Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 Chrome: Werbung in neuen Tabs

Windows 7 Chrome: Werbung in neuen Tabs


Log-Analyse und Auswertung: Windows 7 Chrome: Werbung in neuen Tabs

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.08.2014, 12:40   #1
JoeMansky
 
Windows 7 Chrome: Werbung in neuen Tabs - Standard

Windows 7 Chrome: Werbung in neuen Tabs


Hallo

Seit gestern öffnen sich in Facebook bei zufälligen Aktionen (Klick auf's Logo, Öffnen von weiteren Kommentaren, ...) ein oder mehrere Werbungsfenster in neuen Tabs.

Habe zuerst einen Malwarebytes Scan gemacht:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 13.08.2014
Scan Time: 22:11:41
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.13.07
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JoHelc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293208
Time Elapsed: 4 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, Quarantined, [110a0fb78eed15215dc93a300ef46d93], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, Quarantined, [b36875510576e74f77afed7db44edc24], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers, Quarantined, [b36875510576e74f77afed7db44edc24], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers.1, Quarantined, [b36875510576e74f77afed7db44edc24], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, Quarantined, [48d36066d1aacc6a02222abd936fcd33], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, Quarantined, [30eb7d49fe7dcf670b19499e946ece32], 
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [6bb066602a517db957cee10643bf1ae6], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api, Quarantined, [be5df5d19ddec175d450d21536ccb64a], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api.1, Quarantined, [b06b5f6708732b0b27fd0dda2fd334cc], 
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [d64506c09ae122149a8b1acd28dacd33], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [6daea125bbc0fe3882d78e6408fa1ce4], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 
PUP.Optional.Yontoo.A, C:\Users\JoHelc\AppData\Roaming\Yontoo, Quarantined, [93888a3cb3c8fd397f3bf4d19d65758b], 
PUP.Optional.Yontoo.A, C:\Users\JoHelc\AppData\Roaming\Yontoo\dat, Quarantined, [93888a3cb3c8fd397f3bf4d19d65758b], 
PUP.Optional.Yontoo.A, C:\Users\JoHelc\AppData\Roaming\Yontoo\dat\update, Quarantined, [93888a3cb3c8fd397f3bf4d19d65758b], 

Files: 5
PUP.Optional.Superfish.A, C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [0219fec80d6ea591cda0eb06847ed828], 
PUP.Optional.Superfish.A, C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [5ebd3e8824578da905680fe2fd0538c8], 
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\OptChrome.exe, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\sqlite3.exe, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 
PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe, Quarantined, [af6c695d4d2ea1959722c3024fb3d22e], 

Physical Sectors: 0
(No malicious items detected)


(end)
defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:41 on 13/08/2014 (JoHelc)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by JoHelc (administrator) on JOHELC-PC on 13-08-2014 22:42:55
Running from C:\Users\JoHelc\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\JoHelc\AppData\Roaming\Spotify\spotify.exe
(Flux Software LLC) C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(Google Inc.) C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\nacl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1126528 2012-04-30] (Check Point Software Technologies)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-06-21] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-08-13] (AVAST Software)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Google Update] => C:\Users\JoHelc\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-03] (Google Inc.)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify Web Helper] => C:\Users\JoHelc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-06] (Spotify Ltd)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [Spotify] => C:\Users\JoHelc\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-06] (Spotify Ltd)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [f.lux] => C:\Users\JoHelc\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [GoogleChromeAutoLaunch_2367883519264E435C4CA52430EF9559] => C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-1917241202-3899386211-2744974957-1000\...\Run: [MusicManager] => C:\Users\JoHelc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1000M Setup-Assistent.lnk
ShortcutTarget: NETGEAR WNA1000M Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA1000M\WNA1000M.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JoHelc\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Zonealarm Helper Object -> {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} -> C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll (Montera Technologeis LTD)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll (Montera Technologeis LTD)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\JoHelc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\JoHelc\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\JoHelc\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012-07-03]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012-07-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-13]

Chrome: 
=======
CHR HomePage: hxxp://www.google.at/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Users\JoHelc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Easy Auto Refresh) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2012-07-03]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-03]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2012-07-03]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-02-13]
CHR Extension: (Media Hint) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-05-21]
CHR Extension: (Google Drive) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-07-15]
CHR Extension: (YouTube) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-03]
CHR Extension: (Google+ Benachrichtigungen) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2012-07-03]
CHR Extension: (Random Bookmark) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfemjamlkkagdfdekjhggnlbdcpbdpc [2012-07-03]
CHR Extension: (Adblock Plus) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-07-03]
CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2012-12-05]
CHR Extension: (Gif Delayer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmfcdkambpljcndgdmaccaagladfnepa [2014-06-03]
CHR Extension: (Google-Suche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-03]
CHR Extension: (GExtend) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkjhlnnlabicokdgaecdeihkdlkdhjm [2012-07-03]
CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2013-01-03]
CHR Extension: (Google Kalender) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-07-03]
CHR Extension: (Google Play Music) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-07-10]
CHR Extension: (Chain Reaction) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2012-12-11]
CHR Extension: (AdBlock) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-03]
CHR Extension: (avast! Online Security) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-13]
CHR Extension: (Spotify Chrome Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2012-07-03]
CHR Extension: (SoundCloud Downloader) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbhfpgkfmfpjbdofhelpjdmeilbeopp [2012-11-09]
CHR Extension: (Google +1-Schaltfläche) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2012-07-03]
CHR Extension: (StumbleUpon) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2012-07-03]
CHR Extension: (Any.do Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-07-06]
CHR Extension: (Metric Conversions) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kninfdohcboilpapkmbbdmcfanlgflld [2014-05-03]
CHR Extension: (Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2014-07-17]
CHR Extension: (Evernote Web) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2012-07-03]
CHR Extension: (NextExt) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikijnjpcmngdnahmjihclokafpnniap [2012-11-14]
CHR Extension: (Ghostery) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-10-16]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Hover Zoom) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-03]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-07-03]
CHR Extension: (Select All) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcnbnhefnmjancehemliplicihbcjjb [2012-07-03]
CHR Extension: (https://www.google.at/publicdata/directory?hl) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbmpjekfjbabbfkiifjnokhniifopch [2013-12-09]
CHR Extension: (Click&Clean App) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-03]
CHR Extension: (Page Monitor) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-06-21]
CHR Extension: (Google Mail) - C:\Users\JoHelc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-13]
CHR StartMenuInternet: Google Chrome - C:\Users\JoHelc\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-13] (AVAST Software)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827520 2012-04-30] (Check Point Software Technologies)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445880 2012-06-21] (Check Point Software Technologies LTD)
R2 WlanWpsSvc; C:\Program Files (x86)\NETGEAR\WNA1000M\WlanWpsSvc.exe [167936 2011-06-30] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-13] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-13] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-10-22] () [File not signed]
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2012-04-30] (Check Point Software Technologies)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2012-01-09] (Kaspersky Lab)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-10-22] () [File not signed]
U0 mmiwhc; C:\Windows\System32\drivers\shsccsu.sys [79064 2014-08-13] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation                           )
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 22:42 - 2014-08-13 22:43 - 00025529 _____ () C:\Users\JoHelc\Desktop\FRST.txt
2014-08-13 22:42 - 2014-08-13 22:42 - 02100224 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe
2014-08-13 22:42 - 2014-08-13 22:42 - 00000000 ____D () C:\FRST
2014-08-13 22:40 - 2014-08-13 22:41 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log
2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable
2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe
2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster
2014-08-13 22:34 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox
2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-13 22:23 - 2014-08-13 22:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-13 22:22 - 2014-08-13 22:24 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407961442224
2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-13 22:19 - 2014-08-13 22:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-13 22:18 - 2014-08-13 22:19 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe
2014-08-13 22:16 - 2014-08-13 22:16 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\shsccsu.sys
2014-08-13 22:07 - 2014-08-13 22:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-13 22:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-13 22:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-13 22:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-13 22:06 - 2014-08-13 22:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-03 13:09 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 13:09 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 13:09 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 13:09 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 13:09 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 13:09 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 13:09 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 13:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 13:09 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 13:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-16 15:00 - 2014-07-16 15:00 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 15:00 - 2014-07-16 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 22:43 - 2014-08-13 22:42 - 00025529 _____ () C:\Users\JoHelc\Desktop\FRST.txt
2014-08-13 22:42 - 2014-08-13 22:42 - 02100224 _____ (Farbar) C:\Users\JoHelc\Desktop\FRST64.exe
2014-08-13 22:42 - 2014-08-13 22:42 - 00000000 ____D () C:\FRST
2014-08-13 22:41 - 2014-08-13 22:40 - 00000474 _____ () C:\Users\JoHelc\Desktop\defogger_disable.log
2014-08-13 22:40 - 2014-08-13 22:40 - 00000000 _____ () C:\Users\JoHelc\defogger_reenable
2014-08-13 22:40 - 2012-07-03 00:08 - 00000000 ____D () C:\Users\JoHelc
2014-08-13 22:39 - 2014-08-13 22:39 - 00050477 _____ () C:\Users\JoHelc\Desktop\Defogger.exe
2014-08-13 22:35 - 2014-08-13 22:35 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\DropboxMaster
2014-08-13 22:35 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Dropbox
2014-08-13 22:35 - 2012-07-03 00:22 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000UA.job
2014-08-13 22:34 - 2014-08-13 22:34 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\AVAST Software
2014-08-13 22:24 - 2014-08-13 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-13 22:24 - 2014-08-13 22:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-13 22:24 - 2014-08-13 22:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1407961442224
2014-08-13 22:22 - 2014-08-13 22:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-13 22:22 - 2014-08-13 22:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-13 22:22 - 2014-08-13 22:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-13 22:22 - 2014-08-13 22:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-13 22:20 - 2014-08-13 22:20 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-13 22:20 - 2014-08-13 22:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-13 22:19 - 2014-08-13 22:18 - 04862664 _____ (AVAST Software) C:\Users\JoHelc\Downloads\avast_free_antivirus_setup_online.exe
2014-08-13 22:16 - 2014-08-13 22:16 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\shsccsu.sys
2014-08-13 22:08 - 2014-08-13 22:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 22:07 - 2014-08-13 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-13 22:07 - 2014-08-13 22:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JoHelc\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-13 21:27 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Roaming\Spotify
2014-08-13 18:13 - 2012-07-03 00:08 - 02056780 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 17:27 - 2009-07-14 06:51 - 00296021 _____ () C:\Windows\setupact.log
2014-08-13 13:29 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 13:29 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 13:27 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-08-13 13:27 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-08-13 13:27 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 13:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 23:53 - 2012-07-03 00:22 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1917241202-3899386211-2744974957-1000Core.job
2014-08-04 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-04 15:58 - 2012-07-03 19:32 - 00000000 ____D () C:\Users\JoHelc\AppData\Local\Spotify
2014-07-16 15:01 - 2014-02-17 14:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-16 15:00 - 2014-07-16 15:00 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 15:00 - 2014-07-16 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 15:00 - 2014-02-17 14:52 - 00000000 ____D () C:\Program Files (x86)\Java

Some content of TEMP:
====================
C:\Users\JoHelc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptjztbg.dll
C:\Users\JoHelc\AppData\Local\Temp\DropDownDeals_Setup-C4_2013_03_14.exe
C:\Users\JoHelc\AppData\Local\Temp\FileSystemView.dll
C:\Users\JoHelc\AppData\Local\Temp\install_reader10_de_mssd_aih.exe
C:\Users\JoHelc\AppData\Local\Temp\JavaIC.dll
C:\Users\JoHelc\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\JoHelc\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\JoHelc\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\JoHelc\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\JoHelc\AppData\Local\Temp\msscct32.dll
C:\Users\JoHelc\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\JoHelc\AppData\Local\Temp\tmp6C68.exe
C:\Users\JoHelc\AppData\Local\Temp\tmpF99A.exe
C:\Users\JoHelc\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\JoHelc\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 00:28

==================== End Of Log ============================
GMER hat leider nicht funktioniert, es erschien eine Fehlermeldung dass es nicht ausgeführt werden kann.

Vielen Dank!

Jo

 

Themen zu Windows 7 Chrome: Werbung in neuen Tabs
benachrichtigungen, downloader, fehlermeldung, kaspersky, netgear, pup.optional.bettersurf.a, pup.optional.superfish.a, pup.optional.yontoo.a, realtek, refresh, security, services.exe, spotify web helper, svchost.exe, system, werbung, windows, winlogon.exe


« Vista: Infected.WebPage.Gen2 in Quarantäne | Win7: FF startet nicht, mbam findet einiges »


Ähnliche Themen: Windows 7 Chrome: Werbung in neuen Tabs


  1. Windows 7: Werbung öffnet sich in neuen Tabs, Anti-Vir funktioniert nicht
    Log-Analyse und Auswertung - 09.11.2015 (12)
  2. Werbung in neuen Tabs bei jeglichem Klicken durh Maus oder Tastatur
    Plagegeister aller Art und deren Bekämpfung - 08.09.2015 (6)
  3. Windows 7: Chrome öffnet automatisch Tabs mit Werbung
    Log-Analyse und Auswertung - 13.07.2015 (16)
  4. onclickads öffnet ständig Werbungen in neuen Tabs/Fenstern unter Windows 8 / Chrome
    Log-Analyse und Auswertung - 02.05.2015 (20)
  5. Windows 8.1 - youradexchange öffnet selbständig Tabs mit Werbung in Chrome
    Log-Analyse und Auswertung - 06.03.2015 (5)
  6. Google Chrome (auf Mac!) öffnet permanent automatisch Werbung in neuen Tabs
    Alles rund um Mac OSX & Linux - 03.03.2015 (3)
  7. Werbung poppt in neuen Tabs auf und ebenso springen auf Werbefenster auf
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (15)
  8. Windows 7, Google Chrome, neue Tabs (Werbung) öffnet sich dauernd beim Surfen
    Log-Analyse und Auswertung - 11.12.2014 (1)
  9. Windows 7: Chrome öffnet Fenster, Tabs und PopUps mit Werbung und Wörter doppelt blau unterstrichen
    Log-Analyse und Auswertung - 10.09.2014 (9)
  10. Chrome öffnet neuen Tab mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 20.08.2014 (7)
  11. Windows 7, Google Chrome, neue Tabs (Werbung) öffnet sich dauernd beim Surfen
    Log-Analyse und Auswertung - 04.07.2014 (7)
  12. Windows 7 Ultimate: Google Chrome öffnet von alleine neue Fenster mit Werbung oder neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 28.04.2014 (19)
  13. Windows 8: Internet langsam/stockend + ganz viel Werbung auf neuen Tabs
    Plagegeister aller Art und deren Bekämpfung - 26.04.2014 (34)
  14. Windows 8.1 Firefox: Problem mit Werbeseiten, Werbung beim Öffnen eines neuen Tabs
    Log-Analyse und Auswertung - 24.02.2014 (9)
  15. Windows 7 Google Chrome Tabs öffnen sich ständig im neuen Fenster
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (11)
  16. Firefox / Internet Explorer öffnet Werbung in neuen Tabs
    Log-Analyse und Auswertung - 11.02.2012 (7)
  17. Tabs Öffnen sich ständig im neuen fenster ! ABer KEINE WERBUNG
    Plagegeister aller Art und deren Bekämpfung - 15.07.2011 (21)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 Chrome: Werbung in neuen Tabs - Hallo Seit gestern öffnen sich in Facebook bei zufälligen Aktionen (Klick auf's Logo, Öffnen von weiteren Kommentaren, ...) ein oder mehrere Werbungsfenster in neuen Tabs. Habe zuerst einen Malwarebytes Scan - Windows 7 Chrome: Werbung in neuen Tabs...
Archiv
Du betrachtest: Windows 7 Chrome: Werbung in neuen Tabs auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131