 17:03 - 2014-02-15 17:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-15 17:03 - 2014-02-15 17:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-15 17:03 - 2014-02-15 17:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-06 13:16 - 2014-02-15 18:18 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-15 18:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-15 18:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-15 18:18 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-15 18:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-15 18:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-15 18:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-15 18:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-15 18:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-15 18:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-15 18:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-15 18:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-15 18:18 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-15 18:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-15 18:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-15 18:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-15 18:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-15 18:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-15 18:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-15 18:18 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-15 18:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-15 18:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-15 18:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-15 18:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-15 18:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-15 18:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-15 18:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-15 18:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-15 18:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-15 18:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-15 18:18 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-15 18:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-15 18:18 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-15 18:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-15 18:18 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-15 18:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-15 18:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-15 18:18 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-15 18:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Sabrina\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-06 16:58

==================== End Of Log ============================

--- --- ---

Ist jetzt alles weg? :/

schrauber · 08.03.2014, 20:30

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Häschen91 · 09.03.2014, 15:51

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2014
Ran by Sabrina at 2014-03-09 15:45:37 Run:2
Running from C:\Users\Sabrina\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====

Ich danke dir vielmals!

Ich habe bis jetzt keine Probleme mehr gehabt. Echt klasse

Also.. alles erledigt und keine Fragen mehr.

schrauber · 10.03.2014, 13:49

Gern Geschehen

10.03.2014, 13:49	#8
schrauber /// the machine /// TB-Ausbilder	Win7: Firefox öffnet ständig Tabs mit Werbung und Warnungen Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Win7: Firefox öffnet ständig Tabs mit Werbung und Warnungen

Log-Analyse und Auswertung: Win7: Firefox öffnet ständig Tabs mit Werbung und Warnungen