Trojaner-Board - nationzoom ist immer noch da

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - nationzoom ist immer noch da (https://www.trojaner-board.de/146312-nationzoom-immer-noch.html)

nationzoom ist immer noch da

Guten Tag, ich bitte um Hilfe.

Vor einigen Tagen habe ich mir Nationzoom eingefangen. Nachdem ich avira free, avast free, Spybot und WRC cleaner über meinen PC habe laufen lassen, öffnet sich stets nach dem Firefox Start Nationzoom statt meiner eingestellten Startseite.

Anbei die von Ihnen als Zip geforderten Logdateien.

Vielen Dank für Ihre Hilfe

Bastek

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2013 02

Ran by Sebastian at 2013-12-16 11:11:26

Running from C:\Users\Sebastian\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 

==================== Installed Programs ======================
 

64 Bit HP CIO Components Installer (Version: 7.2.8)

Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)

Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)

AIO_Scan (x32 Version: 130.0.365.000)

AMD APP SDK Runtime (Version: 2.4.650.9)

Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.3.0)

ATI Catalyst Install Manager (Version: 3.0.829.0)

avast! Free Antivirus (x32 Version: 9.0.2007)

BufferChm (x32 Version: 130.0.331.000)

C7200 (x32 Version: 130.0.365.000)

C7200_Help (x32 Version: 100.0.206.000)

Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)

Copy (x32 Version: 130.0.428.000)

Destinations (x32 Version: 130.0.0.0)

DeviceDiscovery (x32 Version: 130.0.465.000)

dm-Fotowelt (x32 Version: 5.0.4)

DocProc (x32 Version: 13.0.0.0)

EasyProfil (x32 Version: 3.0)

ElsterFormular (x32 Version: 14.1.20130301)

Fax (x32 Version: 130.0.418.000)

Free YouTube to MP3 Converter version 3.12.1.320 (x32 Version: 3.12.1.320)

Google Earth Plug-in (x32 Version: 7.1.2.2041)

Google Update Helper (x32 Version: 1.3.22.3)

GPBaseService2 (x32 Version: 130.0.371.000)

HP Imaging Device Functions 13.0 (Version: 13.0)

HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0)

HP Smart Web Printing 4.51 (Version: 4.51)

HP Solution Center 13.0 (Version: 13.0)

HP Update (x32 Version: 5.005.000.001)

HPDiagnosticAlert (x32 Version: 1.00.0000)

HPPhotoGadget (x32 Version: 130.0.282.000)

HPProductAssistant (x32 Version: 130.0.371.000)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9.8)

MetaTrader 5 - ActivTrades (Version: 5.00)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)

Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)

Microsoft Office XP Professional mit FrontPage (x32 Version: 10.0.6626.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)

Mozilla Maintenance Service (x32 Version: 24.1.1)

Mozilla Thunderbird 24.1.1 (x86 de) (x32 Version: 24.1.1)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Network64 (Version: 130.0.572.000)

Network64 (Version: 140.0.221.000)

NVIDIA Display Control Panel (Version: 6.14.12.5896)

NVIDIA Grafiktreiber 307.83 (Version: 307.83)

NVIDIA Install Application (Version: 2.1002.109.706)

NVIDIA Systemsteuerung 307.83 (Version: 307.83)

NVIDIA Update 1.10.8 (Version: 1.10.8)

NVIDIA Update Components (Version: 1.10.8)

OCR Software by I.R.I.S. 13.0 (Version: 13.0)

OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)

PDF Architect (x32 Version: 1.0.52.8917)

PDFCreator (x32 Version: 1.7.0)

PS_AIO_02_ProductContext (x32 Version: 130.0.365.000)

PS_AIO_02_Software (x32 Version: 130.0.365.000)

PS_AIO_02_Software_Min (x32 Version: 130.0.365.000)

PVSonyDll (Version: 1.00.0001)

Realtek Ethernet Controller Driver (x32 Version: 7.50.1123.2011)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)

Scan (x32 Version: 13.0.0.0)

SmartTools Publishing • Word AutoBackup (x32 Version: v2.01)

SmartWebPrinting (x32 Version: 130.0.457.000)

SolutionCenter (x32 Version: 130.0.373.000)

Status (x32 Version: 130.0.469.000)

Toolbox (x32 Version: 130.0.648.000)

TrayApp (x32 Version: 130.0.422.000)

UnloadSupport (x32 Version: 11.0.0)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)

VR-NetWorld (x32)

WebReg (x32 Version: 130.0.132.017)

Wise Registry Cleaner 7.91 (x32 Version: 7.91)
 

==================== Restore Points  =========================
 

22-11-2013 17:52:31 Windows Update

26-11-2013 16:28:40 Windows Update

26-11-2013 19:24:56 Windows Update

08-12-2013 09:44:00 Windows Update

13-12-2013 18:14:02 Windows Update

13-12-2013 18:26:38 Windows Update

14-12-2013 08:02:22 Windows Update

16-12-2013 07:15:58 avast! antivirus system restore point
 

==================== Hosts content: ==========================
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem

Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem

Task: {279AD122-3B92-4979-B0A2-46C210663A7F} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART

Task: {2EA355D0-5861-492C-8C9F-EC7E3F4E23A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12] (Google Inc.)

Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation

Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate

Task: {AE10BDE7-F3A3-4C0A-8D1B-8026790935D7} - System32\Tasks\WPD\SqmUpload_S-1-5-21-815689617-3860289684-4253382518-1000 => Rundll32.exe portabledeviceapi.dll,#1

Task: {BD835881-69A9-43D6-A77A-5406BF7BAB04} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13] (Adobe Systems Incorporated)

Task: {C3115342-4B32-4AF4-B565-2010F5240923} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-16] (AVAST Software)

Task: {D0E5D292-1F9C-4CB1-9CE5-4466E1556EB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12] (Google Inc.)

Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations

Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-12-16 08:27 - 2013-12-15 22:42 - 02152448 _____ () C:\Program Files\AVAST Software\Avast\defs\13121501\algo.dll

2013-12-16 08:16 - 2013-12-16 08:16 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2013-12-15 20:09 - 2013-12-15 20:09 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 

Name: Photosmart C7200 series

Description: Photosmart C7200 series

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: HP

Service: StillCam

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 

Name: Photosmart C7200 series

Description: Photosmart C7200 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/16/2013 10:36:16 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2013 08:22:58 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2013 08:16:03 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
 
 

Details:

AddLegacyDriverFiles: Unable to back up image of binary qkszvwev.
 

System Error:

Das System kann die angegebene Datei nicht finden.

.
 

Error: (12/16/2013 08:07:39 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2013 08:04:35 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2013 07:07:16 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/15/2013 10:35:33 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.

Das Stammelement der Manifestdatei muss assembliert sein.
 

Error: (12/15/2013 08:42:29 PM) (Source: Application Hang) (User: )

Description: Programm IEXPLORE.EXE, Version 11.0.9600.16428 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 11d0
 

Startzeit: 01cef9cda8766a99
 

Endzeit: 30
 

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 

Berichts-ID:
 

Error: (12/15/2013 07:28:16 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/13/2013 10:40:25 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.

Das Stammelement der Manifestdatei muss assembliert sein.
 
 

System errors:

=============

Error: (12/16/2013 10:11:08 AM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SEBASTIAN-PC" auf Transport "NetBT_Tcpip_{EF011E72-54E6-4CE3-99F8-E650171C6D60}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (12/16/2013 10:11:04 AM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SEBASTIAN-PC" auf Transport "NetBT_Tcpip_{EF011E72-54E6-4CE3-99F8-E650171C6D60}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (12/16/2013 10:10:59 AM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SEBASTIAN-PC" auf Transport "NetBT_Tcpip_{EF011E72-54E6-4CE3-99F8-E650171C6D60}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (12/16/2013 10:10:54 AM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SEBASTIAN-PC" auf Transport "NetBT_Tcpip_{EF011E72-54E6-4CE3-99F8-E650171C6D60}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (12/16/2013 10:10:49 AM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SEBASTIAN-PC" auf Transport "NetBT_Tcpip_{EF011E72-54E6-4CE3-99F8-E650171C6D60}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (12/16/2013 10:10:44 AM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SEBASTIAN-PC" auf Transport "NetBT_Tcpip_{EF011E72-54E6-4CE3-99F8-E650171C6D60}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (12/16/2013 08:16:39 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "avast! Antivirus" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (12/16/2013 07:57:36 AM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SEBASTIAN-PC" auf Transport "NetBT_Tcpip_{EF011E72-54E6-4CE3-99F8-E650171C6D60}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (12/16/2013 07:57:34 AM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SEBASTIAN-PC" auf Transport "NetBT_Tcpip_{EF011E72-54E6-4CE3-99F8-E650171C6D60}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 

Error: (12/16/2013 07:57:28 AM) (Source: bowser) (User: )

Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SEBASTIAN-PC" auf Transport "NetBT_Tcpip_{EF011E72-54E6-4CE3-99F8-E650171C6D60}". Das Datagramm steht in den Daten.

Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
 
 

Microsoft Office Sessions:

=========================

Error: (12/16/2013 10:36:16 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2013 08:22:58 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2013 08:16:03 AM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: 

Details:

AddLegacyDriverFiles: Unable to back up image of binary qkszvwev.
 

System Error:

Das System kann die angegebene Datei nicht finden.
 

Error: (12/16/2013 08:07:39 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2013 08:04:35 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2013 07:07:16 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/15/2013 10:35:33 PM) (Source: SideBySide)(User: )

Description: c:\program files (x86)\smarttools\word autobackup\adxloader.dll.Manifestc:\program files (x86)\smarttools\word autobackup\adxloader.dll.Manifest2
 

Error: (12/15/2013 08:42:29 PM) (Source: Application Hang)(User: )

Description: IEXPLORE.EXE11.0.9600.1642811d001cef9cda8766a9930C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 

Error: (12/15/2013 07:28:16 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/13/2013 10:40:25 PM) (Source: SideBySide)(User: )

Description: c:\program files (x86)\smarttools\word autobackup\adxloader.dll.Manifestc:\program files (x86)\smarttools\word autobackup\adxloader.dll.Manifest2
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 34%

Total physical RAM: 4074.4 MB

Available physical RAM: 2655.82 MB

Total Pagefile: 8146.98 MB

Available Pagefile: 6574.93 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: (System, Programme) (Fixed) (Total:146.48 GB) (Free:87.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Daten und Fotos) (Fixed) (Total:319.27 GB) (Free:301.17 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 05B805B7)

Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=319 GB) - (Type=OF Extended)
 

==================== End Of Log ============================

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-12-16 11:43:13

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB

Running: gmer_2.1.19163.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\fwlyauoc.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text    C:\Windows\system32\wininit.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\services.exe[648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\winlogon.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\svchost.exe[824] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\nvvsvc.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               00000000772ceecd 1 byte [62]

.text    C:\Windows\System32\svchost.exe[116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               00000000772ceecd 1 byte [62]

.text    C:\Windows\System32\svchost.exe[304] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\svchost.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\svchost.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              00000000772ceecd 1 byte [62]

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                     00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\nvvsvc.exe[1244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               00000000772ceecd 1 byte [62]

.text    C:\Windows\System32\spoolsv.exe[1468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\svchost.exe[1504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              00000000772ceecd 1 byte [62]

.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                 000000007512a2ba 1 byte [62]

.text    C:\Windows\SysWOW64\svchost.exe[1644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                              000000007512a2ba 1 byte [62]

.text    C:\Program Files (x86)\PDF Architect\HelperService.exe[1704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                       000000007512a2ba 1 byte [62]

.text    C:\Program Files (x86)\PDF Architect\ConversionService.exe[1824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                   000000007512a2ba 1 byte [62]

.text    C:\Windows\system32\svchost.exe[1908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\svchost.exe[1584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\svchost.exe[2744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                              00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\taskhost.exe[2924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                             00000000772ceecd 1 byte [62]

.text    C:\Windows\Explorer.EXE[2280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                      00000000772ceecd 1 byte [62]

.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                             00000000772ceecd 1 byte [62]

.text    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                   000000007512a2ba 1 byte [62]

.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                   000000007512a2ba 1 byte [62]

.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3356] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112             000000007512a2ba 1 byte [62]

.text    C:\Program Files\AVAST Software\Avast\AvastUI.exe[3368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                            000000007512a2ba 1 byte [62]

.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                       00000000772ceecd 1 byte [62]

.text    C:\Windows\system32\SearchIndexer.exe[3512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        00000000772ceecd 1 byte [62]

.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3520] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                  000000007512a2ba 1 byte [62]

.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[3632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                           00000000772ceecd 1 byte [62]

.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[3748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                   000000007512a2ba 1 byte [62]

.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                  000000007512a2ba 1 byte [62]

.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000075761465 2 bytes [76, 75]

.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000757614bb 2 bytes [76, 75]

.text    ...                                                                                                                                      * 2

.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[3844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                   000000007512a2ba 1 byte [62]

.text    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                   000000007512a2ba 1 byte [62]

.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112     000000007512a2ba 1 byte [62]

.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075761465 2 bytes [76, 75]

.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000757614bb 2 bytes [76, 75]

.text    ...                                                                                                                                      * 2

.text    C:\Windows\system32\AUDIODG.EXE[4468] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                              00000000772ceecd 1 byte [62]

.text    C:\Users\Sebastian\Downloads\gmer_2.1.19163.exe[4140] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              000000007512a2ba 1 byte [62]
 

---- Services - GMER 2.1 ----
 

Service  C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** )                                                                               [AUTO] aswFsBlk                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     <-- ROOTKIT !!!

Service  C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** )                                                                              [AUTO] aswMonFlt                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <-- ROOTKIT !!!

Service  C:\Windows\system32\drivers\aswRdr2.sys (*** hidden *** )                                                                                [SYSTEM] aswRdr                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     <-- ROOTKIT !!!

Service  C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** )                                                                                [BOOT] aswRvrt                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      <-- ROOTKIT !!!

Service  C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** )                                                                                 [SYSTEM] aswSnx                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     <-- ROOTKIT !!!

Service  C:\Windows\system32\drivers\aswSP.sys (*** hidden *** )                                                                                  [SYSTEM] aswSP                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      <-- ROOTKIT !!!

Service  C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** )                                                                                 [SYSTEM] aswTdi                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     <-- ROOTKIT !!!

Service  C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** )                                                                                 [BOOT] aswVmm                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       <-- ROOTKIT !!!

Service  C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** )                                                                     [AUTO] avast! Antivirus                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             <-- ROOTKIT !!!
 

---- Registry - GMER 2.1 ----
 

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                     2

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                    2

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                             1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                      2

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath                                                                                \??\C:\Windows\system32\drivers\aswFsBlk.sys

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                              aswFsBlk

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                    FSFilter Activity Monitor

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                          FltMgr?

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                              Avast! Mini-filter Driver

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                aswFsBlk Instance

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                              

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                     388400

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                        0

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                          

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                    2

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                   2

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                            1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                               \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                             aswMonFlt

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                   FSFilter Anti-Virus

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                         FltMgr?

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                             avast! mini-filter driver (aswMonFlt)

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                               

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                               aswMonFlt Instance

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                            

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                   320700

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                      0

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                         

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                       1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                      1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                               1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                  \??\C:\Windows\system32\drivers\aswRdr2.sys

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                aswRdr

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                      PNP_TDI

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                            tcpip?

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                avast! WFP Redirect driver

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                 

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                              

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                              nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                            

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                      1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                     0

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                              1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                               avast! Revert

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                    2

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                     \Device\Harddisk0\Partition1\Windows

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                    7967

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                               1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387178878                                                                     

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387178878@                                                                    Package

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387178878@BootTimeout                                                         0

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387178878@TickTimeout                                                         0

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387178878@CreationTime                                                        0xBF 0x5A 0xD8 0x58 ...

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387178878@SetupOperations                                                     DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.1387178878")?DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1387178878")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.sum.1387178878")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.1387178878")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.sum.1387178878")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.1387178878")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.sum.1387178878")?

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387178878@StartBootCounter                                                    2

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387178878@StartTickCounter                                                    7967

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387178878@LastPackageError                                                    -1073741772

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                           

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                       2

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                      1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                               1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath                                                                                  \??\C:\Windows\system32\drivers\aswSnx.sys

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                aswSnx

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                      FSFilter Virtualization

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                            FltMgr?

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                avast! virtualization driver (aswSnx)

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                  

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                  aswSnx Instance

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                  

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                         137600

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                            0

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                 

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                   \??\C:\Program Files\AVAST Software\Avast

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                      \??\C:\ProgramData\AVAST Software\Avast

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                            

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                        1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                       1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath                                                                                   \??\C:\Windows\system32\drivers\aswSP.sys

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                 aswSP

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                 avast! Self Protection

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                  

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                      0

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                    \??\C:\Program Files\AVAST Software\Avast

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                       \??\C:\ProgramData\AVAST Software\Avast

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                               \??\C:\Program Files

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                     \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                             

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                       1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                      1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                               1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                        9

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath                                                                                  \??\C:\Windows\system32\drivers\aswTdi.sys

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                aswTdi

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                      PNP_TDI

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                            tcpip?

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                aswTdi

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                            

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                       1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                      0

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                               1

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                avast! VM Monitor

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                avast! VM Monitor

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                 

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                            

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                             288

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                            2

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                     1

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                        "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                      avast! Antivirus

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                            ShellSvcGroup

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                  aswMonFlt?RpcSS?

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                            1

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                       LocalSystem

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                   1

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                      Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters                                                                       

Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                  

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                         2

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                        2

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                 1

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                          2

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath                                                                                    \??\C:\Windows\system32\drivers\aswFsBlk.sys

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                  aswFsBlk

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                        FSFilter Activity Monitor

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                              FltMgr?

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                  Avast! Mini-filter Driver

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                            

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                    aswFsBlk Instance

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                          

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                         388400

Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                            0

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                        2

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                       2

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                1

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                   \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                 aswMonFlt

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                       FSFilter Anti-Virus

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                             FltMgr?

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                 avast! mini-filter driver (aswMonFlt)

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                           

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                   aswMonFlt Instance

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                        

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                       320700

Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                          0

Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                           1

Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                          1

Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                   1

Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                      \??\C:\Windows\system32\drivers\aswRdr2.sys

Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                    aswRdr

Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                          PNP_TDI

Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                tcpip?

Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                    avast! WFP Redirect driver

Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                             

Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                  

Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                  nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                          1

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                         0

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                  1

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                   avast! Revert

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                            

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                        2

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                         \Device\Harddisk0\Partition1\Windows

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                        7967

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                   1

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387178878 (not active ControlSet)                                                 

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387178878@                                                                        Package

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387178878@BootTimeout                                                             0

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387178878@TickTimeout                                                             0

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387178878@CreationTime                                                            0xBF 0x5A 0xD8 0x58 ...

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387178878@SetupOperations                                                         DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.1387178878")?DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1387178878")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.sum.1387178878")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.1387178878")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.sum.1387178878")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.1387178878")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.sum.1387178878")?

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387178878@StartBootCounter                                                        2

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387178878@StartTickCounter                                                        7967

Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387178878@LastPackageError                                                        -1073741772

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                           2

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                          1

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                   1

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath                                                                                      \??\C:\Windows\system32\drivers\aswSnx.sys

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                    aswSnx

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                          FSFilter Virtualization

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                                FltMgr?

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                    avast! virtualization driver (aswSnx)

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                              

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                      aswSnx Instance

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                              

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                             137600

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                                0

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                             

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                       \??\C:\Program Files\AVAST Software\Avast

Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                          \??\C:\ProgramData\AVAST Software\Avast

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                            1

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                           1

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                    1

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath                                                                                       \??\C:\Windows\system32\drivers\aswSP.sys

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                     aswSP

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                     avast! Self Protection

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                              

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                          0

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                        \??\C:\Program Files\AVAST Software\Avast

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                           \??\C:\ProgramData\AVAST Software\Avast

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                   \??\C:\Program Files

Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                         \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                           1

Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                          1

Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                   1

Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                            9

Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath                                                                                      \??\C:\Windows\system32\drivers\aswTdi.sys

Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                    aswTdi

Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                          PNP_TDI

Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                                tcpip?

Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                    aswTdi

Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                           1

Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                          0

Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                   1

Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                    avast! VM Monitor

Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                    avast! VM Monitor

Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                             

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                 288

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                                2

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                         1

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                            "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                          avast! Antivirus

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                                ShellSvcGroup

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                      aswMonFlt?RpcSS?

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                                1

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                           LocalSystem

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                       1

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                          Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.

Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet)                                                   
 

---- EOF - GMER 2.1 ----

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-12-2013 02

Ran by Sebastian (administrator) on SEBASTIAN-PC on 16-12-2013 11:16:27

Running from C:\Users\Sebastian\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe

(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Farbar) C:\Users\Sebastian\Downloads\FRST64(1).exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-16] (AVAST Software)

AppInit_DLLs:   [ ] ()

AppInit_DLLs-x32:   [ ] ()

Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x81FF5BAA299FCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}

SearchScopes: HKCU - {87B416A6-29CB-4DA1-A438-9468195D4629} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317893&CUI=UN31686766301514625&UM=2

SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\scwq0ydm.default-1387135126207

FF Homepage: hxxp://www.spiegel.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nationzoom.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: noscript - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\scwq0ydm.default-1387135126207\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-16] (AVAST Software)

R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)

R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
 

==================== Drivers (Whitelisted) ====================
 

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-16] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-16] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-16] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-16] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-16] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-16] (AVAST Software)

R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-12-16] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-16] ()
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-16 11:13 - 2013-12-16 11:13 - 01927940 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64(1).exe

2013-12-16 11:11 - 2013-12-16 11:11 - 00019971 _____ C:\Users\Sebastian\Downloads\Addition.txt

2013-12-16 11:10 - 2013-12-16 11:16 - 00013369 _____ C:\Users\Sebastian\Downloads\FRST.txt

2013-12-16 11:10 - 2013-12-16 11:10 - 01927940 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe

2013-12-16 11:10 - 2013-12-16 11:10 - 00000000 ____D C:\FRST

2013-12-16 11:07 - 2013-12-16 11:09 - 00000480 _____ C:\Users\Sebastian\Downloads\defogger_disable.log

2013-12-16 11:07 - 2013-12-16 11:07 - 00000000 _____ C:\Users\Sebastian\defogger_reenable

2013-12-16 11:06 - 2013-12-16 11:06 - 00050477 _____ C:\Users\Sebastian\Downloads\Defogger.exe

2013-12-16 11:02 - 2013-12-16 11:02 - 00001003 _____ C:\Users\Sebastian\Documents\MailShield.der

2013-12-16 10:23 - 2013-12-16 10:30 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Wise Registry Cleaner

2013-12-16 10:22 - 2013-12-16 10:22 - 00001244 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk

2013-12-16 10:22 - 2013-12-16 10:22 - 00000000 ____D C:\Program Files (x86)\Wise

2013-12-16 10:21 - 2013-12-16 10:22 - 02177432 _____ (WiseCleaner.com                                             ) C:\Users\Sebastian\Downloads\WRCFree.exe

2013-12-16 10:14 - 2013-12-16 10:14 - 00000000 ____D C:\Program Files\MetaTrader 5 - ActivTrades

2013-12-16 09:26 - 2013-12-16 09:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2013-12-16 08:17 - 2013-12-16 08:17 - 00001983 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-12-16 08:17 - 2013-12-16 08:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\AVAST Software

2013-12-16 08:16 - 2013-12-16 08:27 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2013-12-16 08:16 - 2013-12-16 08:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-12-16 08:16 - 2013-12-16 08:16 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2013-12-16 08:16 - 2013-12-16 08:16 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-12-16 08:16 - 2013-12-16 08:16 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00000000 ____D C:\Program Files\AVAST Software

2013-12-16 08:15 - 2013-12-16 08:15 - 00000000 ____D C:\ProgramData\AVAST Software

2013-12-16 08:14 - 2013-12-16 08:14 - 00000085 _____ C:\Windows\wininit.ini

2013-12-15 20:59 - 2013-12-15 21:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-12-15 20:59 - 2013-12-15 20:59 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking

2013-12-15 20:58 - 2013-12-16 08:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-12-15 20:58 - 2013-12-15 20:58 - 00614784 _____ C:\Users\Sebastian\Downloads\avast-free-antivirus-9-0-2007.exe

2013-12-15 20:53 - 2013-12-15 20:53 - 00614784 _____ C:\Users\Sebastian\Downloads\spybot-search-destroy-2-1.exe

2013-12-15 20:41 - 2013-12-15 20:41 - 00000000 ____D C:\ProgramData\Conduit

2013-12-15 20:41 - 2013-12-15 20:41 - 00000000 ____D C:\Program Files (x86)\Conduit

2013-12-15 20:25 - 2013-12-15 20:36 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Nico Mak Computing

2013-12-15 20:09 - 2013-12-15 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-13 19:28 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-12-13 19:28 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-12-13 19:28 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2013-12-13 19:28 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2013-12-13 19:27 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-13 19:27 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-13 19:27 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-12-13 19:27 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-13 19:27 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-13 19:27 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-12-13 19:27 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-13 19:27 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-13 19:27 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-13 19:27 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-12-13 19:27 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-13 19:27 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-12-13 19:27 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-12-13 19:27 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-12-13 19:27 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-13 19:27 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-13 19:27 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-12-13 19:27 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-13 19:27 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-12-13 19:27 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-12-13 19:27 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-13 19:27 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-12-13 19:27 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-13 19:27 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-12-13 19:27 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-13 19:27 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-13 19:27 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-13 19:27 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-12-13 19:27 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-12-13 19:27 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-13 19:27 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-13 19:23 - 2013-12-16 07:09 - 00000000 ____D C:\ProgramData\WPM

2013-12-13 19:21 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-12-13 19:21 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-13 19:21 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-12-13 19:21 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-12-13 19:21 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-13 19:21 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll

2013-12-13 19:21 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-13 19:21 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-13 19:21 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2013-12-13 19:21 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-13 19:21 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-13 19:21 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2013-12-13 19:21 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2013-12-13 19:21 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-12-13 19:21 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-13 19:21 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2013-12-13 19:21 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2013-12-13 19:21 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2013-12-13 19:21 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2013-11-29 19:30 - 2013-11-29 19:30 - 01071224 _____ (Solid State Networks) C:\Users\Sebastian\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe

2013-11-29 19:30 - 2013-11-29 19:30 - 01071224 _____ (Solid State Networks) C:\Users\Sebastian\Downloads\install_flashplayer11x32au_mssd_aaa_aih(1).exe

2013-11-26 20:31 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2013-11-26 20:26 - 2013-11-26 20:26 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-11-26 20:26 - 2013-11-26 20:26 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-11-26 20:26 - 2013-11-26 20:26 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-11-26 20:26 - 2013-11-26 20:26 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-11-26 20:26 - 2013-11-26 20:26 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-11-26 20:26 - 2013-11-26 20:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-11-26 20:26 - 2013-11-26 20:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-11-26 20:25 - 2013-11-26 20:31 - 00010277 _____ C:\Windows\IE11_main.log
 

==================== One Month Modified Files and Folders =======
 

2013-12-16 11:16 - 2013-12-16 11:10 - 00013369 _____ C:\Users\Sebastian\Downloads\FRST.txt

2013-12-16 11:13 - 2013-12-16 11:13 - 01927940 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64(1).exe

2013-12-16 11:11 - 2013-12-16 11:11 - 00019971 _____ C:\Users\Sebastian\Downloads\Addition.txt

2013-12-16 11:10 - 2013-12-16 11:10 - 01927940 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe

2013-12-16 11:10 - 2013-12-16 11:10 - 00000000 ____D C:\FRST

2013-12-16 11:09 - 2013-12-16 11:07 - 00000480 _____ C:\Users\Sebastian\Downloads\defogger_disable.log

2013-12-16 11:08 - 2013-05-12 11:42 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-16 11:08 - 2013-05-12 11:42 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-16 11:08 - 2013-03-18 17:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-16 11:07 - 2013-12-16 11:07 - 00000000 _____ C:\Users\Sebastian\defogger_reenable

2013-12-16 11:07 - 2012-09-10 16:25 - 00000000 ____D C:\Users\Sebastian

2013-12-16 11:06 - 2013-12-16 11:06 - 00050477 _____ C:\Users\Sebastian\Downloads\Defogger.exe

2013-12-16 11:02 - 2013-12-16 11:02 - 00001003 _____ C:\Users\Sebastian\Documents\MailShield.der

2013-12-16 10:41 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-16 10:41 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-16 10:37 - 2012-09-10 22:18 - 01423518 _____ C:\Windows\WindowsUpdate.log

2013-12-16 10:34 - 2012-09-10 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-16 10:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-16 10:34 - 2009-07-14 05:51 - 00042411 _____ C:\Windows\setupact.log

2013-12-16 10:30 - 2013-12-16 10:23 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Wise Registry Cleaner

2013-12-16 10:22 - 2013-12-16 10:22 - 00001244 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk

2013-12-16 10:22 - 2013-12-16 10:22 - 00000000 ____D C:\Program Files (x86)\Wise

2013-12-16 10:22 - 2013-12-16 10:21 - 02177432 _____ (WiseCleaner.com                                             ) C:\Users\Sebastian\Downloads\WRCFree.exe

2013-12-16 10:14 - 2013-12-16 10:14 - 00000000 ____D C:\Program Files\MetaTrader 5 - ActivTrades

2013-12-16 09:29 - 2013-12-16 09:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2013-12-16 08:27 - 2013-12-16 08:16 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2013-12-16 08:22 - 2013-12-16 08:16 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-12-16 08:21 - 2013-12-15 20:58 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-12-16 08:21 - 2010-11-21 04:47 - 00025250 _____ C:\Windows\PFRO.log

2013-12-16 08:17 - 2013-12-16 08:17 - 00001983 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-12-16 08:17 - 2013-12-16 08:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\AVAST Software

2013-12-16 08:16 - 2013-12-16 08:16 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2013-12-16 08:16 - 2013-12-16 08:16 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-12-16 08:16 - 2013-12-16 08:16 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00000000 ____D C:\Program Files\AVAST Software

2013-12-16 08:15 - 2013-12-16 08:15 - 00000000 ____D C:\ProgramData\AVAST Software

2013-12-16 08:14 - 2013-12-16 08:14 - 00000085 _____ C:\Windows\wininit.ini

2013-12-16 08:05 - 2013-08-15 09:04 - 00000000 ____D C:\ProgramData\Avira

2013-12-16 08:01 - 2013-04-27 19:36 - 00000000 ____D C:\Program Files (x86)\Finale NotePad 2012

2013-12-16 07:09 - 2013-12-13 19:23 - 00000000 ____D C:\ProgramData\WPM

2013-12-16 07:07 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2013-12-16 01:12 - 2013-05-12 11:42 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-15 21:01 - 2013-12-15 20:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-12-15 20:59 - 2013-12-15 20:59 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking

2013-12-15 20:58 - 2013-12-15 20:58 - 00614784 _____ C:\Users\Sebastian\Downloads\avast-free-antivirus-9-0-2007.exe

2013-12-15 20:53 - 2013-12-15 20:53 - 00614784 _____ C:\Users\Sebastian\Downloads\spybot-search-destroy-2-1.exe

2013-12-15 20:41 - 2013-12-15 20:41 - 00000000 ____D C:\ProgramData\Conduit

2013-12-15 20:41 - 2013-12-15 20:41 - 00000000 ____D C:\Program Files (x86)\Conduit

2013-12-15 20:36 - 2013-12-15 20:25 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Nico Mak Computing

2013-12-15 20:09 - 2013-12-15 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-14 09:03 - 2013-08-14 19:57 - 00000000 ____D C:\Windows\system32\MRT

2013-12-14 09:02 - 2012-09-10 16:58 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-12-13 22:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2013-12-13 19:49 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\system32\perfh007.dat

2013-12-13 19:49 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\system32\perfc007.dat

2013-12-13 19:49 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-13 19:48 - 2012-09-10 16:26 - 00000000 ___RD C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-12-13 19:43 - 2009-07-14 05:45 - 00345896 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-13 19:23 - 2012-09-10 18:38 - 00001335 _____ C:\Users\Public\Desktop\Firefox.lnk

2013-12-13 19:23 - 2012-09-10 16:26 - 00001638 _____ C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-12-13 19:09 - 2013-03-18 17:22 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-12-13 19:09 - 2012-09-11 20:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-12-13 19:09 - 2012-09-11 20:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-08 11:03 - 2013-05-12 11:42 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-08 11:03 - 2013-05-12 11:42 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-08 10:38 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-12-02 18:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

2013-11-29 19:30 - 2013-11-29 19:30 - 01071224 _____ (Solid State Networks) C:\Users\Sebastian\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe

2013-11-29 19:30 - 2013-11-29 19:30 - 01071224 _____ (Solid State Networks) C:\Users\Sebastian\Downloads\install_flashplayer11x32au_mssd_aaa_aih(1).exe

2013-11-29 19:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-11-26 20:31 - 2013-11-26 20:25 - 00010277 _____ C:\Windows\IE11_main.log

2013-11-26 20:26 - 2013-11-26 20:26 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-11-26 20:26 - 2013-11-26 20:26 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-11-26 20:26 - 2013-11-26 20:26 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-11-26 20:26 - 2013-11-26 20:26 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-11-26 20:26 - 2013-11-26 20:26 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-11-26 20:26 - 2013-11-26 20:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-11-26 20:26 - 2013-11-26 20:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-11-26 20:26 - 2013-11-26 20:26 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-11-26 20:26 - 2013-11-26 20:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-11-26 12:54 - 2013-12-13 19:27 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-26 11:19 - 2013-12-13 19:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-26 11:18 - 2013-12-13 19:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-11-26 11:11 - 2013-12-13 19:27 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-26 10:48 - 2013-12-13 19:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-26 10:46 - 2013-12-13 19:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-11-26 10:41 - 2013-12-13 19:27 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-26 10:29 - 2013-12-13 19:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-26 10:27 - 2013-12-13 19:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-26 10:23 - 2013-12-13 19:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-26 10:21 - 2013-12-13 19:27 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-26 10:18 - 2013-12-13 19:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-11-26 10:18 - 2013-12-13 19:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-11-26 10:16 - 2013-12-13 19:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-11-26 09:57 - 2013-12-13 19:27 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-26 09:38 - 2013-12-13 19:27 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-26 09:38 - 2013-12-13 19:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-26 09:35 - 2013-12-13 19:27 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-26 09:32 - 2013-12-13 19:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-26 09:28 - 2013-12-13 19:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-11-26 09:16 - 2013-12-13 19:27 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-26 09:02 - 2013-12-13 19:27 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-11-26 08:48 - 2013-12-13 19:27 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-26 08:32 - 2013-12-13 19:27 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-11-26 08:26 - 2013-12-13 19:27 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-26 08:07 - 2013-12-13 19:27 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-26 07:40 - 2013-12-13 19:27 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-26 07:34 - 2013-12-13 19:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-11-26 07:34 - 2013-12-13 19:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-11-26 07:33 - 2013-12-13 19:27 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-26 07:27 - 2013-12-13 19:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-23 19:26 - 2013-12-13 19:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-11-23 18:47 - 2013-12-13 19:21 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
 

Some content of TEMP:

====================

C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-12-13 22:37
 

==================== End Of Log ============================

--- --- ---

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.

Starte die sc-cleaner.exe mit einem Doppelclick.
Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
Eine Logdatei wird sich öffnen (sc-cleaner.txt).
Poste den Inhalt mit deiner nächsten Antwort.

und ein frisches FRST log bitte.

Guten tag, hier nun alle logs:

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.12.28.04
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Sebastian :: SEBASTIAN-PC [Administrator]
 

Schutz: Aktiviert
 

28.12.2013 12:24:51

mbam-log-2013-12-28 (12-24-51).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 232931

Laufzeit: 6 Minute(n), 22 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 4

HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\nationzoomSoftware (PUP.Optional.NationZoom.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 8

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\Software\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.NationZoom.A) -> Bösartig: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339) Gut: (iexplore.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\Software\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.NationZoom) -> Bösartig: (hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 15

C:\Users\Sebastian\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Roaming\OpenCandy\6D227A53F7C34E529CA18531FCCDF8CE (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Local\Temp\ct3317893 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Local\Temp\ct3317893\xpi (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Local\Temp\ct3317893\xpi\defaults (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Local\Temp\ct3317893\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\Conduit\IE\CT3317893 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Local\Temp\DM\bin (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Local\Temp\DM\bin\css (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Local\Temp\DM\bin\css\images (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Local\Temp\DM\bin\exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Local\Temp\DM\bin\PlusHD shopping (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Local\Temp\DM\bin\Qone8 (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Local\Temp\DM\bin\Re-Markit (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 5

C:\Users\Sebastian\Downloads\FreeYouTubeToMP3Converter(1).exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\Downloads\FreeYouTubeToMP3Converter(2).exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\nationzoom.xml (PUP.Optional.NationZoom.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Sebastian\AppData\Roaming\OpenCandy\6D227A53F7C34E529CA18531FCCDF8CE\TuneUpUtilities2013-2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\Conduit\IE\CT3317893\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

2013/12/28 12:22:37 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Executing scheduled update:  Daily

2013/12/28 12:22:43 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Starting protection

2013/12/28 12:22:43 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Protection started successfully

2013/12/28 12:22:43 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Starting IP protection

2013/12/28 12:23:11 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        IP Protection started successfully

2013/12/28 12:24:05 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Starting database refresh

2013/12/28 12:24:05 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Scheduled update executed successfully:  database updated from version v2013.04.04.07 to version v2013.12.28.04

2013/12/28 12:24:05 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Stopping IP protection

2013/12/28 12:24:10 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        IP Protection stopped successfully

2013/12/28 12:24:14 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Database refreshed successfully

2013/12/28 12:24:14 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Starting IP protection

2013/12/28 12:24:21 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        IP Protection started successfully

2013/12/28 12:39:28 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Starting protection

2013/12/28 12:39:28 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Protection started successfully

2013/12/28 12:39:28 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Starting IP protection

2013/12/28 12:39:33 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        IP Protection started successfully

2013/12/28 13:32:56 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Starting protection

2013/12/28 13:32:56 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Protection started successfully

2013/12/28 13:32:56 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        Starting IP protection

2013/12/28 13:33:01 +0100        SEBASTIAN-PC        Sebastian        MESSAGE        IP Protection started successfully

Code:

# AdwCleaner v3.016 - Bericht erstellt am 28/12/2013 um 13:28:26

# Aktualisiert 23/12/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Sebastian - SEBASTIAN-PC

# Gestartet von : C:\Users\Sebastian\Downloads\adwcleaner.exe

# Option : Suchen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gefunden C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Ordner Gefunden C:\Program Files (x86)\Conduit

Ordner Gefunden C:\ProgramData\Conduit

Ordner Gefunden C:\ProgramData\WPM

Ordner Gefunden C:\Users\SEBAST~1\AppData\Local\Temp\OCS

Ordner Gefunden C:\Users\SEBAST~1\AppData\Local\Temp\OCS

Ordner Gefunden C:\Users\Sebastian\AppData\Local\PackageAware

Ordner Gefunden C:\Users\Sebastian\AppData\LocalLow\Conduit

Ordner Gefunden C:\Users\Sebastian\AppData\LocalLow\PriceGong

Ordner Gefunden C:\Users\Sebastian\AppData\Roaming\pdfforge
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Gefunden : C:\Users\Public\Desktop\Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )

Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )

Verknüpfung Gefunden : C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )

Verknüpfung Gefunden : C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )

Verknüpfung Gefunden : C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )

Verknüpfung Gefunden : C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar

Schlüssel Gefunden : HKCU\Software\Conduit

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CDBD28A-441A-4E5F-86B0-3335E674944F}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CDBD28A-441A-4E5F-86B0-3335E674944F}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Schlüssel Gefunden : HKCU\Software\OCS

Schlüssel Gefunden : [x64] HKCU\Software\Conduit

Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gefunden : [x64] HKCU\Software\OCS

Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3317893

Schlüssel Gefunden : HKLM\Software\Conduit

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gefunden : HKLM\Software\supWPM

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.16428
 

Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}

Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339

Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339

Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}
 

-\\ Mozilla Firefox v26.0 (de)
 

[ Datei : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\scwq0ydm.default-1387135126207\prefs.js ]
 

Zeile gefunden : user_pref("CT3317893.FF19Solved", "true");

Zeile gefunden : user_pref("CT3317893.UserID", "UN39933710451975315");

Zeile gefunden : user_pref("CT3317893.fullUserID", "UN39933710451975315.IN.20131215204054");

Zeile gefunden : user_pref("CT3317893.installDate", "15/12/2013 20:40:55");

Zeile gefunden : user_pref("CT3317893.installSessionId", "{F985EB7E-8CC2-4AE5-A697-E14CF259E3F5}");

Zeile gefunden : user_pref("CT3317893.installSp", "false");

Zeile gefunden : user_pref("CT3317893.installerVersion", "1.8.1.4");

Zeile gefunden : user_pref("CT3317893.searchRevert", "false");

Zeile gefunden : user_pref("CT3317893.searchUninstallUserMode", "2");

Zeile gefunden : user_pref("CT3317893.searchUserMode", "2");

Zeile gefunden : user_pref("CT3317893.toolbarInstallDate", "15-12-2013 20:40:54");

Zeile gefunden : user_pref("CT3317893.versionFromInstaller", "10.23.0.722");

Zeile gefunden : user_pref("CT3317893.xpeMode", "0");

Zeile gefunden : user_pref("extensions.crossrider.bic", "142f9fc931c61c64c76eabc903b8a9bd");

Zeile gefunden : user_pref("smartbar.machineId", "BUHZAGVS/0SETQ4LX+QUGIZQZEUEA1OSZ2Z132IUYJCUDU7SJ7PLCGZY847XLTMVMMALLNPGQKHJYG7Z4Q9SKG");
 

*************************
 

AdwCleaner[R0].txt - [6618 octets] - [28/12/2013 13:28:26]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6678 octets] ##########

Code:

# AdwCleaner v3.016 - Bericht erstellt am 28/12/2013 um 13:28:26

# Aktualisiert 23/12/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Sebastian - SEBASTIAN-PC

# Gestartet von : C:\Users\Sebastian\Downloads\adwcleaner.exe

# Option : Suchen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gefunden C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Ordner Gefunden C:\Program Files (x86)\Conduit

Ordner Gefunden C:\ProgramData\Conduit

Ordner Gefunden C:\ProgramData\WPM

Ordner Gefunden C:\Users\SEBAST~1\AppData\Local\Temp\OCS

Ordner Gefunden C:\Users\SEBAST~1\AppData\Local\Temp\OCS

Ordner Gefunden C:\Users\Sebastian\AppData\Local\PackageAware

Ordner Gefunden C:\Users\Sebastian\AppData\LocalLow\Conduit

Ordner Gefunden C:\Users\Sebastian\AppData\LocalLow\PriceGong

Ordner Gefunden C:\Users\Sebastian\AppData\Roaming\pdfforge
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Gefunden : C:\Users\Public\Desktop\Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )

Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )

Verknüpfung Gefunden : C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )

Verknüpfung Gefunden : C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )

Verknüpfung Gefunden : C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )

Verknüpfung Gefunden : C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339 )
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar

Schlüssel Gefunden : HKCU\Software\Conduit

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CDBD28A-441A-4E5F-86B0-3335E674944F}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CDBD28A-441A-4E5F-86B0-3335E674944F}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Schlüssel Gefunden : HKCU\Software\OCS

Schlüssel Gefunden : [x64] HKCU\Software\Conduit

Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gefunden : [x64] HKCU\Software\OCS

Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3317893

Schlüssel Gefunden : HKLM\Software\Conduit

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gefunden : HKLM\Software\supWPM

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.16428
 

Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}

Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339

Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.nationzoom.com/?type=hp&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339

Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.nationzoom.com/web/?type=ds&ts=1386959005&from=tugs&uid=SAMSUNGXHD502HJ_S20BJ90ZA25339&q={searchTerms}
 

-\\ Mozilla Firefox v26.0 (de)
 

[ Datei : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\scwq0ydm.default-1387135126207\prefs.js ]
 

Zeile gefunden : user_pref("CT3317893.FF19Solved", "true");

Zeile gefunden : user_pref("CT3317893.UserID", "UN39933710451975315");

Zeile gefunden : user_pref("CT3317893.fullUserID", "UN39933710451975315.IN.20131215204054");

Zeile gefunden : user_pref("CT3317893.installDate", "15/12/2013 20:40:55");

Zeile gefunden : user_pref("CT3317893.installSessionId", "{F985EB7E-8CC2-4AE5-A697-E14CF259E3F5}");

Zeile gefunden : user_pref("CT3317893.installSp", "false");

Zeile gefunden : user_pref("CT3317893.installerVersion", "1.8.1.4");

Zeile gefunden : user_pref("CT3317893.searchRevert", "false");

Zeile gefunden : user_pref("CT3317893.searchUninstallUserMode", "2");

Zeile gefunden : user_pref("CT3317893.searchUserMode", "2");

Zeile gefunden : user_pref("CT3317893.toolbarInstallDate", "15-12-2013 20:40:54");

Zeile gefunden : user_pref("CT3317893.versionFromInstaller", "10.23.0.722");

Zeile gefunden : user_pref("CT3317893.xpeMode", "0");

Zeile gefunden : user_pref("extensions.crossrider.bic", "142f9fc931c61c64c76eabc903b8a9bd");

Zeile gefunden : user_pref("smartbar.machineId", "BUHZAGVS/0SETQ4LX+QUGIZQZEUEA1OSZ2Z132IUYJCUDU7SJ7PLCGZY847XLTMVMMALLNPGQKHJYG7Z4Q9SKG");
 

*************************
 

AdwCleaner[R0].txt - [6618 octets] - [28/12/2013 13:28:26]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6678 octets] ##########

Nun noch die anderen:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Home Premium x64

Ran by Sebastian on 28.12.2013 at 13:38:23,22

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311121157}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{87B416A6-29CB-4DA1-A438-9468195D4629}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Sebastian\AppData\Roaming\mozilla\firefox\profiles\scwq0ydm.default-1387135126207\minidumps [1 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 28.12.2013 at 13:57:52,97

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

Shortcut Cleaner 1.2.6 by Lawrence Abrams (Grinler)

hxxp://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Shortcut Cleaner can be found at this link:

 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
 

Windows Version: Windows 7 Home Premium Service Pack 1

Program started at: 12/28/2013 01:59:51 PM.
 

Scanning for registry hijacks:
 

 * No issues found in the Registry.
 

Searching for Hijacked Shortcuts:
 

Searching C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\
 

Searching C:\ProgramData\Microsoft\Windows\Start Menu\
 

Searching C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
 

Searching C:\Users\Public\Desktop\
 

Searching C:\Users\Sebastian\Desktop
 
 

0 bad shortcuts found.
 

Program finished at: 12/28/2013 01:59:52 PM

Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2013 01

Ran by Sebastian (administrator) on SEBASTIAN-PC on 28-12-2013 14:02:08

Running from C:\Users\Sebastian\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-22] (AVAST Software)

AppInit_DLLs:   [ ] ()

Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x81FF5BAA299FCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\scwq0ydm.default-1387135126207

FF Homepage: hxxp://www.spiegel.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: NoScript - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\scwq0ydm.default-1387135126207\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-22] (AVAST Software)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)

R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
 

==================== Drivers (Whitelisted) ====================
 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-22] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-16] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-16] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-22] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-22] (AVAST Software)

R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-22] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-22] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-28 14:02 - 2013-12-28 14:02 - 00011181 _____ C:\Users\Sebastian\Downloads\FRST.txt

2013-12-28 14:01 - 2013-12-28 14:01 - 00000000 ____D C:\Users\Sebastian\Downloads\FRST-OlderVersion

2013-12-28 14:00 - 2013-12-28 14:00 - 00001820 _____ C:\Users\Sebastian\Desktop\sc-cleaner.txt

2013-12-28 13:59 - 2013-12-28 13:59 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Sebastian\Downloads\sc-cleaner.exe

2013-12-28 13:59 - 2013-12-28 13:59 - 00001820 _____ C:\sc-cleaner.txt

2013-12-28 13:57 - 2013-12-28 13:57 - 00001072 _____ C:\Users\Sebastian\Desktop\JRT.txt

2013-12-28 13:38 - 2013-12-28 13:38 - 00000000 ____D C:\Windows\ERUNT

2013-12-28 13:36 - 2013-12-28 13:36 - 01034531 _____ (Thisisu) C:\Users\Sebastian\Downloads\JRT.exe

2013-12-28 13:27 - 2013-12-28 13:31 - 00000000 ____D C:\AdwCleaner

2013-12-28 13:27 - 2013-12-28 13:27 - 01233962 _____ C:\Users\Sebastian\Downloads\adwcleaner.exe

2013-12-28 12:22 - 2013-12-28 12:22 - 00001126 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-28 12:22 - 2013-12-28 12:22 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Malwarebytes

2013-12-28 12:22 - 2013-12-28 12:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-28 12:22 - 2013-12-28 12:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-28 12:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-12-28 12:19 - 2013-12-28 12:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sebastian\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-22 21:52 - 2013-12-22 21:52 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2013-12-19 13:09 - 2013-12-19 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2013-12-19 12:20 - 2013-12-19 12:31 - 00000000 ____D C:\Users\Sebastian\Desktop\Neuer Ordner

2013-12-17 19:06 - 2013-12-17 19:06 - 00001885 _____ C:\Users\Sebastian\Desktop\ActivTrades MetaTrader 5.lnk

2013-12-16 12:29 - 2013-12-16 12:29 - 00463464 _____ C:\Windows\Minidump\121613-17082-01.dmp

2013-12-16 12:13 - 2013-12-16 12:13 - 00016887 _____ C:\Users\Sebastian\Desktop\Logfiles.zip

2013-12-16 12:11 - 2013-12-16 12:11 - 00016887 _____ C:\Users\Sebastian\Downloads\FRST.zip

2013-12-16 12:10 - 2013-12-16 12:10 - 00013679 _____ C:\Users\Sebastian\Downloads\Downloads.7z

2013-12-16 12:02 - 2013-12-16 12:02 - 01110476 _____ C:\Users\Sebastian\Downloads\7z920.exe

2013-12-16 11:17 - 2013-12-16 11:17 - 00377856 _____ C:\Users\Sebastian\Downloads\gmer_2.1.19163.exe

2013-12-16 11:10 - 2013-12-28 14:01 - 01930746 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe

2013-12-16 11:10 - 2013-12-28 14:01 - 00000000 ____D C:\FRST

2013-12-16 11:07 - 2013-12-16 11:07 - 00000000 _____ C:\Users\Sebastian\defogger_reenable

2013-12-16 11:02 - 2013-12-16 11:02 - 00001003 _____ C:\Users\Sebastian\Documents\MailShield.der

2013-12-16 10:21 - 2013-12-16 10:22 - 02177432 _____ (WiseCleaner.com                                             ) C:\Users\Sebastian\Downloads\WRCFree.exe

2013-12-16 10:14 - 2013-12-16 10:14 - 00000000 ____D C:\Program Files\MetaTrader 5 - ActivTrades

2013-12-16 08:17 - 2013-12-22 21:52 - 00001983 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-12-16 08:17 - 2013-12-16 08:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\AVAST Software

2013-12-16 08:16 - 2013-12-28 10:57 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-12-16 08:16 - 2013-12-22 21:52 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-12-16 08:16 - 2013-12-22 21:52 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2013-12-16 08:16 - 2013-12-22 21:52 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2013-12-16 08:16 - 2013-12-22 21:52 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-12-16 08:16 - 2013-12-22 21:52 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-12-16 08:16 - 2013-12-22 21:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-12-16 08:16 - 2013-12-16 08:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00000000 ____D C:\Program Files\AVAST Software

2013-12-16 08:15 - 2013-12-16 08:15 - 00000000 ____D C:\ProgramData\AVAST Software

2013-12-16 08:14 - 2013-12-16 08:14 - 00000085 _____ C:\Windows\wininit.ini

2013-12-15 20:59 - 2013-12-15 21:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-12-15 20:59 - 2013-12-15 20:59 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking

2013-12-15 20:58 - 2013-12-16 08:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-12-15 20:58 - 2013-12-15 20:58 - 00614784 _____ C:\Users\Sebastian\Downloads\avast-free-antivirus-9-0-2007.exe

2013-12-15 20:53 - 2013-12-15 20:53 - 00614784 _____ C:\Users\Sebastian\Downloads\spybot-search-destroy-2-1.exe

2013-12-15 20:25 - 2013-12-15 20:36 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Nico Mak Computing

2013-12-15 20:09 - 2013-12-15 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-13 19:28 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-12-13 19:28 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-12-13 19:28 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2013-12-13 19:28 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2013-12-13 19:27 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-13 19:27 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-13 19:27 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-12-13 19:27 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-13 19:27 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-13 19:27 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-12-13 19:27 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-13 19:27 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-13 19:27 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-13 19:27 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-12-13 19:27 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-13 19:27 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-12-13 19:27 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-12-13 19:27 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-12-13 19:27 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-13 19:27 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-13 19:27 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-12-13 19:27 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-13 19:27 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-12-13 19:27 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-12-13 19:27 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-13 19:27 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-12-13 19:27 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-13 19:27 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-12-13 19:27 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-13 19:27 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-13 19:27 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-13 19:27 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-12-13 19:27 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-12-13 19:27 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-13 19:27 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-13 19:21 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-12-13 19:21 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-13 19:21 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-12-13 19:21 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-12-13 19:21 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-13 19:21 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll

2013-12-13 19:21 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-13 19:21 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-13 19:21 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2013-12-13 19:21 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-13 19:21 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-13 19:21 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2013-12-13 19:21 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2013-12-13 19:21 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-12-13 19:21 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-13 19:21 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2013-12-13 19:21 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2013-12-13 19:21 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2013-12-13 19:21 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2013-11-29 19:30 - 2013-11-29 19:30 - 01071224 _____ (Solid State Networks) C:\Users\Sebastian\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe

2013-11-29 19:30 - 2013-11-29 19:30 - 01071224 _____ (Solid State Networks) C:\Users\Sebastian\Downloads\install_flashplayer11x32au_mssd_aaa_aih(1).exe
 

==================== One Month Modified Files and Folders =======
 

2013-12-28 14:02 - 2013-12-28 14:02 - 00011181 _____ C:\Users\Sebastian\Downloads\FRST.txt

2013-12-28 14:01 - 2013-12-28 14:01 - 00000000 ____D C:\Users\Sebastian\Downloads\FRST-OlderVersion

2013-12-28 14:01 - 2013-12-16 11:10 - 01930746 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe

2013-12-28 14:01 - 2013-12-16 11:10 - 00000000 ____D C:\FRST

2013-12-28 14:00 - 2013-12-28 14:00 - 00001820 _____ C:\Users\Sebastian\Desktop\sc-cleaner.txt

2013-12-28 13:59 - 2013-12-28 13:59 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Sebastian\Downloads\sc-cleaner.exe

2013-12-28 13:59 - 2013-12-28 13:59 - 00001820 _____ C:\sc-cleaner.txt

2013-12-28 13:57 - 2013-12-28 13:57 - 00001072 _____ C:\Users\Sebastian\Desktop\JRT.txt

2013-12-28 13:40 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-28 13:40 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-28 13:38 - 2013-12-28 13:38 - 00000000 ____D C:\Windows\ERUNT

2013-12-28 13:36 - 2013-12-28 13:36 - 01034531 _____ (Thisisu) C:\Users\Sebastian\Downloads\JRT.exe

2013-12-28 13:32 - 2013-05-12 11:42 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-28 13:32 - 2012-09-10 22:18 - 01742182 _____ C:\Windows\WindowsUpdate.log

2013-12-28 13:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-28 13:32 - 2009-07-14 05:51 - 00043083 _____ C:\Windows\setupact.log

2013-12-28 13:31 - 2013-12-28 13:27 - 00000000 ____D C:\AdwCleaner

2013-12-28 13:31 - 2012-09-10 18:38 - 00001066 _____ C:\Users\Public\Desktop\Firefox.lnk

2013-12-28 13:31 - 2012-09-10 16:26 - 00001020 _____ C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-12-28 13:27 - 2013-12-28 13:27 - 01233962 _____ C:\Users\Sebastian\Downloads\adwcleaner.exe

2013-12-28 13:08 - 2013-05-12 11:42 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-28 13:08 - 2013-03-18 17:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-28 12:39 - 2010-11-21 04:47 - 00102396 _____ C:\Windows\PFRO.log

2013-12-28 12:22 - 2013-12-28 12:22 - 00001126 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-28 12:22 - 2013-12-28 12:22 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Malwarebytes

2013-12-28 12:22 - 2013-12-28 12:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-28 12:22 - 2013-12-28 12:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-28 12:20 - 2013-12-28 12:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sebastian\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-28 10:57 - 2013-12-16 08:16 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-12-22 21:52 - 2013-12-22 21:52 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2013-12-22 21:52 - 2013-12-16 08:17 - 00001983 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-12-22 21:52 - 2013-12-16 08:16 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-12-22 21:52 - 2013-12-16 08:16 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2013-12-22 21:52 - 2013-12-16 08:16 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2013-12-22 21:52 - 2013-12-16 08:16 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-12-22 21:52 - 2013-12-16 08:16 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-12-22 21:52 - 2013-12-16 08:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-12-19 19:36 - 2012-09-10 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-19 15:09 - 2013-12-19 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2013-12-19 13:10 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\system32\perfh007.dat

2013-12-19 13:10 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\system32\perfc007.dat

2013-12-19 13:10 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-19 12:31 - 2013-12-19 12:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Neuer Ordner

2013-12-17 19:06 - 2013-12-17 19:06 - 00001885 _____ C:\Users\Sebastian\Desktop\ActivTrades MetaTrader 5.lnk

2013-12-16 17:51 - 2013-06-30 11:56 - 00000000 ____D C:\Users\Sebastian\Documents\EasyProfil

2013-12-16 12:29 - 2013-12-16 12:29 - 00463464 _____ C:\Windows\Minidump\121613-17082-01.dmp

2013-12-16 12:29 - 2012-11-22 17:26 - 00000000 ____D C:\Windows\Minidump

2013-12-16 12:29 - 2012-11-22 17:25 - 423533741 _____ C:\Windows\MEMORY.DMP

2013-12-16 12:13 - 2013-12-16 12:13 - 00016887 _____ C:\Users\Sebastian\Desktop\Logfiles.zip

2013-12-16 12:11 - 2013-12-16 12:11 - 00016887 _____ C:\Users\Sebastian\Downloads\FRST.zip

2013-12-16 12:10 - 2013-12-16 12:10 - 00013679 _____ C:\Users\Sebastian\Downloads\Downloads.7z

2013-12-16 12:02 - 2013-12-16 12:02 - 01110476 _____ C:\Users\Sebastian\Downloads\7z920.exe

2013-12-16 11:17 - 2013-12-16 11:17 - 00377856 _____ C:\Users\Sebastian\Downloads\gmer_2.1.19163.exe

2013-12-16 11:07 - 2013-12-16 11:07 - 00000000 _____ C:\Users\Sebastian\defogger_reenable

2013-12-16 11:07 - 2012-09-10 16:25 - 00000000 ____D C:\Users\Sebastian

2013-12-16 11:02 - 2013-12-16 11:02 - 00001003 _____ C:\Users\Sebastian\Documents\MailShield.der

2013-12-16 10:22 - 2013-12-16 10:21 - 02177432 _____ (WiseCleaner.com                                             ) C:\Users\Sebastian\Downloads\WRCFree.exe

2013-12-16 10:14 - 2013-12-16 10:14 - 00000000 ____D C:\Program Files\MetaTrader 5 - ActivTrades

2013-12-16 08:21 - 2013-12-15 20:58 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-12-16 08:17 - 2013-12-16 08:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\AVAST Software

2013-12-16 08:16 - 2013-12-16 08:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00000000 ____D C:\Program Files\AVAST Software

2013-12-16 08:15 - 2013-12-16 08:15 - 00000000 ____D C:\ProgramData\AVAST Software

2013-12-16 08:14 - 2013-12-16 08:14 - 00000085 _____ C:\Windows\wininit.ini

2013-12-16 08:05 - 2013-08-15 09:04 - 00000000 ____D C:\ProgramData\Avira

2013-12-16 08:01 - 2013-04-27 19:36 - 00000000 ____D C:\Program Files (x86)\Finale NotePad 2012

2013-12-16 07:07 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2013-12-16 01:12 - 2013-05-12 11:42 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-15 21:01 - 2013-12-15 20:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-12-15 20:59 - 2013-12-15 20:59 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking

2013-12-15 20:58 - 2013-12-15 20:58 - 00614784 _____ C:\Users\Sebastian\Downloads\avast-free-antivirus-9-0-2007.exe

2013-12-15 20:53 - 2013-12-15 20:53 - 00614784 _____ C:\Users\Sebastian\Downloads\spybot-search-destroy-2-1.exe

2013-12-15 20:36 - 2013-12-15 20:25 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Nico Mak Computing

2013-12-15 20:09 - 2013-12-15 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-14 09:03 - 2013-08-14 19:57 - 00000000 ____D C:\Windows\system32\MRT

2013-12-14 09:02 - 2012-09-10 16:58 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-12-13 22:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2013-12-13 19:48 - 2012-09-10 16:26 - 00000000 ___RD C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-12-13 19:43 - 2009-07-14 05:45 - 00345896 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-13 19:09 - 2013-03-18 17:22 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-12-13 19:09 - 2012-09-11 20:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-12-13 19:09 - 2012-09-11 20:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-08 11:03 - 2013-05-12 11:42 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-08 11:03 - 2013-05-12 11:42 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-08 10:38 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-12-02 18:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

2013-11-29 19:30 - 2013-11-29 19:30 - 01071224 _____ (Solid State Networks) C:\Users\Sebastian\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe

2013-11-29 19:30 - 2013-11-29 19:30 - 01071224 _____ (Solid State Networks) C:\Users\Sebastian\Downloads\install_flashplayer11x32au_mssd_aaa_aih(1).exe

2013-11-29 19:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
 

Some content of TEMP:

====================

C:\Users\Sebastian\AppData\Local\Temp\avgnt.exe

C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-12-23 16:17
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Mit freundlichem Gruß

Bastek

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo, neine keine Probleme mit nationzoom. Alles wieder in Ordnung.

Herzlichen Dank und ein gutes Neues Jahr 2014!

Im Folgenden die Log.Dateien

mit freundlichem Gruß, Bastek

Code:

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internet# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=ec9eada6c6928a47884a5691c3edbf88

# engine=16454

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-12-30 08:33:08

# local_time=2013-12-30 09:33:08 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=774 16777213 71 77 629083 693655 0 0

# compatibility_mode=5893 16776573 100 94 84211 140065438 0 0

# scanned=139201

# found=0

# cleaned=0

# scan_time=6004

Code:

 Results of screen317's Security Check version 0.99.77  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

avast! Antivirus   

 Antivirus out of date!  
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 45  

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Flash Player 11.9.900.170  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Mozilla Firefox (26.0) 

 Mozilla Thunderbird (24.2.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2013 01

Ran by Sebastian (administrator) on SEBASTIAN-PC on 02-01-2014 11:50:51

Running from C:\Users\Sebastian\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe

(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-22] (AVAST Software)

AppInit_DLLs:   [ ] ()

Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x81FF5BAA299FCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\scwq0ydm.default-1387135126207

FF Homepage: hxxp://www.spiegel.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: NoScript - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\scwq0ydm.default-1387135126207\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-22] (AVAST Software)

R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)

R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
 

==================== Drivers (Whitelisted) ====================
 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-22] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-16] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-16] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-22] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-22] (AVAST Software)

S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-22] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-22] ()
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-01-02 11:49 - 2014-01-02 11:49 - 00000936 _____ C:\Users\Sebastian\Desktop\checkup.txt

2014-01-02 11:21 - 2014-01-02 11:21 - 00891200 _____ C:\Users\Sebastian\Downloads\SecurityCheck.exe

2013-12-30 19:45 - 2013-12-30 19:45 - 00000000 ____D C:\Program Files (x86)\ESET

2013-12-30 19:43 - 2013-12-30 19:43 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_enu(2).exe

2013-12-29 17:25 - 2013-12-29 17:25 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_enu(1).exe

2013-12-29 16:18 - 2013-12-29 16:18 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_enu.exe

2013-12-28 14:02 - 2014-01-02 11:50 - 00010546 _____ C:\Users\Sebastian\Downloads\FRST.txt

2013-12-28 14:01 - 2013-12-28 14:01 - 00000000 ____D C:\Users\Sebastian\Downloads\FRST-OlderVersion

2013-12-28 13:59 - 2013-12-28 13:59 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Sebastian\Downloads\sc-cleaner.exe

2013-12-28 13:59 - 2013-12-28 13:59 - 00001820 _____ C:\sc-cleaner.txt

2013-12-28 13:38 - 2013-12-28 13:38 - 00000000 ____D C:\Windows\ERUNT

2013-12-28 13:27 - 2013-12-28 13:31 - 00000000 ____D C:\AdwCleaner

2013-12-28 13:27 - 2013-12-28 13:27 - 01233962 _____ C:\Users\Sebastian\Downloads\adwcleaner.exe

2013-12-28 12:22 - 2013-12-28 12:22 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Malwarebytes

2013-12-28 12:22 - 2013-12-28 12:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-22 21:52 - 2013-12-22 21:52 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2013-12-19 13:09 - 2013-12-19 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2013-12-19 12:20 - 2013-12-19 12:31 - 00000000 ____D C:\Users\Sebastian\Desktop\Neuer Ordner

2013-12-17 19:06 - 2013-12-17 19:06 - 00001885 _____ C:\Users\Sebastian\Desktop\ActivTrades MetaTrader 5.lnk

2013-12-16 12:29 - 2013-12-16 12:29 - 00463464 _____ C:\Windows\Minidump\121613-17082-01.dmp

2013-12-16 12:11 - 2013-12-16 12:11 - 00016887 _____ C:\Users\Sebastian\Downloads\FRST.zip

2013-12-16 12:10 - 2013-12-16 12:10 - 00013679 _____ C:\Users\Sebastian\Downloads\Downloads.7z

2013-12-16 12:02 - 2013-12-16 12:02 - 01110476 _____ C:\Users\Sebastian\Downloads\7z920.exe

2013-12-16 11:17 - 2013-12-16 11:17 - 00377856 _____ C:\Users\Sebastian\Downloads\gmer_2.1.19163.exe

2013-12-16 11:10 - 2013-12-28 14:01 - 01930746 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe

2013-12-16 11:10 - 2013-12-28 14:01 - 00000000 ____D C:\FRST

2013-12-16 11:07 - 2013-12-16 11:07 - 00000000 _____ C:\Users\Sebastian\defogger_reenable

2013-12-16 11:02 - 2013-12-16 11:02 - 00001003 _____ C:\Users\Sebastian\Documents\MailShield.der

2013-12-16 10:21 - 2013-12-16 10:22 - 02177432 _____ (WiseCleaner.com                                             ) C:\Users\Sebastian\Downloads\WRCFree.exe

2013-12-16 10:14 - 2013-12-16 10:14 - 00000000 ____D C:\Program Files\MetaTrader 5 - ActivTrades

2013-12-16 08:17 - 2013-12-22 21:52 - 00001983 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-12-16 08:17 - 2013-12-16 08:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\AVAST Software

2013-12-16 08:16 - 2013-12-30 19:28 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-12-16 08:16 - 2013-12-22 21:52 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-12-16 08:16 - 2013-12-22 21:52 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2013-12-16 08:16 - 2013-12-22 21:52 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2013-12-16 08:16 - 2013-12-22 21:52 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-12-16 08:16 - 2013-12-22 21:52 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-12-16 08:16 - 2013-12-22 21:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-12-16 08:16 - 2013-12-16 08:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00000000 ____D C:\Program Files\AVAST Software

2013-12-16 08:15 - 2013-12-16 08:15 - 00000000 ____D C:\ProgramData\AVAST Software

2013-12-16 08:14 - 2013-12-16 08:14 - 00000085 _____ C:\Windows\wininit.ini

2013-12-15 20:59 - 2013-12-15 21:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-12-15 20:59 - 2013-12-15 20:59 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking

2013-12-15 20:58 - 2013-12-16 08:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-12-15 20:58 - 2013-12-15 20:58 - 00614784 _____ C:\Users\Sebastian\Downloads\avast-free-antivirus-9-0-2007.exe

2013-12-15 20:53 - 2013-12-15 20:53 - 00614784 _____ C:\Users\Sebastian\Downloads\spybot-search-destroy-2-1.exe

2013-12-15 20:25 - 2013-12-15 20:36 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Nico Mak Computing

2013-12-15 20:09 - 2013-12-15 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-13 19:28 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-12-13 19:28 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-12-13 19:28 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2013-12-13 19:28 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2013-12-13 19:27 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-13 19:27 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-13 19:27 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-12-13 19:27 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-13 19:27 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-13 19:27 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-12-13 19:27 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-13 19:27 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-13 19:27 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-13 19:27 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-12-13 19:27 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-13 19:27 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-12-13 19:27 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-12-13 19:27 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-12-13 19:27 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-13 19:27 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-13 19:27 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-12-13 19:27 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-13 19:27 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-12-13 19:27 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-12-13 19:27 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-13 19:27 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-12-13 19:27 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-13 19:27 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-12-13 19:27 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-13 19:27 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-13 19:27 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-13 19:27 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-12-13 19:27 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-12-13 19:27 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-13 19:27 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-13 19:21 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-12-13 19:21 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-13 19:21 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-12-13 19:21 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-12-13 19:21 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-13 19:21 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll

2013-12-13 19:21 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-13 19:21 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-13 19:21 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2013-12-13 19:21 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-13 19:21 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-13 19:21 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2013-12-13 19:21 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2013-12-13 19:21 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2013-12-13 19:21 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-13 19:21 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2013-12-13 19:21 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2013-12-13 19:21 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2013-12-13 19:21 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
 

==================== One Month Modified Files and Folders =======
 

2014-01-02 11:51 - 2013-12-28 14:02 - 00010546 _____ C:\Users\Sebastian\Downloads\FRST.txt

2014-01-02 11:49 - 2014-01-02 11:49 - 00000936 _____ C:\Users\Sebastian\Desktop\checkup.txt

2014-01-02 11:21 - 2014-01-02 11:21 - 00891200 _____ C:\Users\Sebastian\Downloads\SecurityCheck.exe

2014-01-02 11:21 - 2012-09-10 22:18 - 01873587 _____ C:\Windows\WindowsUpdate.log

2014-01-02 11:08 - 2013-05-12 11:42 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-02 11:08 - 2013-05-12 11:42 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-02 11:08 - 2013-03-18 17:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-02 08:59 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-02 08:59 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-02 08:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-02 08:51 - 2009-07-14 05:51 - 00043307 _____ C:\Windows\setupact.log

2013-12-30 19:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

2013-12-30 19:45 - 2013-12-30 19:45 - 00000000 ____D C:\Program Files (x86)\ESET

2013-12-30 19:43 - 2013-12-30 19:43 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_enu(2).exe

2013-12-30 19:28 - 2013-12-16 08:16 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-12-29 19:42 - 2012-09-06 15:55 - 00000000 ____D C:\alte_platte

2013-12-29 19:23 - 2012-09-30 18:07 - 00001402 _____ C:\ProgramData\hpzinstall.log

2013-12-29 19:22 - 2013-04-08 17:02 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\elsterformular

2013-12-29 19:22 - 2013-04-08 17:02 - 00000000 ____D C:\ProgramData\elsterformular

2013-12-29 17:25 - 2013-12-29 17:25 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_enu(1).exe

2013-12-29 16:57 - 2010-11-21 04:47 - 00103238 _____ C:\Windows\PFRO.log

2013-12-29 16:21 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\system32\perfh007.dat

2013-12-29 16:21 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\system32\perfc007.dat

2013-12-29 16:21 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-29 16:18 - 2013-12-29 16:18 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_enu.exe

2013-12-28 14:01 - 2013-12-28 14:01 - 00000000 ____D C:\Users\Sebastian\Downloads\FRST-OlderVersion

2013-12-28 14:01 - 2013-12-16 11:10 - 01930746 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe

2013-12-28 14:01 - 2013-12-16 11:10 - 00000000 ____D C:\FRST

2013-12-28 13:59 - 2013-12-28 13:59 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Sebastian\Downloads\sc-cleaner.exe

2013-12-28 13:59 - 2013-12-28 13:59 - 00001820 _____ C:\sc-cleaner.txt

2013-12-28 13:38 - 2013-12-28 13:38 - 00000000 ____D C:\Windows\ERUNT

2013-12-28 13:31 - 2013-12-28 13:27 - 00000000 ____D C:\AdwCleaner

2013-12-28 13:31 - 2012-09-10 18:38 - 00001066 _____ C:\Users\Public\Desktop\Firefox.lnk

2013-12-28 13:31 - 2012-09-10 16:26 - 00001020 _____ C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-12-28 13:27 - 2013-12-28 13:27 - 01233962 _____ C:\Users\Sebastian\Downloads\adwcleaner.exe

2013-12-28 12:22 - 2013-12-28 12:22 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Malwarebytes

2013-12-28 12:22 - 2013-12-28 12:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-22 21:52 - 2013-12-22 21:52 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2013-12-22 21:52 - 2013-12-16 08:17 - 00001983 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-12-22 21:52 - 2013-12-16 08:16 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-12-22 21:52 - 2013-12-16 08:16 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2013-12-22 21:52 - 2013-12-16 08:16 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2013-12-22 21:52 - 2013-12-16 08:16 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-12-22 21:52 - 2013-12-16 08:16 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-12-22 21:52 - 2013-12-16 08:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-12-19 19:36 - 2012-09-10 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-19 15:09 - 2013-12-19 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2013-12-19 12:31 - 2013-12-19 12:20 - 00000000 ____D C:\Users\Sebastian\Desktop\Neuer Ordner

2013-12-17 19:06 - 2013-12-17 19:06 - 00001885 _____ C:\Users\Sebastian\Desktop\ActivTrades MetaTrader 5.lnk

2013-12-16 17:51 - 2013-06-30 11:56 - 00000000 ____D C:\Users\Sebastian\Documents\EasyProfil

2013-12-16 12:29 - 2013-12-16 12:29 - 00463464 _____ C:\Windows\Minidump\121613-17082-01.dmp

2013-12-16 12:29 - 2012-11-22 17:26 - 00000000 ____D C:\Windows\Minidump

2013-12-16 12:29 - 2012-11-22 17:25 - 423533741 _____ C:\Windows\MEMORY.DMP

2013-12-16 12:11 - 2013-12-16 12:11 - 00016887 _____ C:\Users\Sebastian\Downloads\FRST.zip

2013-12-16 12:10 - 2013-12-16 12:10 - 00013679 _____ C:\Users\Sebastian\Downloads\Downloads.7z

2013-12-16 12:02 - 2013-12-16 12:02 - 01110476 _____ C:\Users\Sebastian\Downloads\7z920.exe

2013-12-16 11:17 - 2013-12-16 11:17 - 00377856 _____ C:\Users\Sebastian\Downloads\gmer_2.1.19163.exe

2013-12-16 11:07 - 2013-12-16 11:07 - 00000000 _____ C:\Users\Sebastian\defogger_reenable

2013-12-16 11:07 - 2012-09-10 16:25 - 00000000 ____D C:\Users\Sebastian

2013-12-16 11:02 - 2013-12-16 11:02 - 00001003 _____ C:\Users\Sebastian\Documents\MailShield.der

2013-12-16 10:22 - 2013-12-16 10:21 - 02177432 _____ (WiseCleaner.com                                             ) C:\Users\Sebastian\Downloads\WRCFree.exe

2013-12-16 10:14 - 2013-12-16 10:14 - 00000000 ____D C:\Program Files\MetaTrader 5 - ActivTrades

2013-12-16 08:21 - 2013-12-15 20:58 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-12-16 08:17 - 2013-12-16 08:17 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\AVAST Software

2013-12-16 08:16 - 2013-12-16 08:16 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2013-12-16 08:16 - 2013-12-16 08:16 - 00000000 ____D C:\Program Files\AVAST Software

2013-12-16 08:15 - 2013-12-16 08:15 - 00000000 ____D C:\ProgramData\AVAST Software

2013-12-16 08:14 - 2013-12-16 08:14 - 00000085 _____ C:\Windows\wininit.ini

2013-12-16 08:05 - 2013-08-15 09:04 - 00000000 ____D C:\ProgramData\Avira

2013-12-16 08:01 - 2013-04-27 19:36 - 00000000 ____D C:\Program Files (x86)\Finale NotePad 2012

2013-12-16 07:07 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2013-12-16 01:12 - 2013-05-12 11:42 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-15 21:01 - 2013-12-15 20:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-12-15 20:59 - 2013-12-15 20:59 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking

2013-12-15 20:58 - 2013-12-15 20:58 - 00614784 _____ C:\Users\Sebastian\Downloads\avast-free-antivirus-9-0-2007.exe

2013-12-15 20:53 - 2013-12-15 20:53 - 00614784 _____ C:\Users\Sebastian\Downloads\spybot-search-destroy-2-1.exe

2013-12-15 20:36 - 2013-12-15 20:25 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Nico Mak Computing

2013-12-15 20:09 - 2013-12-15 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-14 09:03 - 2013-08-14 19:57 - 00000000 ____D C:\Windows\system32\MRT

2013-12-14 09:02 - 2012-09-10 16:58 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-12-13 22:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2013-12-13 19:48 - 2012-09-10 16:26 - 00000000 ___RD C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-12-13 19:43 - 2009-07-14 05:45 - 00345896 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-13 19:09 - 2013-03-18 17:22 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-12-13 19:09 - 2012-09-11 20:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-12-13 19:09 - 2012-09-11 20:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-08 11:03 - 2013-05-12 11:42 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-08 11:03 - 2013-05-12 11:42 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-08 10:38 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 

Some content of TEMP:

====================

C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-12-30 21:53
 

==================== End Of Log ============================

--- --- ---

Flash und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

AppInit_DLLs: [ ] ()

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig :)

Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

So noch das Letzte:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014

Ran by Sebastian at 2014-01-03 19:22:32 Run:1

Running from C:\Users\Sebastian\Downloads

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

AppInit_DLLs:   [ ] ()

*****************
 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
 

==== End of Fixlog ====

Jetzt ist alles in Ordnung und ich hoffe, dass das jetzt eine Weile so bleibt.

AdblockPlus kann mein PC nicht installieren, ich weiß nicht woran das liegt.

Gruß, bastek

Installier es direkt im Browser, wenn Du es über Addons suchst :)