Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Verdächtige Popup Fenster im FireFox

Windows 7: Verdächtige Popup Fenster im FireFox


Log-Analyse und Auswertung: Windows 7: Verdächtige Popup Fenster im FireFox

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.06.2014, 13:01   #11
wbtroj
 
Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox


Hallo Schrauber,
ok - alles soweit ausgeführt. JRT konnte ich allerdings nicht starten. Es kam immer die Meldung:
Code:
ATTFilter
Error during execution ""I:\Temp\jrt\get.bat""
Habe auch schon versucht die Umgebungsvariable für Temp auf ein anderes Laufwerk zu setzen (u. a. auch auf "C:"). Leider kein Erfolg.
Hier die anderen Protokolle:
A)mbam.txt:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.06.2014
Suchlauf-Zeit: 07:53:44
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.2.1012
Malware Datenbank: v2014.06.17.13
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: internet_2

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 223481
Verstrichene Zeit: 16 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Webget.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update webget, Löschen bei Neustart, [820f6b0e2d4e1c1a4daa694536cc08f8], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
B) ADW:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.212 - Report created 18/06/2014 at 08:50:47
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Basic Service Pack 1 (32 bits)
# Username : internet - DESKTOP-PC
# Running from : D:\AntiVirus\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update webget

***** [ Files / Folders ] *****

Folder Deleted : E:\Program Files\webget
Folder Deleted : I:\Temp\OCS
File Deleted : C:\Users\internet\daemonprocess.txt
File Deleted : C:\Users\internet_2\daemonprocess.txt
File Deleted : C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\y4m0hhnp.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\OCS

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v21.0 (de)

[ File : C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\y4m0hhnp.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5986 octets] - [22/02/2014 14:32:29]
AdwCleaner[S0].txt - [6046 octets] - [22/02/2014 14:41:43]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [6106 octets] ##########
--- --- ---


C) FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by internet (administrator) on DESKTOP-PC on 18-06-2014 09:17:14
Running from D:\AntiVirus
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Corporation) E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) E:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) E:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Nitro PDF Software) E:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(The Eraser Project) E:\Program Files\Eraser\Eraser.exe
(Malwarebytes Corporation) E:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NTeWORKS) E:\Image Processing\PicPick\picpick.exe
(Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) E:\Program Files\Windows Sidebar\sidebar.exe
(Automattic, Inc.) C:\Users\internet_2\AppData\Local\Cloudup\App\Cloudup.exe
(Dropbox, Inc.) C:\Users\internet_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\javaw.exe
(Microsoft Corporation) E:\MS\Office10\MSOFFICE.EXE
(Joyent, Inc) C:\Users\internet_2\AppData\Local\Cloudup\App\cloudup-node.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) E:\Program Files\windows media player\wmpnetwk.exe
(Mozilla Corporation) E:\Internet\FireFox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] => E:\Program Files\Comodo\COMODO Internet Security\cistray.exe [1225944 2014-03-26] (COMODO)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [Eraser] => E:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [StartCCC] => E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => E:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11680400 2012-10-26] (Realtek Semiconductor)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-18] (Microsoft Corporation)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\Run: [PicPick Start] => E:\Image Processing\PicPick\picpick.exe [13165400 2014-03-12] (NTeWORKS)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\MountPoints2: {e9c92f2f-d4c2-11e2-85eb-806e6f6e6963} - N:\CDBROWSE.EXE
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\MountPoints2: {e9c92f30-d4c2-11e2-85eb-806e6f6e6963} - O:\Run.exe
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [PicPick Start] => E:\Image Processing\PicPick\picpick.exe [13165400 2014-03-12] (NTeWORKS)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Messenger (Yahoo!)] => "E:\PROGRA~3\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Cloudup] => C:\Users\internet_2\AppData\Local\Cloudup\App\Cloudup.exe [531344 2014-04-15] (Automattic, Inc.)
Startup: C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI (RC3).lnk
ShortcutTarget: Secunia PSI (RC3).lnk -> D:\Programme\Personal Software Inspector\psi.exe (Secunia)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\internet\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloaderPortable.lnk
ShortcutTarget: JDownloaderPortable.lnk -> E:\Media\Video\JDownloader\JDownloaderPortable.exe (AppWork GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fil-PH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x13A26660C36CCE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{65379DEE-2D36-4695-8857-4DC4D45113C2}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: I:\Eigene Dateien\Internet\FireFox\Profile\@dele
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - E:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Extension: McAfee SiteAdvisor - E:\Program Files\McAfee\SiteAdvisor [2011-12-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - E:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - E:\Program Files\McAfee\SiteAdvisor [2011-12-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-20]
FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-06-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software)
R2 c2cautoupdatesvc; E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cmdAgent; E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-17] (COMODO)
S3 cmdvirth; E:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-26] (COMODO)
R2 FoxitCloudUpdateService; E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
S2 gupdate; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
S3 gupdatem; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2013-06-20] () [File not signed]
R2 MBAMScheduler; E:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; E:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; E:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-07] (McAfee, Inc.)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 NitroReaderDriverReadSpool3; E:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S2 SkypeUpdate; E:\Program Files\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 wampapache; P:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) [File not signed]
S3 wampmysqld; P:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () [File not signed]
S3 WinDefend; E:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
R3 WMPNetworkSvc; E:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2013-08-18] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-25] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-17] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-17] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-17] (COMODO)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2009-08-26] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2009-09-16] () [File not signed]
S3 gdrv; C:\Windows\gdrv.sys [17488 2014-06-10] (Windows (R) 2000 DDK provider)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-17] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [22120 2011-06-15] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [27752 2011-09-16] (Realtek Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [90648 2011-06-14] (Ray Hinchliffe)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
R1 {55685567-4840-4a91-962b-49a412e9485a}w; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys [52920 2014-05-26] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 SASDIFSV; \??\I:\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\I:\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 09:07 - 2014-06-18 09:07 - 00000000 ____D () C:\Temp
2014-06-18 08:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-18 07:33 - 2014-06-18 09:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 07:31 - 2014-06-18 07:31 - 00000960 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 07:31 - 2014-06-18 07:31 - 00000000 ____D () E:\Program Files\ Malwarebytes Anti-Malware 
2014-06-18 07:31 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-18 07:31 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 07:31 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-17 09:29 - 2014-06-17 09:18 - 05206841 _____ (Swearware) C:\Users\internet\Desktop\ComboFix.exe
2014-06-17 09:03 - 2014-06-17 09:18 - 05206841 _____ (Swearware) C:\Users\internet_2\Desktop\ComboFix.exe
2014-06-16 11:09 - 2014-06-16 11:09 - 00001191 _____ () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloudup.lnk
2014-06-15 21:21 - 2014-06-15 21:21 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-13 09:47 - 2014-06-18 09:17 - 00000000 ____D () C:\FRST
2014-06-12 17:24 - 2014-06-17 09:30 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-11 18:47 - 2014-05-30 17:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 18:47 - 2014-05-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 18:47 - 2014-05-30 17:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 18:47 - 2014-05-30 16:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 18:47 - 2014-05-30 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 18:47 - 2014-05-30 16:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 18:47 - 2014-05-30 16:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 18:47 - 2014-05-30 16:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 18:47 - 2014-05-30 16:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 18:47 - 2014-05-30 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 18:47 - 2014-05-30 16:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 18:47 - 2014-05-30 16:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 18:47 - 2014-05-30 16:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 18:47 - 2014-05-30 16:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 18:47 - 2014-05-30 16:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 18:47 - 2014-05-30 16:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 18:47 - 2014-05-30 16:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 18:47 - 2014-05-30 16:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 18:47 - 2014-05-30 16:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 18:47 - 2014-05-30 15:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 18:47 - 2014-05-30 15:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 18:47 - 2014-05-30 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 18:47 - 2014-05-30 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 18:47 - 2014-05-30 15:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 18:47 - 2014-05-30 15:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 18:47 - 2014-05-30 15:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 18:47 - 2014-05-30 15:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 18:47 - 2014-05-30 15:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 16:54 - 2014-06-08 16:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 16:54 - 2014-04-05 10:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 16:54 - 2014-04-05 10:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 16:53 - 2014-06-08 16:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 16:53 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2012-10-30 17:59 - 03340880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-06-10 17:22 - 2012-10-30 16:43 - 00369117 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-06-10 17:22 - 2012-10-29 16:34 - 02357344 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-06-10 17:22 - 2012-10-25 14:45 - 00097424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-06-10 17:22 - 2012-10-23 11:30 - 03219600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-06-10 17:22 - 2012-09-20 00:59 - 00742264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-06-10 17:22 - 2012-09-12 09:51 - 02486416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-06-10 17:22 - 2012-09-09 14:33 - 01929080 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-06-10 17:22 - 2012-08-21 14:51 - 00658064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-06-10 17:22 - 2012-08-13 18:06 - 01501840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-06-10 17:22 - 2012-08-03 18:18 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-06-10 17:22 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-06-10 17:22 - 2012-06-08 16:23 - 00071808 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2014-06-10 17:22 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00176736 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2014-06-10 17:22 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2014-06-10 17:22 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2014-06-10 17:22 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-06-10 17:22 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2014-06-10 17:22 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2014-06-10 17:22 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-09 11:05 - 2014-06-09 13:27 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-05 16:03 - 2014-06-05 19:05 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-06-03 22:11 - 2014-06-03 22:11 - 00147667 ____N () C:\Windows\Minidump\060314-22495-01.dmp
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 08:40 - 2014-05-30 09:00 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-30 08:18 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-30 08:18 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-30 08:18 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-30 08:17 - 2014-05-30 08:18 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 07:52 - 2014-05-26 20:57 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-25 14:32 - 2014-05-30 16:53 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-24 13:48 - 2014-05-24 14:03 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt
2014-05-21 15:36 - 2014-05-29 15:36 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Mp3tag

==================== One Month Modified Files and Folders =======

2014-06-18 09:17 - 2014-06-13 09:47 - 00000000 ____D () C:\FRST
2014-06-18 09:17 - 2013-06-22 19:49 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Skype
2014-06-18 09:15 - 2014-03-03 09:13 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\DropboxMaster
2014-06-18 09:15 - 2013-09-22 13:46 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Dropbox
2014-06-18 09:15 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 09:15 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 09:11 - 2014-01-01 10:16 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 09:07 - 2014-06-18 09:07 - 00000000 ____D () C:\Temp
2014-06-18 09:04 - 2013-06-23 07:54 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype
2014-06-18 09:03 - 2014-06-18 07:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 09:01 - 2013-06-14 15:23 - 01118100 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 09:00 - 2014-01-01 10:16 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 08:52 - 2014-03-22 07:07 - 00023092 _____ () C:\Windows\setupact.log
2014-06-18 08:52 - 2013-06-15 07:45 - 00401394 _____ () C:\Windows\PFRO.log
2014-06-18 08:52 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 08:50 - 2013-06-14 16:41 - 00000000 ____D () C:\Users\internet_2
2014-06-18 08:50 - 2013-06-14 15:31 - 00000000 ____D () C:\Users\internet
2014-06-18 08:49 - 2013-07-14 07:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-18 08:21 - 2013-06-21 08:43 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Nitro PDF
2014-06-18 08:09 - 2013-09-10 17:39 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\vlc
2014-06-18 07:31 - 2014-06-18 07:31 - 00000960 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 07:31 - 2014-06-18 07:31 - 00000000 ____D () E:\Program Files\ Malwarebytes Anti-Malware 
2014-06-18 07:27 - 2013-06-14 15:33 - 00795754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 09:30 - 2014-06-12 17:24 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-17 09:18 - 2014-06-17 09:29 - 05206841 _____ (Swearware) C:\Users\internet\Desktop\ComboFix.exe
2014-06-17 09:18 - 2014-06-17 09:03 - 05206841 _____ (Swearware) C:\Users\internet_2\Desktop\ComboFix.exe
2014-06-16 11:09 - 2014-06-16 11:09 - 00001191 _____ () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloudup.lnk
2014-06-15 21:21 - 2014-06-15 21:21 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-15 21:21 - 2013-06-22 19:49 - 00000000 ___RD () E:\Program Files\Skype
2014-06-14 08:14 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-12 21:18 - 2013-10-20 13:10 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc
2014-06-12 18:00 - 2013-11-13 08:06 - 00000000 ____D () C:\Windows\rescache
2014-06-12 14:30 - 2009-07-14 10:04 - 00000505 _____ () C:\Windows\win.ini
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-11 20:35 - 2014-04-25 11:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 20:35 - 2011-02-08 14:44 - 00000000 ____D () E:\Program Files\internet explorer
2014-06-11 18:51 - 2013-07-27 08:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 18:48 - 2013-06-17 13:26 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 16:52 - 2014-02-04 16:57 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Free Download Manager
2014-06-10 17:24 - 2013-09-13 10:24 - 00000000 ___HD () E:\Program Files\Temp
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2011-02-08 16:04 - 00000000 ____D () E:\Program Files\Realtek
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-10 16:49 - 2013-06-14 15:35 - 00000010 _____ () C:\Windows\GSetup.ini
2014-06-10 16:05 - 2013-09-04 12:00 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Orbit
2014-06-10 16:04 - 2013-10-14 10:09 - 00000000 ____D () E:\Program Files\Calibre2
2014-06-09 13:27 - 2014-06-09 11:05 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-09 10:10 - 2013-10-14 10:15 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\calibre
2014-06-08 16:48 - 2014-06-11 16:54 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 16:43 - 2014-06-11 16:53 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 19:05 - 2014-06-05 16:03 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-06-03 22:11 - 2014-06-03 22:11 - 00147667 ____N () C:\Windows\Minidump\060314-22495-01.dmp
2014-06-03 22:11 - 2013-09-30 16:09 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 12:10 - 2013-06-25 13:16 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FileZilla
2014-05-31 11:41 - 2013-07-17 12:01 - 00000000 ____D () C:\Users\internet_2\.mediathek3
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 17:18 - 2014-06-11 18:47 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 17:02 - 2014-06-11 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 17:02 - 2014-06-11 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 16:53 - 2014-05-25 14:32 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-30 16:44 - 2014-06-11 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 16:43 - 2014-06-11 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 16:42 - 2014-06-11 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 16:38 - 2014-06-11 18:47 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 16:34 - 2014-06-11 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 16:33 - 2014-06-11 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 16:30 - 2014-06-11 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 16:28 - 2014-06-11 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 16:28 - 2014-06-11 18:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 16:27 - 2014-06-11 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 16:21 - 2014-06-11 18:47 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 16:16 - 2014-06-11 18:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 16:10 - 2014-06-11 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 16:06 - 2014-06-11 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 16:04 - 2014-06-11 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 16:02 - 2014-06-11 18:47 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 15:57 - 2014-06-11 18:47 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 15:56 - 2014-06-11 18:47 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 15:54 - 2014-06-11 18:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 15:50 - 2014-06-11 18:47 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 15:49 - 2014-06-11 18:47 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 15:40 - 2014-06-11 18:47 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 15:21 - 2014-06-11 18:47 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 15:15 - 2014-06-11 18:47 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 15:13 - 2014-06-11 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 09:00 - 2014-05-30 08:40 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-30 08:17 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 08:18 - 2011-02-15 11:34 - 00000000 ____D () E:\Program Files\Java
2014-05-29 16:12 - 2014-04-29 08:22 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\MyPhoneExplorer
2014-05-29 15:36 - 2014-05-21 15:36 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Mp3tag
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ___HD () C:\Users\internet\.opdveza-an
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ____D () C:\Users\internet\.borland
2014-05-28 13:09 - 2013-06-15 12:56 - 00000600 _____ () C:\Users\internet_2\AppData\Roaming\winscp.rnd
2014-05-27 09:55 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-26 20:57 - 2014-05-30 07:52 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-25 07:10 - 2014-03-03 09:12 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 14:03 - 2014-05-24 13:48 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt
2014-05-19 16:09 - 2013-09-13 09:30 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Notepad++
2014-05-19 07:02 - 2009-07-14 12:53 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\internet\AppData\Roaming\CamLayout.ini
C:\Users\internet\AppData\Roaming\CamShapes.ini
C:\Users\internet_2\AppData\Roaming\Camdata.ini
C:\Users\internet_2\AppData\Roaming\CamLayout.ini
C:\Users\internet_2\AppData\Roaming\CamShapes.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 17:50

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Ich bin bis einschließich Samstag nicht zu hause. Ich kann zwar Deine Post lesen und schon mal eventuell Programme herunterladen, aber natürlich nichts am Desktop machen.

Ok- schöne Tage noch
Andreas!

Hi Schrauber,
nur kurz: Meine Pläne haben sich geändert und ich bin bis auf weiteres erst mal nicht unterwegs. Kann also wieder mitspielen !
Bis denn
Andreas!

 

Themen zu Windows 7: Verdächtige Popup Fenster im FireFox
4d36e972-e325-11ce-bfc1-08002be10318, android/mobserv.a, association, branding, cpu: x86, fcupdateservice.exe, free download, gmer.log, mobogenie, mobogenie entfernen, pup.optional.webget.a, teredo, win32/bundled.toolbar.ask, win32/downloadsponsor.a, win32/installcore.ln, win32/mobogenie.a, win32/remoteadmin.remoteexec.aa, win32/toolbar.conduit, win32/toolbar.conduit.a, win32/toolbar.conduit.i, win32/toolbar.conduit.k, ymx.exe.part


« Avira : ADWARE/ShareW.Gen und div. Java-Viren/ -Exploits | FTP Ausfall »


Ähnliche Themen: Windows 7: Verdächtige Popup Fenster im FireFox


  1. POPUP Fenster gehen auf!
    Log-Analyse und Auswertung - 12.02.2015 (17)
  2. Win7 64bit: Firefox neue Tabs mit Werbung, Umleitung von Seitenaurufen, Popup Fenster
    Log-Analyse und Auswertung - 21.11.2014 (10)
  3. Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox)
    Log-Analyse und Auswertung - 28.09.2014 (15)
  4. Windows 7: Chrome öffnet weiße Popup Fenster
    Log-Analyse und Auswertung - 20.12.2013 (5)
  5. Windows 7: FBDownloaderSearch macht sich zur Startseite im Browser, popup-Fenster öffnen sich
    Log-Analyse und Auswertung - 17.12.2013 (9)
  6. Windows 7 - weisses Popup blockiert jede Seite im Firefox (kann entfernt werden)
    Log-Analyse und Auswertung - 08.12.2013 (13)
  7. Sporadisches auftauchendes weißes Popup Fenster (Firefox)
    Log-Analyse und Auswertung - 15.10.2013 (7)
  8. Windows 7: PopUp Fenster "resyncloud" Vermutung auf Trojaner
    Log-Analyse und Auswertung - 26.09.2013 (11)
  9. Windows 7: Weißes Popup in Firefox, OfferMosquito in Addons, anderer Startbildschirm
    Log-Analyse und Auswertung - 17.09.2013 (7)
  10. Windows 7: Firefox öffnet permanent leeres PopUp (als Layer), MalwareBytes findet PUP.Optional.OfferMosquito.A
    Log-Analyse und Auswertung - 04.09.2013 (11)
  11. Verdächtige Firefox Aktivitäten
    Log-Analyse und Auswertung - 14.01.2010 (1)
  12. nochmals gefaktes Windows security popup Fenster
    Plagegeister aller Art und deren Bekämpfung - 09.10.2008 (5)
  13. CiD Popup-Fenster
    Log-Analyse und Auswertung - 06.06.2008 (1)
  14. Hilfe, Popup fenster
    Log-Analyse und Auswertung - 28.02.2008 (1)
  15. Ständige POPUP Fenster vom InternetExplorer trotz FireFox! Nach Besuch auf Porno S.
    Log-Analyse und Auswertung - 31.05.2007 (7)
  16. PopUp Fenster die Zweite! Need help =)
    Plagegeister aller Art und deren Bekämpfung - 22.11.2005 (6)
  17. Werbung bzw Popup Fenster ???
    Alles rund um Windows - 28.02.2005 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Verdächtige Popup Fenster im FireFox - Hallo Schrauber, ok - alles soweit ausgeführt. JRT konnte ich allerdings nicht starten. Es kam immer die Meldung: Code: Alles auswählen Aufklappen ATTFilter Error during execution ""I:\Temp\jrt\get.bat"" Habe auch schon - Windows 7: Verdächtige Popup Fenster im FireFox...
Archiv
Du betrachtest: Windows 7: Verdächtige Popup Fenster im FireFox auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131