Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8 x64 mit tr/atraps.gen - tr/atraps.gen2 befallen (https://www.trojaner-board.de/144998-windows-8-x64-tr-atraps-gen-tr-atraps-gen2-befallen.html)

schrauber 30.11.2013 13:47
Win DVD zur hand für ein Inplace Upgrade?

infizierter8 02.12.2013 10:13
Es sind leider keine CD´s mit dem Laptop mitgekommen.

schrauber 02.12.2013 11:48
Poste bitte nochmal ein frisches FSS und FRST logfile.

infizierter8 02.12.2013 17:50
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Tarik (administrator) on MIAMI on 02-12-2013 17:41:45
Running from C:\Users\Tarik\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(COMPANYVERS_NAME) C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(AMD) C:\windows\system32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(J. Eric Vaughan) C:\Program Files (x86)\Stay On Top\StayOnTop.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
(Microsoft Corporation) C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-26] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] - C:\Program Files\Toshiba\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKCU\...\Run: [VoipCheapCom] - C:\Program Files (x86)\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe [19782984 2013-11-13] (VoipCheapCom)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [Ad Muncher] - C:\Program Files (x86)\Ad Muncher\AdMunch.exe [595144 2013-11-23] (Murray Hurps Software Pty Ltd)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-10-31] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Tarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Tarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stay On Top.lnk
ShortcutTarget: Stay On Top.lnk -> C:\Users\Tarik\AppData\Roaming\Microsoft\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {69B3FFDC-18E5-468C-B5F4-CED04B269503} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM - {69B3FFDC-18E5-468C-B5F4-CED04B269503} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - DefaultScope {69B3FFDC-18E5-468C-B5F4-CED04B269503} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {69B3FFDC-18E5-468C-B5F4-CED04B269503} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - DefaultScope {590C33CF-31B7-4D2F-9939-E685F3A1FE36} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId=188EC0D9622DC21D
SearchScopes: HKCU - {590C33CF-31B7-4D2F-9939-E685F3A1FE36} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {69B3FFDC-18E5-468C-B5F4-CED04B269503} URL =
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 81.173.194.68 213.168.112.60

FireFox:
========
FF ProfilePath: C:\Users\Tarik\AppData\Roaming\Mozilla\Firefox\Profiles\eh6gejj5.default
FF user.js: detected! => C:\Users\Tarik\AppData\Roaming\Mozilla\Firefox\Profiles\eh6gejj5.default\user.js
FF Homepage: hxxp://www.pandora.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tarik\AppData\Roaming\Mozilla\Firefox\Profiles\eh6gejj5.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Tarik\AppData\Roaming\Mozilla\Firefox\Profiles\eh6gejj5.default\searchplugins\mixidj.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: mediahint - C:\Users\Tarik\AppData\Roaming\Mozilla\Firefox\Profiles\eh6gejj5.default\Extensions\mediahint@jetpack.xpi
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (MixiDj Chrome Toolbar) - C:\Users\Tarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-03-26] (COMPANYVERS_NAME)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-10-31] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-10-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [83160 2013-10-31] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Razerlow; C:\Windows\system32\drivers\Razerlow.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                          )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                          )
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 17:41 - 2013-12-02 17:41 - 00016156 _____ C:\Users\Tarik\Desktop\FRST.txt
2013-11-27 13:22 - 2013-11-27 13:22 - 00000000 ____D C:\windows\Sun
2013-11-27 13:21 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-27 13:21 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-27 13:21 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-27 13:21 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-27 13:20 - 2013-11-27 13:21 - 00004154 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-26 10:00 - 2013-11-26 10:00 - 01745052 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-11-26 09:38 - 2013-11-26 10:13 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2013-11-26 09:34 - 2013-11-26 09:34 - 00000207 _____ C:\windows\tweaking.com-regbackup-MIAMI-Microsoft-Windows-8-(64-bit).dat
2013-11-26 09:32 - 2013-11-26 09:32 - 00000000 ____D C:\RegBackup
2013-11-25 21:55 - 2013-11-25 21:55 - 02804572 _____ C:\Users\Tarik\Desktop\tweaking.com_windows_repair_aio.zip
2013-11-25 21:55 - 2013-11-25 21:55 - 00000000 ____D C:\Users\Tarik\Desktop\tweaking.com_windows_repair_aio
2013-11-25 21:54 - 2013-11-25 21:54 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-11-25 11:34 - 2013-11-25 11:34 - 00000000 ____D C:\Users\Tarik\Desktop\Campus WLAN
2013-11-24 12:28 - 2013-11-24 12:28 - 00360881 _____ (Farbar) C:\Users\Tarik\Desktop\FSS.exe
2013-11-24 12:09 - 2013-11-24 12:09 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Avira
2013-11-24 12:06 - 2013-11-24 12:06 - 00000000 ____D C:\ProgramData\Avira
2013-11-24 12:06 - 2013-11-24 12:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-24 12:06 - 2013-10-31 19:25 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-11-24 12:06 - 2013-10-31 19:25 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-11-24 12:06 - 2013-10-31 19:25 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-11-24 12:06 - 2013-10-31 19:25 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-11-23 20:01 - 2013-11-23 20:01 - 00000000 ____D C:\ProgramData\Ad Muncher
2013-11-23 20:01 - 2013-11-23 20:01 - 00000000 ____D C:\Program Files (x86)\Ad Muncher
2013-11-23 19:19 - 2013-11-19 11:21 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-22 04:40 - 2013-11-22 04:40 - 00377856 _____ C:\Users\Tarik\Desktop\vnqrj2rk.exe
2013-11-22 04:38 - 2013-11-22 04:38 - 00000000 _____ C:\Users\Tarik\defogger_reenable
2013-11-22 04:37 - 2013-11-22 04:37 - 00050477 _____ C:\Users\Tarik\Desktop\Defogger.exe
2013-11-21 21:24 - 2013-11-21 21:24 - 00000000 ____D C:\FRST
2013-11-21 21:23 - 2013-11-21 21:23 - 01957964 _____ (Farbar) C:\Users\Tarik\Desktop\FRST64.exe
2013-11-21 20:55 - 2013-11-21 20:55 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-21 20:54 - 2013-11-21 20:54 - 02347384 _____ (ESET) C:\Users\Tarik\Desktop\esetsmartinstaller_enu.exe
2013-11-21 20:10 - 2013-11-21 20:10 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Malwarebytes
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-21 20:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-21 18:23 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-21 18:23 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-21 18:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2013-11-21 18:21 - 2013-11-21 22:00 - 00000000 ____D C:\Qoobox
2013-11-21 18:20 - 2013-11-21 19:59 - 00000000 ____D C:\windows\erdnt
2013-11-21 18:18 - 2013-11-21 18:19 - 05146522 ____R (Swearware) C:\Users\Tarik\Desktop\ComboFix.exe
2013-11-18 17:43 - 2013-11-18 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 21:41 - 2013-11-16 21:41 - 793032043 _____ C:\windows\MEMORY.DMP
2013-11-16 21:41 - 2013-11-16 21:41 - 00310424 _____ C:\windows\system32\FNTCACHE.DAT
2013-11-15 10:40 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 10:40 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-13 04:54 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-11-13 04:54 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-11-13 04:54 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2013-11-13 04:54 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-11-13 04:54 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-11-13 04:54 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-11-13 04:54 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2013-11-13 04:54 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-11-13 04:54 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2013-11-13 04:54 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2013-11-13 04:54 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2013-11-13 04:54 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2013-11-13 04:54 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2013-11-13 04:54 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2013-11-13 04:54 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2013-11-13 04:54 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 04:54 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2013-11-13 04:54 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2013-11-13 04:54 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2013-11-13 04:53 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2013-11-13 04:53 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 04:53 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2013-11-13 04:53 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 04:53 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-13 04:53 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-13 04:53 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-13 04:53 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-11-13 04:53 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-11-13 04:53 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-11-13 04:53 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-11-13 04:53 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-11-13 04:53 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-11-13 04:53 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-11-13 04:53 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-13 04:51 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-13 04:51 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-13 04:51 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-13 04:51 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-13 04:51 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-13 04:51 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-13 04:51 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-13 04:51 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-13 04:51 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-13 04:51 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-13 04:51 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-13 04:51 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-13 04:51 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 04:51 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 04:51 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-13 04:51 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2013-11-13 04:51 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2013-11-12 13:13 - 2013-11-12 13:14 - 00000000 ____D C:\Program Files\MetaTrader 5 - Alpari
2013-11-11 12:52 - 2013-11-18 17:25 - 00020904 _____ C:\Users\Tarik\Desktop\Scalping Rausch.ods
2013-11-07 22:48 - 2013-11-07 22:48 - 00311405 _____ C:\Users\Tarik\Desktop\SCALPING RAUSCH 2.0.zip
2013-11-06 09:54 - 2013-11-12 09:45 - 00000000 ____D C:\Users\Tarik\Desktop\Daniel-grid

==================== One Month Modified Files and Folders =======

2013-12-02 17:42 - 2013-12-02 17:41 - 00016156 _____ C:\Users\Tarik\Desktop\FRST.txt
2013-12-02 17:40 - 2013-06-17 18:33 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-02 17:40 - 2013-03-10 14:54 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Skype
2013-12-02 17:40 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-12-02 17:39 - 2013-07-10 12:36 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 17:39 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2013-12-02 10:51 - 2013-07-10 12:36 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 10:27 - 2013-03-10 03:45 - 01714457 _____ C:\windows\WindowsUpdate.log
2013-11-29 09:06 - 2013-10-28 18:27 - 00026198 _____ C:\Users\Tarik\Desktop\5pips260x.ods
2013-11-27 13:37 - 2013-03-22 07:19 - 00739386 _____ C:\windows\system32\perfh007.dat
2013-11-27 13:37 - 2013-03-22 07:19 - 00151806 _____ C:\windows\system32\perfc007.dat
2013-11-27 13:37 - 2012-07-26 08:28 - 01745226 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-27 13:33 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-27 13:32 - 2012-11-15 05:36 - 01514568 _____ C:\windows\PFRO.log
2013-11-27 13:22 - 2013-11-27 13:22 - 00000000 ____D C:\windows\Sun
2013-11-27 13:21 - 2013-11-27 13:20 - 00004154 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-27 13:21 - 2013-09-24 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-27 13:21 - 2013-09-24 17:23 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-26 10:13 - 2013-11-26 09:38 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2013-11-26 10:12 - 2012-07-26 06:26 - 00000128 _____ C:\windows\win.ini
2013-11-26 10:00 - 2013-11-26 10:00 - 01745052 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-11-26 09:34 - 2013-11-26 09:34 - 00000207 _____ C:\windows\tweaking.com-regbackup-MIAMI-Microsoft-Windows-8-(64-bit).dat
2013-11-26 09:32 - 2013-11-26 09:32 - 00000000 ____D C:\RegBackup
2013-11-25 21:55 - 2013-11-25 21:55 - 02804572 _____ C:\Users\Tarik\Desktop\tweaking.com_windows_repair_aio.zip
2013-11-25 21:55 - 2013-11-25 21:55 - 00000000 ____D C:\Users\Tarik\Desktop\tweaking.com_windows_repair_aio
2013-11-25 21:54 - 2013-11-25 21:54 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-11-25 11:34 - 2013-11-25 11:34 - 00000000 ____D C:\Users\Tarik\Desktop\Campus WLAN
2013-11-24 12:28 - 2013-11-24 12:28 - 00360881 _____ (Farbar) C:\Users\Tarik\Desktop\FSS.exe
2013-11-24 12:09 - 2013-11-24 12:09 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Avira
2013-11-24 12:06 - 2013-11-24 12:06 - 00000000 ____D C:\ProgramData\Avira
2013-11-24 12:06 - 2013-11-24 12:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-23 20:01 - 2013-11-23 20:01 - 00000000 ____D C:\ProgramData\Ad Muncher
2013-11-23 20:01 - 2013-11-23 20:01 - 00000000 ____D C:\Program Files (x86)\Ad Muncher
2013-11-23 19:48 - 2013-03-10 13:40 - 00000000 ____D C:\Users\Tarik\AppData\Local\CrashDumps
2013-11-22 22:57 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-11-22 09:37 - 2013-10-27 15:27 - 00000261 _____ C:\Users\Tarik\Desktop\Neues Textdokument.txt
2013-11-22 04:40 - 2013-11-22 04:40 - 00377856 _____ C:\Users\Tarik\Desktop\vnqrj2rk.exe
2013-11-22 04:38 - 2013-11-22 04:38 - 00000000 _____ C:\Users\Tarik\defogger_reenable
2013-11-22 04:38 - 2013-03-10 03:10 - 00000000 ____D C:\Users\Tarik
2013-11-22 04:37 - 2013-11-22 04:37 - 00050477 _____ C:\Users\Tarik\Desktop\Defogger.exe
2013-11-21 22:00 - 2013-11-21 18:21 - 00000000 ____D C:\Qoobox
2013-11-21 21:52 - 2012-07-26 06:26 - 00000215 _____ C:\windows\system.ini
2013-11-21 21:24 - 2013-11-21 21:24 - 00000000 ____D C:\FRST
2013-11-21 21:23 - 2013-11-21 21:23 - 01957964 _____ (Farbar) C:\Users\Tarik\Desktop\FRST64.exe
2013-11-21 20:55 - 2013-11-21 20:55 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-21 20:54 - 2013-11-21 20:54 - 02347384 _____ (ESET) C:\Users\Tarik\Desktop\esetsmartinstaller_enu.exe
2013-11-21 20:10 - 2013-11-21 20:10 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Malwarebytes
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-21 20:04 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2013-11-21 19:59 - 2013-11-21 18:20 - 00000000 ____D C:\windows\erdnt
2013-11-21 19:09 - 2013-06-03 00:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-21 18:19 - 2013-11-21 18:18 - 05146522 ____R (Swearware) C:\Users\Tarik\Desktop\ComboFix.exe
2013-11-21 14:24 - 2013-07-10 12:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-21 14:23 - 2013-06-18 11:07 - 00000000 ____D C:\Users\Tarik\AppData\Local\Google
2013-11-20 22:55 - 2013-03-10 14:30 - 00000000 ____D C:\Users\Tarik\Desktop\SVE
2013-11-20 12:38 - 2013-03-10 15:47 - 00000000 ____D C:\Users\Tarik\AppData\Local\Paint.NET
2013-11-19 11:21 - 2013-11-23 19:19 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-18 17:43 - 2013-11-18 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-18 17:25 - 2013-11-11 12:52 - 00020904 _____ C:\Users\Tarik\Desktop\Scalping Rausch.ods
2013-11-16 21:41 - 2013-11-16 21:41 - 793032043 _____ C:\windows\MEMORY.DMP
2013-11-16 21:41 - 2013-11-16 21:41 - 00310424 _____ C:\windows\system32\FNTCACHE.DAT
2013-11-16 21:41 - 2013-10-29 10:33 - 00000000 ____D C:\windows\Minidump
2013-11-16 15:11 - 2013-03-10 14:54 - 00000000 ____D C:\ProgramData\Skype
2013-11-16 15:10 - 2013-03-10 14:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-15 11:04 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache
2013-11-15 10:34 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2013-11-15 10:33 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ToastData
2013-11-13 16:02 - 2013-05-22 21:55 - 00000000 _____ C:\END
2013-11-13 10:27 - 2013-08-16 02:00 - 00000000 ____D C:\windows\system32\MRT
2013-11-13 10:23 - 2013-03-19 04:11 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-12 19:41 - 2013-03-09 23:21 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\TeamViewer
2013-11-12 13:14 - 2013-11-12 13:13 - 00000000 ____D C:\Program Files\MetaTrader 5 - Alpari
2013-11-12 09:45 - 2013-11-06 09:54 - 00000000 ____D C:\Users\Tarik\Desktop\Daniel-grid
2013-11-07 22:48 - 2013-11-07 22:48 - 00311405 _____ C:\Users\Tarik\Desktop\SCALPING RAUSCH 2.0.zip
2013-11-05 23:58 - 2013-11-15 10:40 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-15 10:40 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Tarik\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-19 03:01

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Farbar Service Scanner Version: 23-11-2013
Ran by Tarik (administrator) on 02-12-2013 at 17:47:09
Running from "C:\Users\Tarik\Desktop"
Microsoft Windows 8  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to retrieve ServiceDll of RemoteAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-13 04:53] - [2013-09-04 04:11] - 0576512 ____A (Microsoft Corporation) 7C0E0EDF18D6CC565D7BFBB451709FA5

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-13 04:53] - [2013-10-10 10:20] - 0723968 ____A (Microsoft Corporation) 53AA55632B94622F2DC3695E86EF9363

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

schrauber 03.12.2013 10:31
http://download.bleepingcomputer.com...moteAccess.reg
http://download.bleepingcomputer.com.../WinDefend.reg

Beides auf dem Desktop speichern, ausführen mit Rechtsklick als admin, erlauben.

Frisches FRST und FSS log bitte.

infizierter8 03.12.2013 13:46

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Tarik (administrator) on MIAMI on 03-12-2013 13:40:06
Running from C:\Users\Tarik\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(COMPANYVERS_NAME) C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(AMD) C:\windows\system32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(J. Eric Vaughan) C:\Program Files (x86)\Stay On Top\StayOnTop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-26] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] - C:\Program Files\Toshiba\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKCU\...\Run: [VoipCheapCom] - C:\Program Files (x86)\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe [19782984 2013-11-13] (VoipCheapCom)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [Ad Muncher] - C:\Program Files (x86)\Ad Muncher\AdMunch.exe [595144 2013-11-23] (Murray Hurps Software Pty Ltd)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-10-31] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Tarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Tarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stay On Top.lnk
ShortcutTarget: Stay On Top.lnk -> C:\Users\Tarik\AppData\Roaming\Microsoft\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {69B3FFDC-18E5-468C-B5F4-CED04B269503} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM - {69B3FFDC-18E5-468C-B5F4-CED04B269503} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - DefaultScope {69B3FFDC-18E5-468C-B5F4-CED04B269503} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {69B3FFDC-18E5-468C-B5F4-CED04B269503} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - DefaultScope {590C33CF-31B7-4D2F-9939-E685F3A1FE36} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId=188EC0D9622DC21D
SearchScopes: HKCU - {590C33CF-31B7-4D2F-9939-E685F3A1FE36} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {69B3FFDC-18E5-468C-B5F4-CED04B269503} URL =
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 04 %SystemRoot%\System32\mswsock.dll [355328] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 81.173.194.68 213.168.112.60

FireFox:
========
FF ProfilePath: C:\Users\Tarik\AppData\Roaming\Mozilla\Firefox\Profiles\eh6gejj5.default
FF user.js: detected! => C:\Users\Tarik\AppData\Roaming\Mozilla\Firefox\Profiles\eh6gejj5.default\user.js
FF Homepage: hxxp://www.pandora.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tarik\AppData\Roaming\Mozilla\Firefox\Profiles\eh6gejj5.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Tarik\AppData\Roaming\Mozilla\Firefox\Profiles\eh6gejj5.default\searchplugins\mixidj.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: mediahint - C:\Users\Tarik\AppData\Roaming\Mozilla\Firefox\Profiles\eh6gejj5.default\Extensions\mediahint@jetpack.xpi
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (MixiDj Chrome Toolbar) - C:\Users\Tarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.3.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-03-26] (COMPANYVERS_NAME)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-10-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [83160 2013-10-31] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Razerlow; C:\Windows\system32\drivers\Razerlow.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                          )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                          )
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 13:40 - 2013-12-03 13:40 - 00015566 _____ C:\Users\Tarik\Desktop\FRST.txt
2013-12-03 13:38 - 2013-12-03 13:38 - 00039108 _____ C:\Users\Tarik\Desktop\RemoteAccess.reg
2013-12-03 13:38 - 2013-12-03 13:38 - 00007164 _____ C:\Users\Tarik\Desktop\WinDefend.reg
2013-11-27 13:22 - 2013-11-27 13:22 - 00000000 ____D C:\windows\Sun
2013-11-27 13:21 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-27 13:21 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-27 13:21 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-27 13:21 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-27 13:20 - 2013-11-27 13:21 - 00004154 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-26 10:00 - 2013-11-26 10:00 - 01745052 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-11-26 09:38 - 2013-11-26 10:13 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2013-11-26 09:34 - 2013-11-26 09:34 - 00000207 _____ C:\windows\tweaking.com-regbackup-MIAMI-Microsoft-Windows-8-(64-bit).dat
2013-11-26 09:32 - 2013-11-26 09:32 - 00000000 ____D C:\RegBackup
2013-11-25 21:55 - 2013-11-25 21:55 - 02804572 _____ C:\Users\Tarik\Desktop\tweaking.com_windows_repair_aio.zip
2013-11-25 21:55 - 2013-11-25 21:55 - 00000000 ____D C:\Users\Tarik\Desktop\tweaking.com_windows_repair_aio
2013-11-25 21:54 - 2013-11-25 21:54 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-11-25 11:34 - 2013-11-25 11:34 - 00000000 ____D C:\Users\Tarik\Desktop\Campus WLAN
2013-11-24 12:28 - 2013-11-24 12:28 - 00360881 _____ (Farbar) C:\Users\Tarik\Desktop\FSS.exe
2013-11-24 12:09 - 2013-11-24 12:09 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Avira
2013-11-24 12:06 - 2013-12-03 13:35 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-11-24 12:06 - 2013-11-24 12:06 - 00000000 ____D C:\ProgramData\Avira
2013-11-24 12:06 - 2013-11-24 12:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-24 12:06 - 2013-10-31 19:25 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-11-24 12:06 - 2013-10-31 19:25 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-11-24 12:06 - 2013-10-31 19:25 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-11-23 20:01 - 2013-11-23 20:01 - 00000000 ____D C:\ProgramData\Ad Muncher
2013-11-23 20:01 - 2013-11-23 20:01 - 00000000 ____D C:\Program Files (x86)\Ad Muncher
2013-11-23 19:19 - 2013-11-19 11:21 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-22 04:40 - 2013-11-22 04:40 - 00377856 _____ C:\Users\Tarik\Desktop\vnqrj2rk.exe
2013-11-22 04:38 - 2013-11-22 04:38 - 00000000 _____ C:\Users\Tarik\defogger_reenable
2013-11-22 04:37 - 2013-11-22 04:37 - 00050477 _____ C:\Users\Tarik\Desktop\Defogger.exe
2013-11-21 21:24 - 2013-11-21 21:24 - 00000000 ____D C:\FRST
2013-11-21 21:23 - 2013-11-21 21:23 - 01957964 _____ (Farbar) C:\Users\Tarik\Desktop\FRST64.exe
2013-11-21 20:55 - 2013-11-21 20:55 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-21 20:54 - 2013-11-21 20:54 - 02347384 _____ (ESET) C:\Users\Tarik\Desktop\esetsmartinstaller_enu.exe
2013-11-21 20:10 - 2013-11-21 20:10 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Malwarebytes
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-21 20:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-21 18:23 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-21 18:23 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-21 18:23 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2013-11-21 18:23 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2013-11-21 18:21 - 2013-11-21 22:00 - 00000000 ____D C:\Qoobox
2013-11-21 18:20 - 2013-11-21 19:59 - 00000000 ____D C:\windows\erdnt
2013-11-21 18:18 - 2013-11-21 18:19 - 05146522 ____R (Swearware) C:\Users\Tarik\Desktop\ComboFix.exe
2013-11-18 17:43 - 2013-11-18 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 21:41 - 2013-11-16 21:41 - 793032043 _____ C:\windows\MEMORY.DMP
2013-11-16 21:41 - 2013-11-16 21:41 - 00310424 _____ C:\windows\system32\FNTCACHE.DAT
2013-11-15 10:40 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 10:40 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-13 04:54 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-11-13 04:54 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-11-13 04:54 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2013-11-13 04:54 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-11-13 04:54 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-11-13 04:54 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-11-13 04:54 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2013-11-13 04:54 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-11-13 04:54 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2013-11-13 04:54 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2013-11-13 04:54 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2013-11-13 04:54 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2013-11-13 04:54 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2013-11-13 04:54 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2013-11-13 04:54 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2013-11-13 04:54 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 04:54 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2013-11-13 04:54 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2013-11-13 04:54 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2013-11-13 04:53 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2013-11-13 04:53 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 04:53 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2013-11-13 04:53 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 04:53 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-13 04:53 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-13 04:53 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-13 04:53 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-11-13 04:53 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-11-13 04:53 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-11-13 04:53 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-11-13 04:53 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-11-13 04:53 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-11-13 04:53 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-11-13 04:53 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-13 04:51 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-13 04:51 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-13 04:51 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-13 04:51 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-13 04:51 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-13 04:51 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-13 04:51 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-13 04:51 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-13 04:51 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-13 04:51 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-13 04:51 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-13 04:51 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-13 04:51 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-13 04:51 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 04:51 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 04:51 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-13 04:51 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2013-11-13 04:51 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2013-11-12 13:13 - 2013-11-12 13:14 - 00000000 ____D C:\Program Files\MetaTrader 5 - Alpari
2013-11-11 12:52 - 2013-11-18 17:25 - 00020904 _____ C:\Users\Tarik\Desktop\Scalping Rausch.ods
2013-11-06 09:54 - 2013-11-12 09:45 - 00000000 ____D C:\Users\Tarik\Desktop\Daniel-grid

==================== One Month Modified Files and Folders =======

2013-12-03 13:40 - 2013-12-03 13:40 - 00015566 _____ C:\Users\Tarik\Desktop\FRST.txt
2013-12-03 13:40 - 2013-06-17 18:33 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 13:39 - 2013-03-10 14:54 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Skype
2013-12-03 13:38 - 2013-12-03 13:38 - 00039108 _____ C:\Users\Tarik\Desktop\RemoteAccess.reg
2013-12-03 13:38 - 2013-12-03 13:38 - 00007164 _____ C:\Users\Tarik\Desktop\WinDefend.reg
2013-12-03 13:37 - 2013-03-22 07:19 - 00739386 _____ C:\windows\system32\perfh007.dat
2013-12-03 13:37 - 2013-03-22 07:19 - 00151806 _____ C:\windows\system32\perfc007.dat
2013-12-03 13:37 - 2012-07-26 08:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-03 13:35 - 2013-11-24 12:06 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-03 13:34 - 2013-07-10 12:36 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 13:31 - 2012-07-26 09:12 - 00000000 ____D C:\windows\system32\sru
2013-12-02 20:51 - 2013-07-10 12:36 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 18:58 - 2013-03-10 03:45 - 01238033 _____ C:\windows\WindowsUpdate.log
2013-12-02 17:52 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-11-29 09:06 - 2013-10-28 18:27 - 00026198 _____ C:\Users\Tarik\Desktop\5pips260x.ods
2013-11-27 13:33 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-27 13:32 - 2012-11-15 05:36 - 01514568 _____ C:\windows\PFRO.log
2013-11-27 13:22 - 2013-11-27 13:22 - 00000000 ____D C:\windows\Sun
2013-11-27 13:21 - 2013-11-27 13:20 - 00004154 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-27 13:21 - 2013-09-24 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-27 13:21 - 2013-09-24 17:23 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-26 10:13 - 2013-11-26 09:38 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2013-11-26 10:12 - 2012-07-26 06:26 - 00000128 _____ C:\windows\win.ini
2013-11-26 10:00 - 2013-11-26 10:00 - 01745052 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-11-26 09:34 - 2013-11-26 09:34 - 00000207 _____ C:\windows\tweaking.com-regbackup-MIAMI-Microsoft-Windows-8-(64-bit).dat
2013-11-26 09:32 - 2013-11-26 09:32 - 00000000 ____D C:\RegBackup
2013-11-25 21:55 - 2013-11-25 21:55 - 02804572 _____ C:\Users\Tarik\Desktop\tweaking.com_windows_repair_aio.zip
2013-11-25 21:55 - 2013-11-25 21:55 - 00000000 ____D C:\Users\Tarik\Desktop\tweaking.com_windows_repair_aio
2013-11-25 21:54 - 2013-11-25 21:54 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-11-25 11:34 - 2013-11-25 11:34 - 00000000 ____D C:\Users\Tarik\Desktop\Campus WLAN
2013-11-24 12:28 - 2013-11-24 12:28 - 00360881 _____ (Farbar) C:\Users\Tarik\Desktop\FSS.exe
2013-11-24 12:09 - 2013-11-24 12:09 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Avira
2013-11-24 12:06 - 2013-11-24 12:06 - 00000000 ____D C:\ProgramData\Avira
2013-11-24 12:06 - 2013-11-24 12:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-23 20:01 - 2013-11-23 20:01 - 00000000 ____D C:\ProgramData\Ad Muncher
2013-11-23 20:01 - 2013-11-23 20:01 - 00000000 ____D C:\Program Files (x86)\Ad Muncher
2013-11-23 19:48 - 2013-03-10 13:40 - 00000000 ____D C:\Users\Tarik\AppData\Local\CrashDumps
2013-11-22 22:57 - 2012-07-26 06:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-11-22 09:37 - 2013-10-27 15:27 - 00000261 _____ C:\Users\Tarik\Desktop\Neues Textdokument.txt
2013-11-22 04:40 - 2013-11-22 04:40 - 00377856 _____ C:\Users\Tarik\Desktop\vnqrj2rk.exe
2013-11-22 04:38 - 2013-11-22 04:38 - 00000000 _____ C:\Users\Tarik\defogger_reenable
2013-11-22 04:38 - 2013-03-10 03:10 - 00000000 ____D C:\Users\Tarik
2013-11-22 04:37 - 2013-11-22 04:37 - 00050477 _____ C:\Users\Tarik\Desktop\Defogger.exe
2013-11-21 22:00 - 2013-11-21 18:21 - 00000000 ____D C:\Qoobox
2013-11-21 21:52 - 2012-07-26 06:26 - 00000215 _____ C:\windows\system.ini
2013-11-21 21:24 - 2013-11-21 21:24 - 00000000 ____D C:\FRST
2013-11-21 21:23 - 2013-11-21 21:23 - 01957964 _____ (Farbar) C:\Users\Tarik\Desktop\FRST64.exe
2013-11-21 20:55 - 2013-11-21 20:55 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-21 20:54 - 2013-11-21 20:54 - 02347384 _____ (ESET) C:\Users\Tarik\Desktop\esetsmartinstaller_enu.exe
2013-11-21 20:10 - 2013-11-21 20:10 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Malwarebytes
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-21 20:10 - 2013-11-21 20:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-21 20:04 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2013-11-21 19:59 - 2013-11-21 18:20 - 00000000 ____D C:\windows\erdnt
2013-11-21 19:09 - 2013-06-03 00:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-21 18:19 - 2013-11-21 18:18 - 05146522 ____R (Swearware) C:\Users\Tarik\Desktop\ComboFix.exe
2013-11-21 14:24 - 2013-07-10 12:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-21 14:23 - 2013-06-18 11:07 - 00000000 ____D C:\Users\Tarik\AppData\Local\Google
2013-11-20 22:55 - 2013-03-10 14:30 - 00000000 ____D C:\Users\Tarik\Desktop\SVE
2013-11-20 12:38 - 2013-03-10 15:47 - 00000000 ____D C:\Users\Tarik\AppData\Local\Paint.NET
2013-11-19 11:21 - 2013-11-23 19:19 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-18 17:43 - 2013-11-18 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-18 17:25 - 2013-11-11 12:52 - 00020904 _____ C:\Users\Tarik\Desktop\Scalping Rausch.ods
2013-11-16 21:41 - 2013-11-16 21:41 - 793032043 _____ C:\windows\MEMORY.DMP
2013-11-16 21:41 - 2013-11-16 21:41 - 00310424 _____ C:\windows\system32\FNTCACHE.DAT
2013-11-16 21:41 - 2013-10-29 10:33 - 00000000 ____D C:\windows\Minidump
2013-11-16 15:11 - 2013-03-10 14:54 - 00000000 ____D C:\ProgramData\Skype
2013-11-16 15:10 - 2013-03-10 14:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-15 11:04 - 2012-07-26 09:12 - 00000000 ____D C:\windows\rescache
2013-11-15 10:34 - 2012-07-26 09:12 - 00000000 ____D C:\windows\WinStore
2013-11-15 10:33 - 2012-07-26 09:12 - 00000000 ___RD C:\windows\ToastData
2013-11-13 16:02 - 2013-05-22 21:55 - 00000000 _____ C:\END
2013-11-13 10:27 - 2013-08-16 02:00 - 00000000 ____D C:\windows\system32\MRT
2013-11-13 10:23 - 2013-03-19 04:11 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-12 19:41 - 2013-03-09 23:21 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\TeamViewer
2013-11-12 13:14 - 2013-11-12 13:13 - 00000000 ____D C:\Program Files\MetaTrader 5 - Alpari
2013-11-12 09:45 - 2013-11-06 09:54 - 00000000 ____D C:\Users\Tarik\Desktop\Daniel-grid
2013-11-05 23:58 - 2013-11-15 10:40 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-15 10:40 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Tarik\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 18:03

==================== End Of Log ============================
--- --- ---


Code:
Farbar Service Scanner Version: 23-11-2013
Ran by Tarik (administrator) on 03-12-2013 at 13:42:16
Running from "C:\Users\Tarik\Desktop"
Microsoft Windows 8  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-13 04:53] - [2013-09-04 04:11] - 0576512 ____A (Microsoft Corporation) 7C0E0EDF18D6CC565D7BFBB451709FA5

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-13 04:53] - [2013-10-10 10:20] - 0723968 ____A (Microsoft Corporation) 53AA55632B94622F2DC3695E86EF9363

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

schrauber 04.12.2013 10:29
Noch probleme?

infizierter8 04.12.2013 11:26
Es ist noch die gleiche Situation:

Zitat:
Zitat von infizierter8 (Beitrag 1202613)
Das Wartugscenter zeigt noch folgende Probleme an, ich kann den Windows Defender nicht aktivieren, auch wenn Avira aus ist
http://s1.directupload.net/images/131127/no9j97n5.png

PS: Ist mein System wieder sauber, kann ich online Banking wieder nutzen?

schrauber 05.12.2013 08:27
Welche Fehlermeldung bekommst Du wenn du den Defender aktivieren willst? Onlinebanking ja, aber sowieso nur SMS-Tan oder ChipTan, und passwörter ändern.

infizierter8 05.12.2013 08:39
Es öffnet sich der ordner System32

http://s1.directupload.net/images/131205/uqpqe66q.jpg


meine frage war undeutlich sorry, kann ich nun alle Seiten wieder besuchen in denen ein Passwort nötig ist.
z.b. email,skype,foren etc.

schrauber 05.12.2013 13:08
Ja, aber vorher PW ändern.

Zitat:
Es öffnet sich der ordner System32
versteh ich nicht. Kannste mir davon mal einen Screenshot machen?

infizierter8 05.12.2013 18:02
Siehe vorletzten Screenshot, da drücke ich auf "jetzt aktivieren", dann öffnet sich System32(letzter Screenshot)


kannst du die Bilder sehen?

schrauber 06.12.2013 10:23
Nee verdammt, geht auf Arbeit nicht. Schick mir bitte heute Abend eine PM, ich schau dann von zu Hause auf den Screenshot.

infizierter8 07.12.2013 15:49
kannst du die Screenshots sehen?

schrauber 08.12.2013 07:27
Ja.

http://download.bleepingcomputer.com.../WinDefend.reg

Laden, speichern, ausführen und erlauben.

Frisches FSS log bitte. Geht Defender?


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:08 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19