Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win 7 - Firefox langsam, Skript-Warnmeldungen und "keine Rückmeldung" in Titelleiste (https://www.trojaner-board.de/149778-win-7-firefox-langsam-skript-warnmeldungen-keine-rueckmeldung-titelleiste.html)

N_O_O_O_P 14.02.2014 19:09
Win 7 - Firefox langsam, Skript-Warnmeldungen und "keine Rückmeldung" in Titelleiste
 
Hallo,
ich bin neu hier und in sachen computer ein totaler Dummie....
so nun zu meinem Problem.
seit einiger zeit ist mir schon aufgefallen das der rechner langsamer hochfährt.
Firefox ist stellenweise sehr langsam und schon einige mal komplett abgestürzt; außerdem erhalte ich öfters in der Titelleistung die Meldung "(keine Rückmeldung)" und Warnmeldungen, dass ein Skript nicht antwortet oder beschädigt ist, wie z.B.:
"Skript: chrome://wrc/content/common/scripts/bal.js:1172
Ich hab mal versucht nach Anleitung die Log Files zu erstellen

Log File FRST:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by oliver at 2014-02-12 09:25:43
Running from C:\Users\oliver\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.851.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70314.1441 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.03.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0314.1418.23691 - Ihr Firmenname) Hidden
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.12.13 - Atheros Communications Inc.)
Atheros Driver Installation Program (x32 Version: 9.0 - Atheros)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0314.1418.23691 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0314.1418.23691 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0314.1418.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0314.1417.23691 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0314.1418.23691 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
ETDWare PS/2-X64 10.6.9.9_WHQL (Version: 10.6.9.9 - ELAN Microelectronic Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.16.1030 (x32 Version: 3.12.16.1030 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.2 (Version: 2.8.2 - The GIMP Team)
Inkscape 0.48.4 (x32 Version: 0.48.4 - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 5.1.15 - Packard Bell)
LiveSupport (x32 Version: 1.2.7.0 - PC Utilities Software Limited) <==== ATTENTION
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (x32 Version: 5.8.11100.9.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden
Nero DiscSpeed 10 (x32 Version: 6.4.10500.1.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Express 10 (x32 Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10300 - Nero AG)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10400 - Nero AG)
Nero RescueAgent 10 (x32 Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero StartSmart 10 (x32 Version: 10.6.10600.4.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (x32 Version: 1.0.10900.31.0 - Nero AG)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
Packard Bell Power Management (x32 Version: 6.00.3010 - Packard Bell)
Packard Bell Recovery Management (x32 Version: 5.00.3507 - Packard Bell)
Packard Bell Updater (x32 Version: 1.02.3501 - Packard Bell)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PosteRazor (x32 Version: 1.5.2 - Alessandro Portale)
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.28094 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Sony PC Companion 2.10.181 (x32 Version: 2.10.181 - Sony)
StreamTransport version: 1.1.0.2 (x32 Version:  - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Video Web Camera (x32 Version: 1.5.2624.00 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.5.2624.00 - CyberLink Corp.) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

03-01-2014 09:38:42 Windows Update
04-01-2014 09:54:22 TuneUp Utilities 2014 wird entfernt
04-01-2014 09:55:32 TuneUp Utilities 2014 (de-DE) wird entfernt
07-01-2014 08:00:09 Windows Update
14-01-2014 07:37:06 Windows Update
15-01-2014 21:17:17 Windows Update
21-01-2014 18:28:38 Windows Update
28-01-2014 07:40:02 Windows Update
31-01-2014 16:11:41 Windows Update
04-02-2014 16:18:23 Windows Update
07-02-2014 20:19:23 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-08-26 09:37 - 00450636 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {012F7C0A-3174-4723-8CEA-C18746449FDF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1750516870-544835136-2035900611-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1181BE52-D6BB-43DA-9861-F59AE74FB943} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1750516870-544835136-2035900611-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {36A31E85-73A9-49B0-8482-C9EA1EFF7971} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => c:\program files (x86)\real\realplayer\Update\realsched.exe [2013-09-05] (RealNetworks, Inc.)
Task: {37E61DF0-8440-47B7-96EB-CAC9344B9742} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {5610F3DB-AF64-4982-B226-238CF61E5AF1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1750516870-544835136-2035900611-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E89694AE-1FEF-46D7-8191-66E4568A999C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-29] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2014-02-11 20:11 - 2014-02-11 10:39 - 02172928 _____ () C:\Program Files\AVAST Software\Avast\defs\14021100\algo.dll
2014-02-12 08:52 - 2014-02-11 20:39 - 02172928 _____ () C:\Program Files\AVAST Software\Avast\defs\14021101\algo.dll
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-12-29 19:41 - 2013-12-29 19:41 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-20 19:57 - 2013-12-20 19:57 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\oliver\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: Vidalia => "C:\Program Files (x86)\Vidalia Relay Bundle\Vidalia\vidalia.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2014 08:52:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 08:10:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 08:34:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 10:00:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d293
Name des fehlerhaften Moduls: mozalloc.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0af28
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0x90c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/10/2014 06:57:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 09:06:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 08:58:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/09/2014 07:18:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/09/2014 07:18:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/09/2014 07:18:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============
Error: (02/09/2014 07:26:11 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SUSI-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{79CF20AC-3CBA-4637-96A2-5DB6BCE2774B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/09/2014 06:50:29 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SUSI-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{79CF20AC-3CBA-4637-96A2-5DB6BCE2774B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/09/2014 06:38:28 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SUSI-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{79CF20AC-3CBA-4637-96A2-5DB6BCE2774B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/04/2014 02:11:23 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.

Error: (01/15/2014 10:17:05 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/12/2014 06:54:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinkHandler" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/12/2014 06:54:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/11/2014 08:41:01 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Dnscache erreicht.

Error: (01/10/2014 08:41:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%1062

Error: (01/10/2014 08:41:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147467243.


Microsoft Office Sessions:
=========================
Error: (02/12/2014 08:52:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 08:10:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 08:34:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 10:00:16 PM) (Source: Application Error)(User: )
Description: plugin-container.exe26.0.0.508752a0d293mozalloc.dll26.0.0.508752a0af28800000030000119c90c01cf2689d936e893C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll56fe31b9-9296-11e3-9d76-dc0ea1b04dff

Error: (02/10/2014 06:57:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 09:06:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 08:58:24 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (02/09/2014 07:18:17 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\$Recycle.Bin\S-1-5-21-1750516870-544835136-2035900611-1001\$RBH6G7P.exe

Error: (02/09/2014 07:18:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\$Recycle.Bin\S-1-5-21-1750516870-544835136-2035900611-1001\$RFVIZ2K.exe

Error: (02/09/2014 07:18:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\$Recycle.Bin\S-1-5-21-1750516870-544835136-2035900611-1001\$R2XLTT9.exe


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3689.37 MB
Available physical RAM: 2185.71 MB
Total Pagefile: 7376.91 MB
Available Pagefile: 5749.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:279.99 GB) (Free:223.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 71F384DC)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)

==================== End Of Log ============================


LOg File GMER

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-14 09:16:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3259GSXP rev.GN003J 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\oliver\AppData\Local\Temp\ufriapob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\wininit.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\system32\services.exe[648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\system32\winlogon.exe[728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\system32\atiesrxx.exe[956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[240] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\system32\WLANExt.exe[1412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\System32\spoolsv.exe[1588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112              00000000766ba2ba 1 byte [62]
.text  C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1776] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                          00000000766ba2ba 1 byte [62]
.text  C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                      00000000766ba2ba 1 byte [62]
.text  C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[1836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189  000000007743eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[1908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112      00000000766ba2ba 1 byte [62]
.text  C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2004] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112    00000000766ba2ba 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1200] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            000000007743eecd 1 byte [62]
.text  C:\Windows\system32\taskhost.exe[2356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          000000007743eecd 1 byte [62]
.text  C:\Windows\Explorer.EXE[2512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                    000000007743eecd 1 byte [62]
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[2732] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                          00000000766ba2ba 1 byte [62]
.text  C:\Windows\system32\SearchIndexer.exe[2056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                      000000007743eecd 1 byte [62]
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                        000000007743eecd 1 byte [62]
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[4016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189              000000007743eecd 1 byte [62]
.text  C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[3936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189      000000007743eecd 1 byte [62]
.text  C:\Program Files (x86)\Nero\Update\NASvc.exe[4024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              00000000766ba2ba 1 byte [62]
.text  C:\Users\oliver\Downloads\Gmer-19357.exe[3636] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                  00000000766ba2ba 1 byte [62]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3496:3748]                                                                00000000764d7587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3496:3740]                                                                000000006c0b0cb3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3496:784]                                                                  0000000077732e65
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3496:2028]                                                                0000000077733e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3496:3932]                                                                0000000077733e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3496:1736]                                                                0000000077733e85
Thread  C:\Windows\System32\svchost.exe [4084:1056]                                                                                            000007fef16e9688

---- EOF - GMER 2.1 ----
Im voraus schon mal vielen Dank für die Bemühungen.

schrauber 14.02.2014 19:11
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

N_O_O_O_P 14.02.2014 19:44
LOG File combo Fix

Code:
ComboFix 14-02-14.01 - oliver 14.02.2014  19:22:10.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3689.2134 [GMT 1:00]
ausgeführt von:: c:\users\oliver\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-01-14 bis 2014-02-14  ))))))))))))))))))))))))))))))
.
.
2014-02-14 18:33 . 2014-02-14 18:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-02-14 18:33 . 2014-02-14 18:33        --------        d-----w-        c:\users\Administrator.oliver-PC\AppData\Local\temp
2014-02-14 18:15 . 2014-02-14 18:15        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{81447AE5-1143-4033-A207-82013884DBC5}\offreg.dll
2014-02-14 17:14 . 2013-12-16 00:54        10315576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{81447AE5-1143-4033-A207-82013884DBC5}\mpengine.dll
2014-02-13 08:19 . 2013-12-21 09:53        548864        ----a-w-        c:\windows\system32\vbscript.dll
2014-02-13 08:19 . 2013-12-21 08:56        454656        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-02-13 08:04 . 2013-12-06 02:30        1882112        ----a-w-        c:\windows\system32\msxml3.dll
2014-02-12 08:23 . 2014-02-12 08:28        --------        d-----w-        C:\FRST
2014-02-09 15:58 . 2014-02-09 15:58        --------        d-----w-        c:\users\oliver\AppData\Roaming\SUPERAntiSpyware.com
2014-02-08 20:18 . 2014-02-08 20:18        --------        d-----w-        c:\users\oliver\AppData\Roaming\Malwarebytes
2014-02-08 20:17 . 2014-02-08 20:17        --------        d-----w-        c:\programdata\Malwarebytes
2014-02-08 20:17 . 2014-02-08 20:17        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-08 20:17 . 2013-04-04 13:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-01-15 19:54 . 2013-11-27 01:41        53248        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2014-01-15 19:54 . 2013-11-27 01:41        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys
2014-01-15 19:54 . 2013-11-27 01:41        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2014-01-15 19:54 . 2013-11-27 01:41        99840        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2014-01-15 19:54 . 2013-11-27 01:41        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2014-01-15 19:54 . 2013-11-27 01:41        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2014-01-15 19:54 . 2013-11-27 01:41        7808        ----a-w-        c:\windows\system32\drivers\usbd.sys
2014-01-15 19:54 . 2013-11-26 10:32        3156480        ----a-w-        c:\windows\system32\win32k.sys
2014-01-15 19:54 . 2013-11-26 11:40        376768        ----a-w-        c:\windows\system32\drivers\netio.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-13 07:50 . 2013-12-29 18:41        80184        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-02-13 07:50 . 2013-12-29 18:41        1038072        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2014-02-13 07:50 . 2013-12-29 18:41        421704        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2014-02-13 07:50 . 2013-12-29 18:41        78648        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-02-13 07:50 . 2013-12-29 18:41        334136        ----a-w-        c:\windows\system32\aswBoot.exe
2014-02-13 07:50 . 2013-12-29 18:41        43152        ----a-w-        c:\windows\avastSS.scr
2014-01-15 21:18 . 2012-10-21 18:03        86054176        ----a-w-        c:\windows\system32\MRT.exe
2013-12-31 10:16 . 2012-03-24 17:22        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-31 10:16 . 2012-03-24 17:22        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-29 18:41 . 2013-12-29 18:41        207904        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-12-29 18:41 . 2013-12-29 18:41        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-12-29 18:41 . 2013-12-29 18:41        92544        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2013-12-18 05:13 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2013-12-13 21:05 . 2013-12-13 21:05        99592        ----a-w-        c:\windows\PSEXESVC.EXE
2013-11-27 00:02 . 2013-11-27 00:02        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-11-27 00:02 . 2013-11-27 00:02        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 00:02 . 2013-11-27 00:02        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2013-11-27 00:02 . 2013-11-27 00:02        235008        ----a-w-        c:\windows\system32\elshyph.dll
2013-11-27 00:02 . 2013-11-27 00:02        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 00:02 . 2013-11-27 00:02        34816        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-27 00:02 . 2013-11-27 00:02        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-11-27 00:02 . 2013-11-27 00:02        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-11-27 00:02 . 2013-11-27 00:02        337408        ----a-w-        c:\windows\SysWow64\html.iec
2013-11-27 00:02 . 2013-11-27 00:02        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-11-27 00:02 . 2013-11-27 00:02        1051136        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 00:02 . 2013-11-27 00:02        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-11-27 00:02 . 2013-11-27 00:02        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-11-27 00:02 . 2013-11-27 00:02        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2013-11-27 00:02 . 2013-11-27 00:02        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-11-27 00:02 . 2013-11-27 00:02        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-11-27 00:02 . 2013-11-27 00:02        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-11-27 00:02 . 2013-11-27 00:02        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 00:02 . 2013-11-27 00:02        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-11-27 00:02 . 2013-11-27 00:02        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 00:02 . 2013-11-27 00:02        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2013-11-27 00:02 . 2013-11-27 00:02        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 00:02 . 2013-11-27 00:02        247808        ----a-w-        c:\windows\system32\msls31.dll
2013-11-27 00:02 . 2013-11-27 00:02        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 00:02 . 2013-11-27 00:02        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-11-27 00:02 . 2013-11-27 00:02        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-11-27 00:02 . 2013-11-27 00:02        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-11-27 00:02 . 2013-11-27 00:02        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-11-27 00:02 . 2013-11-27 00:02        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2013-11-27 00:02 . 2013-11-27 00:02        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-11-27 00:02 . 2013-11-27 00:02        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-11-27 00:02 . 2013-11-27 00:02        453120        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-11-27 00:02 . 2013-11-27 00:02        413696        ----a-w-        c:\windows\system32\html.iec
2013-11-27 00:02 . 2013-11-27 00:02        40448        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-27 00:02 . 2013-11-27 00:02        296960        ----a-w-        c:\windows\system32\dxtrans.dll
2013-11-27 00:02 . 2013-11-27 00:02        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-11-27 00:02 . 2013-11-27 00:02        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2013-11-27 00:02 . 2013-11-27 00:02        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2013-11-27 00:02 . 2013-11-27 00:02        263376        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-11-27 00:02 . 2013-11-27 00:02        243200        ----a-w-        c:\windows\system32\webcheck.dll
2013-11-27 00:02 . 2013-11-27 00:02        235520        ----a-w-        c:\windows\system32\url.dll
2013-11-27 00:02 . 2013-11-27 00:02        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-11-27 00:02 . 2013-11-27 00:02        143872        ----a-w-        c:\windows\system32\wextract.exe
2013-11-27 00:02 . 2013-11-27 00:02        1228800        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-11-27 00:02 . 2013-11-27 00:02        101376        ----a-w-        c:\windows\system32\inseng.dll
2013-11-27 00:02 . 2013-11-27 00:02        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2013-11-27 00:02 . 2013-11-27 00:02        774144        ----a-w-        c:\windows\system32\jscript.dll
2013-11-27 00:02 . 2013-11-27 00:02        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2013-11-27 00:02 . 2013-11-27 00:02        48128        ----a-w-        c:\windows\system32\imgutil.dll
2013-11-27 00:02 . 2013-11-27 00:02        147968        ----a-w-        c:\windows\system32\occache.dll
2013-11-27 00:02 . 2013-11-27 00:02        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-11-27 00:02 . 2013-11-27 00:02        135680        ----a-w-        c:\windows\system32\iepeers.dll
2013-11-23 18:26 . 2013-12-13 07:42        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-13 07:42        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\oliver\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\oliver\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\oliver\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-13 3767096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 cecsvad;WiVideo Camera;c:\windows\system32\drivers\cecvad.sys;c:\windows\SYSNATIVE\drivers\cecvad.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-13 07:50        287280        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zuyv1kq0.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.hnd.bayern.de/pegel/wasserstand/pegel_wasserstand.php?pgnr=16008506
FF - ExtSQL: !HIDDEN! 2013-07-19 19:43; SeeSimilar@SeeSimilar.com; c:\users\oliver\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com
FF - ExtSQL: !HIDDEN! 2013-07-19 19:43; SeeSimilar@SeeSimilar.com; c:\users\oliver\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com
FF - ExtSQL: !HIDDEN! 2013-09-05 14:21; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-LiveSupport - c:\program files (x86)\LiveSupport\LiveSupport.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-LiveSupport_is1 - c:\program files (x86)\LiveSupport\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1750516870-544835136-2035900611-1001_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1750516870-544835136-2035900611-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
@DACL=(02 0000)
@="Dropbox Autoplay COM Server"
.
[HKEY_USERS\S-1-5-21-1750516870-544835136-2035900611-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1750516870-544835136-2035900611-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1750516870-544835136-2035900611-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1750516870-544835136-2035900611-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-02-14  19:40:42
ComboFix-quarantined-files.txt  2014-02-14 18:40
.
Vor Suchlauf: 7 Verzeichnis(se), 241.343.881.216 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 241.185.808.384 Bytes frei
.
- - End Of File - - 4DADE59E9EB6EB9378CC154C81783B1C
A36C5E4F47E84449FF07ED3517B43A31

schrauber 15.02.2014 18:05
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

N_O_O_O_P 15.02.2014 20:38
so geschafft :-)
LF maleware

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
oliver :: OLIVER-PC [Administrator]

15.02.2014 19:17:37
mbam-log-2014-02-15 (19-17-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250399
Laufzeit: 8 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
LF adware

Code:
# AdwCleaner v3.018 - Bericht erstellt am 15/02/2014 um 20:02:53
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : oliver - OLIVER-PC
# Gestartet von : C:\Users\oliver\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zuyv1kq0.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\oliver\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [918 octets] - [15/02/2014 19:57:37]
AdwCleaner[S1].txt - [840 octets] - [15/02/2014 20:02:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [899 octets] ##########
LF JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by oliver on 15.02.2014 at 20:08:11,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\livesupport
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1750516870-544835136-2035900611-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\livesupport_is1



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\livesupport"
Successfully deleted: [Empty Folder] C:\Users\oliver\appdata\local\{619787BA-D88C-4AA4-9E32-7299E9F6A71A}
Successfully deleted: [Empty Folder] C:\Users\oliver\appdata\local\{D3058233-1800-407A-BF62-E4ED1518EBC4}



~~~ FireFox

Successfully deleted the following from C:\Users\oliver\AppData\Roaming\mozilla\firefox\profiles\zuyv1kq0.default\prefs.js

user_pref("iminent.enabledAds", "false");
Emptied folder: C:\Users\oliver\AppData\Roaming\mozilla\firefox\profiles\zuyv1kq0.default\minidumps [53 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.02.2014 at 20:25:09,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LF frst


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by oliver (administrator) on OLIVER-PC on 15-02-2014 20:26:35
Running from C:\Users\oliver\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-13] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zuyv1kq0.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.hnd.bayern.de/pegel/wasserstand/pegel_wasserstand.php?pgnr=16008506
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zuyv1kq0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-29]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-13] (AVAST Software)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [871296 2012-02-07] (Acer Incorporated)
S2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-02-07] (Acer Incorporated)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-13] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-29] ()
S3 cecsvad; C:\Windows\System32\drivers\cecvad.sys [23040 2011-12-08] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-15 20:26 - 2014-02-15 20:26 - 00009663 _____ () C:\Users\oliver\Desktop\FRST.txt
2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Users\oliver\Desktop\FRST-OlderVersion
2014-02-15 20:25 - 2014-02-15 20:25 - 00001867 _____ () C:\Users\oliver\Desktop\JRT.txt
2014-02-15 20:08 - 2014-02-15 20:08 - 00000000 ____D () C:\Windows\ERUNT
2014-02-15 20:06 - 2014-02-15 20:06 - 01037530 _____ (Thisisu) C:\Users\oliver\Desktop\JRT.exe
2014-02-15 20:05 - 2014-02-15 20:05 - 00000978 _____ () C:\Users\oliver\Desktop\AdwCleaner[S1].txt
2014-02-15 19:57 - 2014-02-15 20:02 - 00000000 ____D () C:\AdwCleaner
2014-02-15 19:54 - 2014-02-15 19:54 - 01166132 _____ () C:\Users\oliver\Desktop\adwcleaner.exe
2014-02-15 09:59 - 2014-02-15 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 19:40 - 2014-02-14 19:40 - 00022500 _____ () C:\ComboFix.txt
2014-02-14 19:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-14 19:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-14 19:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-14 19:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-14 19:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-14 19:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-14 19:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-14 19:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-14 19:16 - 2014-02-14 19:40 - 00000000 ____D () C:\Qoobox
2014-02-14 19:15 - 2014-02-14 19:35 - 00000000 ____D () C:\Windows\erdnt
2014-02-14 19:14 - 2014-02-14 19:14 - 05183211 ____R (Swearware) C:\Users\oliver\Desktop\ComboFix.exe
2014-02-14 08:54 - 2014-02-14 08:54 - 00380416 _____ () C:\Users\oliver\Desktop\Gmer-19357.exe
2014-02-13 09:19 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 09:19 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 09:18 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 09:18 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 09:18 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 09:18 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 09:18 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 09:18 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 09:18 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 09:18 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 09:18 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 09:18 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 09:18 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 09:18 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 09:18 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 09:18 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 09:18 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 09:18 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 09:18 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 09:18 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 09:18 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 09:18 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 09:18 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 09:18 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 09:18 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 09:18 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 09:18 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 09:18 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 09:18 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 09:18 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 09:18 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 09:18 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 09:18 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 09:18 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 09:18 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 09:18 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 09:18 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 09:18 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 09:18 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 09:18 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 09:18 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 09:04 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 09:04 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 09:04 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 09:04 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 09:04 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 09:04 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 09:04 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 09:04 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 09:04 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 09:04 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 09:04 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 09:04 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 09:04 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 09:04 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 09:04 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 09:04 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 09:04 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 09:04 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 09:04 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 09:04 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 09:04 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 09:04 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 09:04 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 09:04 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 09:04 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 09:04 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 09:04 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 09:04 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 09:25 - 2014-02-12 09:28 - 00031896 _____ () C:\Users\oliver\Downloads\Addition.txt
2014-02-12 09:24 - 2014-02-12 09:28 - 00016500 _____ () C:\Users\oliver\Downloads\FRST.txt
2014-02-12 09:23 - 2014-02-15 20:26 - 00000000 ____D () C:\FRST
2014-02-12 09:22 - 2014-02-15 20:26 - 02152960 _____ (Farbar) C:\Users\oliver\Desktop\FRST64.exe
2014-02-12 09:20 - 2014-02-12 09:20 - 00000474 _____ () C:\Users\oliver\Downloads\defogger_disable.log
2014-02-12 09:19 - 2014-02-12 09:19 - 00050477 _____ () C:\Users\oliver\Downloads\Defogger.exe
2014-02-09 18:38 - 2014-02-09 18:38 - 00000000 _____ () C:\Users\oliver\defogger_reenable
2014-02-09 16:58 - 2014-02-09 16:58 - 00000000 ____D () C:\Users\oliver\AppData\Roaming\SUPERAntiSpyware.com
2014-02-08 21:18 - 2014-02-08 21:18 - 00000000 ____D () C:\Users\oliver\AppData\Roaming\Malwarebytes
2014-02-08 21:17 - 2014-02-08 21:17 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 21:17 - 2014-02-08 21:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 21:17 - 2014-02-08 21:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 21:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2014-02-15 20:26 - 2014-02-15 20:26 - 00009663 _____ () C:\Users\oliver\Desktop\FRST.txt
2014-02-15 20:26 - 2014-02-15 20:26 - 00000000 ____D () C:\Users\oliver\Desktop\FRST-OlderVersion
2014-02-15 20:26 - 2014-02-12 09:23 - 00000000 ____D () C:\FRST
2014-02-15 20:26 - 2014-02-12 09:22 - 02152960 _____ (Farbar) C:\Users\oliver\Desktop\FRST64.exe
2014-02-15 20:25 - 2014-02-15 20:25 - 00001867 _____ () C:\Users\oliver\Desktop\JRT.txt
2014-02-15 20:22 - 2013-08-27 19:56 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{36A2D533-696B-43FF-8DA3-C37E967A3B32}
2014-02-15 20:11 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-15 20:11 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-15 20:08 - 2014-02-15 20:08 - 00000000 ____D () C:\Windows\ERUNT
2014-02-15 20:06 - 2014-02-15 20:06 - 01037530 _____ (Thisisu) C:\Users\oliver\Desktop\JRT.exe
2014-02-15 20:05 - 2014-02-15 20:05 - 00000978 _____ () C:\Users\oliver\Desktop\AdwCleaner[S1].txt
2014-02-15 20:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-15 20:04 - 2009-07-14 05:51 - 00115935 _____ () C:\Windows\setupact.log
2014-02-15 20:03 - 2012-04-30 03:46 - 02009735 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 20:02 - 2014-02-15 19:57 - 00000000 ____D () C:\AdwCleaner
2014-02-15 19:54 - 2014-02-15 19:54 - 01166132 _____ () C:\Users\oliver\Desktop\adwcleaner.exe
2014-02-15 18:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-15 17:41 - 2013-12-29 19:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-15 17:38 - 2013-08-03 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 10:00 - 2014-02-15 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 09:08 - 2010-11-21 04:47 - 00447852 _____ () C:\Windows\PFRO.log
2014-02-14 19:40 - 2014-02-14 19:40 - 00022500 _____ () C:\ComboFix.txt
2014-02-14 19:40 - 2014-02-14 19:16 - 00000000 ____D () C:\Qoobox
2014-02-14 19:40 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-14 19:35 - 2014-02-14 19:15 - 00000000 ____D () C:\Windows\erdnt
2014-02-14 19:33 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-14 19:14 - 2014-02-14 19:14 - 05183211 ____R (Swearware) C:\Users\oliver\Desktop\ComboFix.exe
2014-02-14 08:54 - 2014-02-14 08:54 - 00380416 _____ () C:\Users\oliver\Desktop\Gmer-19357.exe
2014-02-13 09:37 - 2012-04-30 13:28 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-13 09:37 - 2012-04-30 13:28 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-13 09:37 - 2009-07-14 06:13 - 01520734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 08:50 - 2013-12-29 19:42 - 00001978 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-13 08:50 - 2013-12-29 19:41 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-13 08:50 - 2013-12-29 19:41 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-13 08:50 - 2013-12-29 19:41 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-13 08:50 - 2013-12-29 19:41 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-13 08:50 - 2013-12-29 19:41 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-13 08:50 - 2013-12-29 19:41 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-12 09:28 - 2014-02-12 09:25 - 00031896 _____ () C:\Users\oliver\Downloads\Addition.txt
2014-02-12 09:28 - 2014-02-12 09:24 - 00016500 _____ () C:\Users\oliver\Downloads\FRST.txt
2014-02-12 09:20 - 2014-02-12 09:20 - 00000474 _____ () C:\Users\oliver\Downloads\defogger_disable.log
2014-02-12 09:19 - 2014-02-12 09:19 - 00050477 _____ () C:\Users\oliver\Downloads\Defogger.exe
2014-02-09 18:38 - 2014-02-09 18:38 - 00000000 _____ () C:\Users\oliver\defogger_reenable
2014-02-09 18:38 - 2012-10-09 17:02 - 00000000 ____D () C:\Users\oliver
2014-02-09 16:58 - 2014-02-09 16:58 - 00000000 ____D () C:\Users\oliver\AppData\Roaming\SUPERAntiSpyware.com
2014-02-09 16:18 - 2012-10-27 20:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-09 10:27 - 2013-12-27 16:22 - 00000000 ____D () C:\Users\oliver\AppData\Local\genienext
2014-02-08 21:18 - 2014-02-08 21:18 - 00000000 ____D () C:\Users\oliver\AppData\Roaming\Malwarebytes
2014-02-08 21:17 - 2014-02-08 21:17 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 21:17 - 2014-02-08 21:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 21:17 - 2014-02-08 21:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-06 13:16 - 2014-02-13 09:18 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 09:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 09:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 09:18 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 09:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 09:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 09:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 09:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 09:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 09:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 09:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 09:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 09:18 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 09:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 09:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 09:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 09:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 09:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 09:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 09:18 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 09:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 09:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 09:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 09:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 09:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 09:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 09:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 09:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 09:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 09:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 09:18 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 09:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 09:18 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 09:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 09:18 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 09:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 09:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 09:18 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 09:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 22:31 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-03 22:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-16 08:48 - 2009-07-14 05:45 - 00299792 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\oliver\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 12:25

==================== End Of Log ============================
--- --- ---

schrauber 16.02.2014 08:11

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

N_O_O_O_P 16.02.2014 19:52
Also gefühlt dauert es immer noch länger bis der FF browser ein fenster aufmacht. Fehler und Skript meldung ist bis jetzt nicht mehr erschienen.
Hier nochmal die LOg Files von
ESET
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=79b26e5c4e0ca34caaa5f2b6e60790c3
# engine=17090
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-16 11:04:40
# local_time=2014-02-16 12:04:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 77 270662 274490 0 0
# compatibility_mode=5893 16776573 100 94 35803 144178530 0 0
# scanned=130450
# found=2
# cleaned=0
# scan_time=8484
sh=3CBC5ED91A77C0704FC33656883479360EC0E2E3 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\myPCBackup.zip"
sh=3CBC5ED91A77C0704FC33656883479360EC0E2E3 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip"
SECURITY CHECK

Code:
Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Adobe Flash Player 11.9.900.170 
 Adobe Reader XI 
 Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by oliver (administrator) on OLIVER-PC on 16-02-2014 19:01:52
Running from C:\Users\oliver\Desktop\FRST-OlderVersion
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-13] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zuyv1kq0.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.hnd.bayern.de/pegel/wasserstand/pegel_wasserstand.php?pgnr=16008506
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zuyv1kq0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-29]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-13] (AVAST Software)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [871296 2012-02-07] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-02-07] (Acer Incorporated)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-13] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-29] ()
S3 cecsvad; C:\Windows\System32\drivers\cecvad.sys [23040 2011-12-08] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-16 12:19 - 2014-02-16 12:19 - 00000833 _____ () C:\Users\oliver\Desktop\checkup.txt
2014-02-16 12:14 - 2014-02-16 12:14 - 00987425 _____ () C:\Users\oliver\Desktop\SecurityCheck.exe
2014-02-16 09:35 - 2014-02-16 09:36 - 02347384 _____ (ESET) C:\Users\oliver\Desktop\esetsmartinstaller_enu.exe
2014-02-15 20:26 - 2014-02-16 19:01 - 00000000 ____D () C:\Users\oliver\Desktop\FRST-OlderVersion
2014-02-15 20:26 - 2014-02-15 20:28 - 00031055 _____ () C:\Users\oliver\Desktop\FRST.txt
2014-02-15 20:25 - 2014-02-15 20:25 - 00001867 _____ () C:\Users\oliver\Desktop\JRT.txt
2014-02-15 20:08 - 2014-02-15 20:08 - 00000000 ____D () C:\Windows\ERUNT
2014-02-15 20:06 - 2014-02-15 20:06 - 01037530 _____ (Thisisu) C:\Users\oliver\Desktop\JRT.exe
2014-02-15 20:05 - 2014-02-15 20:05 - 00000978 _____ () C:\Users\oliver\Desktop\AdwCleaner[S1].txt
2014-02-15 19:57 - 2014-02-15 20:02 - 00000000 ____D () C:\AdwCleaner
2014-02-15 19:54 - 2014-02-15 19:54 - 01166132 _____ () C:\Users\oliver\Desktop\adwcleaner.exe
2014-02-15 09:59 - 2014-02-15 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 19:40 - 2014-02-14 19:40 - 00022500 _____ () C:\ComboFix.txt
2014-02-14 19:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-14 19:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-14 19:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-14 19:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-14 19:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-14 19:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-14 19:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-14 19:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-14 19:16 - 2014-02-14 19:40 - 00000000 ____D () C:\Qoobox
2014-02-14 19:15 - 2014-02-14 19:35 - 00000000 ____D () C:\Windows\erdnt
2014-02-14 19:14 - 2014-02-14 19:14 - 05183211 ____R (Swearware) C:\Users\oliver\Desktop\ComboFix.exe
2014-02-14 08:54 - 2014-02-14 08:54 - 00380416 _____ () C:\Users\oliver\Desktop\Gmer-19357.exe
2014-02-13 09:19 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 09:19 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 09:18 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 09:18 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 09:18 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 09:18 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 09:18 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 09:18 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 09:18 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 09:18 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 09:18 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 09:18 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 09:18 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 09:18 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 09:18 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 09:18 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 09:18 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 09:18 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 09:18 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 09:18 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 09:18 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 09:18 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 09:18 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 09:18 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 09:18 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 09:18 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 09:18 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 09:18 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 09:18 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 09:18 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 09:18 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 09:18 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 09:18 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 09:18 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 09:18 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 09:18 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 09:18 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 09:18 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 09:18 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 09:18 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 09:18 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 09:04 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 09:04 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 09:04 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 09:04 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 09:04 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 09:04 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 09:04 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 09:04 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 09:04 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 09:04 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 09:04 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 09:04 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 09:04 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 09:04 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 09:04 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 09:04 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 09:04 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 09:04 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 09:04 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 09:04 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 09:04 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 09:04 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 09:04 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 09:04 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 09:04 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 09:04 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 09:04 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 09:04 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 09:25 - 2014-02-12 09:28 - 00031896 _____ () C:\Users\oliver\Downloads\Addition.txt
2014-02-12 09:24 - 2014-02-12 09:28 - 00016500 _____ () C:\Users\oliver\Downloads\FRST.txt
2014-02-12 09:23 - 2014-02-16 19:01 - 00000000 ____D () C:\FRST
2014-02-12 09:22 - 2014-02-15 20:26 - 02152960 _____ (Farbar) C:\Users\oliver\Desktop\FRST64.exe
2014-02-12 09:20 - 2014-02-12 09:20 - 00000474 _____ () C:\Users\oliver\Downloads\defogger_disable.log
2014-02-12 09:19 - 2014-02-12 09:19 - 00050477 _____ () C:\Users\oliver\Downloads\Defogger.exe
2014-02-09 18:38 - 2014-02-09 18:38 - 00000000 _____ () C:\Users\oliver\defogger_reenable
2014-02-09 16:58 - 2014-02-09 16:58 - 00000000 ____D () C:\Users\oliver\AppData\Roaming\SUPERAntiSpyware.com
2014-02-08 21:18 - 2014-02-08 21:18 - 00000000 ____D () C:\Users\oliver\AppData\Roaming\Malwarebytes
2014-02-08 21:17 - 2014-02-08 21:17 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 21:17 - 2014-02-08 21:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 21:17 - 2014-02-08 21:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 21:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2014-02-16 19:02 - 2013-08-27 19:56 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{36A2D533-696B-43FF-8DA3-C37E967A3B32}
2014-02-16 19:01 - 2014-02-15 20:26 - 00000000 ____D () C:\Users\oliver\Desktop\FRST-OlderVersion
2014-02-16 19:01 - 2014-02-12 09:23 - 00000000 ____D () C:\FRST
2014-02-16 19:01 - 2013-12-29 19:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-16 18:59 - 2010-11-21 04:47 - 00448678 _____ () C:\Windows\PFRO.log
2014-02-16 18:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 18:59 - 2009-07-14 05:51 - 00116103 _____ () C:\Windows\setupact.log
2014-02-16 12:20 - 2012-04-30 03:46 - 02033833 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 12:19 - 2014-02-16 12:19 - 00000833 _____ () C:\Users\oliver\Desktop\checkup.txt
2014-02-16 12:14 - 2014-02-16 12:14 - 00987425 _____ () C:\Users\oliver\Desktop\SecurityCheck.exe
2014-02-16 09:36 - 2014-02-16 09:35 - 02347384 _____ (ESET) C:\Users\oliver\Desktop\esetsmartinstaller_enu.exe
2014-02-16 09:32 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 09:32 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-15 20:28 - 2014-02-15 20:26 - 00031055 _____ () C:\Users\oliver\Desktop\FRST.txt
2014-02-15 20:26 - 2014-02-12 09:22 - 02152960 _____ (Farbar) C:\Users\oliver\Desktop\FRST64.exe
2014-02-15 20:25 - 2014-02-15 20:25 - 00001867 _____ () C:\Users\oliver\Desktop\JRT.txt
2014-02-15 20:08 - 2014-02-15 20:08 - 00000000 ____D () C:\Windows\ERUNT
2014-02-15 20:06 - 2014-02-15 20:06 - 01037530 _____ (Thisisu) C:\Users\oliver\Desktop\JRT.exe
2014-02-15 20:05 - 2014-02-15 20:05 - 00000978 _____ () C:\Users\oliver\Desktop\AdwCleaner[S1].txt
2014-02-15 20:02 - 2014-02-15 19:57 - 00000000 ____D () C:\AdwCleaner
2014-02-15 19:54 - 2014-02-15 19:54 - 01166132 _____ () C:\Users\oliver\Desktop\adwcleaner.exe
2014-02-15 18:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-15 17:38 - 2013-08-03 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 10:00 - 2014-02-15 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 19:40 - 2014-02-14 19:40 - 00022500 _____ () C:\ComboFix.txt
2014-02-14 19:40 - 2014-02-14 19:16 - 00000000 ____D () C:\Qoobox
2014-02-14 19:40 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-14 19:35 - 2014-02-14 19:15 - 00000000 ____D () C:\Windows\erdnt
2014-02-14 19:33 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-14 19:14 - 2014-02-14 19:14 - 05183211 ____R (Swearware) C:\Users\oliver\Desktop\ComboFix.exe
2014-02-14 08:54 - 2014-02-14 08:54 - 00380416 _____ () C:\Users\oliver\Desktop\Gmer-19357.exe
2014-02-13 09:37 - 2012-04-30 13:28 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-13 09:37 - 2012-04-30 13:28 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-13 09:37 - 2009-07-14 06:13 - 01520734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 08:50 - 2013-12-29 19:42 - 00001978 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-13 08:50 - 2013-12-29 19:41 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-13 08:50 - 2013-12-29 19:41 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-13 08:50 - 2013-12-29 19:41 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-13 08:50 - 2013-12-29 19:41 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-13 08:50 - 2013-12-29 19:41 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-13 08:50 - 2013-12-29 19:41 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-12 09:28 - 2014-02-12 09:25 - 00031896 _____ () C:\Users\oliver\Downloads\Addition.txt
2014-02-12 09:28 - 2014-02-12 09:24 - 00016500 _____ () C:\Users\oliver\Downloads\FRST.txt
2014-02-12 09:20 - 2014-02-12 09:20 - 00000474 _____ () C:\Users\oliver\Downloads\defogger_disable.log
2014-02-12 09:19 - 2014-02-12 09:19 - 00050477 _____ () C:\Users\oliver\Downloads\Defogger.exe
2014-02-09 18:38 - 2014-02-09 18:38 - 00000000 _____ () C:\Users\oliver\defogger_reenable
2014-02-09 18:38 - 2012-10-09 17:02 - 00000000 ____D () C:\Users\oliver
2014-02-09 16:58 - 2014-02-09 16:58 - 00000000 ____D () C:\Users\oliver\AppData\Roaming\SUPERAntiSpyware.com
2014-02-09 16:18 - 2012-10-27 20:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-09 10:27 - 2013-12-27 16:22 - 00000000 ____D () C:\Users\oliver\AppData\Local\genienext
2014-02-08 21:18 - 2014-02-08 21:18 - 00000000 ____D () C:\Users\oliver\AppData\Roaming\Malwarebytes
2014-02-08 21:17 - 2014-02-08 21:17 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 21:17 - 2014-02-08 21:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 21:17 - 2014-02-08 21:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-06 13:16 - 2014-02-13 09:18 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 09:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 09:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 09:18 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 09:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 09:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 09:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 09:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 09:18 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 09:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 09:18 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 09:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 09:18 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 09:18 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 09:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 09:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 09:18 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 09:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 09:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 09:18 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 09:18 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 09:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 09:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 09:18 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 09:18 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 09:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 09:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 09:18 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 09:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 09:18 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 09:18 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 09:18 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 09:18 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 09:18 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 09:18 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 09:18 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 09:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 09:18 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 09:18 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 22:31 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-03 22:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\oliver\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 12:25

==================== End Of Log ============================
--- --- ---

--- --- ---


:killpc: Fehlermeldung (Keine Rückmeldung) in der titelleiste noch vorhanden :killpc:

schrauber 17.02.2014 14:21
Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

N_O_O_O_P 17.02.2014 20:20
Vielen dank für Deine Geduld und Deine Mühe, hab alles gemacht wie beschrieben mal schauen ob es jetzt funzt... soll ich eigentlich den Internet Explorer oder evtl. ein anderes Programm auch mal deinstallieren?
na denn sag ich nochmal Danke und wie man bei uns hier in Bayern sagt
SERVUS ;-)

schrauber 18.02.2014 16:28
Probleme weg? :)

N_O_O_O_P 18.02.2014 17:11
:daumenhoc ja bis jetzt läuft er wieder ohne Probleme.. :dankeschoen:
vielen Dank

PS: Ach ja hab da noch ne Frage, hab noch einen alten Laptop,noch mit win XP, beim starten kommen keine Icons auf dem Desktop wenn ich dann im Task Manager den IE beende dann wieder sterte sind die icons wieder da kann aber keinen Download ausführen und kein EXE programm ausführen glaubst Du da kann man noch was machen oder ist er zum verschrotten :-)
Gruß

schrauber 19.02.2014 15:27
Poste mal FRST Logs von dem Rechner. Für hier:

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

N_O_O_O_P 22.02.2014 14:07
Hallo sorry für die verspätung, also der neue Laptop läuft gut, hab mir die programme geholt aber entweder bei abdock oder bei no script hat es mir einige Internet seiten nicht mehr richtig angezeigt keine grafische darstellung. und bei secunia kam wieder die meldung skript reagiert langsam (oder so ähnlich). hab das programm mit revo wieder deinstalliert mal schauen ob es eine einmalige sache war...

so hier das neue FRST LOG von meinem alten rechner XP.
(arbeite z .Zt im abgesicherten modus damit)


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01
Ran by Administrator (administrator) on HOME-PC on 22-02-2014 14:15:14
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)


==================== Processes (Whitelisted) =================

(Lavasoft AB) C:\Programme\systemkontrolle\aawservice.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AAWTray] - C:\Programme\systemkontrolle\AAWTray.exe [88024 2007-08-08] ()
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-21-1343024091-963894560-725345543-500\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe [686280 2012-07-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-1343024091-963894560-725345543-500\...\MountPoints2: {44111087-1333-11e0-9173-001b9e2ee5c9} - F:\InstallTomTomHOME.exe
HKU\S-1-5-21-1343024091-963894560-725345543-500\...\MountPoints2: {6519ca3c-7c46-11de-8f39-001b9e2ee5c9} - F:\Launcher.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -  No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} hxxp://www.parallelgraphics.com/bin/cortvrml.cab
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} hxxp://headattack.dyndns.org/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\vkn1gmn4.default-1362871348453
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Programme\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Programme\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Programme\TVUPlayer\npTVUAx.dll No File
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-11-10]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programme\Java\jre6\lib\deploy\jqs\ff [2012-02-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! WebRep - C:\Programme\Alwil Software\Avast5\WebRep\FF [2011-05-28]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-11-10]

========================== Services (Whitelisted) =================

R2 aawservice; C:\Programme\systemkontrolle\aawservice.exe [566616 2007-08-27] (Lavasoft AB)
S2 acs; C:\WINDOWS\system32\acs.exe [364629 2007-03-21] (Atheros)
S2 avast! Antivirus; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [44808 2012-06-28] (AVAST Software)
S2 DevoloNetworkService; C:\Programme\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-10-24] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [135664 2010-10-24] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [182768 2009-07-05] (Google)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation)
S2 JavaQuickStarterService; C:\Programme\Java\jre6\bin\jqs.exe [153376 2012-02-19] (Sun Microsystems, Inc.)
S2 LVCOMSer; C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-07-20] (Logitech Inc.)
S2 LVPrcSrv; C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe [137752 2007-07-20] (Logitech Inc.)
S2 LVSrvLauncher; C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-07-20] (Logitech Inc.)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [115608 2013-03-09] (Mozilla Foundation)
S2 O&O Defrag; C:\WINDOWS\system32\oodag.exe [225280 2005-05-11] (O&O Software GmbH)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2006-06-01] (Microsoft Corporation)
S2 TomTomHOMEService; C:\Programme\TomTom HOME 2\TomTomHOMEService.exe [92008 2010-12-10] (TomTom)
S3 TUWinStylerThemeSvc; C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe [118272 2005-08-24] (TuneUp Software GmbH)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [25256 2012-06-28] (AVAST Software)
R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [546112 2007-04-05] (Atheros Communications, Inc.)
S2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [21256 2012-06-28] (AVAST Software)
S2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [97352 2012-06-28] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [35928 2012-06-28] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [721000 2012-06-28] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [353688 2012-06-28] (AVAST Software)
S1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [54232 2012-06-28] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [27392 2005-05-03] (SlySoft, Inc.)
S2 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [8064 2006-04-22] (Elaborate Bytes AG)
R3 ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [4608 2005-04-12] (Elaborate Bytes AG)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [2109592 2007-07-20] (Logitech Inc.)
S3 LVMVDrv; C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys [2142488 2007-07-20] (Logitech Inc.)
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2007-07-18] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2007-07-19] (Logitech Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [5632 2005-02-17] ()
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28352 2009-11-21] (MusicMatch, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S2 NPF_devolo; C:\WINDOWS\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
S3 PDNMp50; C:\WINDOWS\system32\drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\WINDOWS\system32\drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pepifilter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [13848 2007-07-19] (Logitech Inc.)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
S3 PID_PEPI; C:\WINDOWS\System32\DRIVERS\LV302V32.SYS [1278104 2007-07-19] (Logitech Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 s0017bus; C:\WINDOWS\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\WINDOWS\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\WINDOWS\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\WINDOWS\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\WINDOWS\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\WINDOWS\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\WINDOWS\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [55840 2006-11-15] (Atheros Communications, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-22 14:15 - 2014-02-22 14:15 - 00017611 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.txt
2014-02-22 14:15 - 2014-02-22 14:15 - 00000000 ____D () C:\FRST
2014-02-22 14:14 - 2014-02-22 14:14 - 01142784 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2014-02-22 14:02 - 2014-02-22 14:02 - 00050477 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
2014-02-22 13:55 - 2014-02-22 13:55 - 00000000 ____D () C:\WINDOWS\CSC

==================== One Month Modified Files and Folders =======

2014-02-22 14:15 - 2014-02-22 14:15 - 00017611 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.txt
2014-02-22 14:15 - 2014-02-22 14:15 - 00000000 ____D () C:\FRST
2014-02-22 14:14 - 2014-02-22 14:14 - 01142784 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2014-02-22 14:02 - 2014-02-22 14:02 - 00050477 _____ () C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
2014-02-22 14:00 - 2013-03-09 00:06 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-02-22 13:55 - 2014-02-22 13:55 - 00000000 ____D () C:\WINDOWS\CSC
2014-02-22 13:55 - 2007-09-03 21:47 - 00700146 _____ () C:\WINDOWS\system32\OODBS.lor
2014-02-22 13:55 - 2006-06-01 20:06 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2006-06-01 20:06] - [2008-04-14 03:22] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e

C:\WINDOWS\system32\winlogon.exe
[2006-06-01 20:06] - [2008-04-14 03:23] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a

C:\WINDOWS\system32\svchost.exe
[2006-06-01 20:06] - [2008-04-14 03:23] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366

C:\WINDOWS\system32\services.exe
[2006-06-01 20:06] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc

C:\WINDOWS\system32\User32.dll
[2006-06-01 20:06] - [2008-04-14 03:22] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd

C:\WINDOWS\system32\userinit.exe
[2006-06-01 20:06] - [2008-04-14 03:23] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106

C:\WINDOWS\system32\rpcss.dll
[2006-06-01 20:06] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127afbf2c1ed0ab14a1bbb7aaecb85b

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2006-06-01 20:06] - [2008-04-14 02:52] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d


==================== End Of Log ============================
--- --- ---


lade mir jetzt mal defogger, Combfix und del fix runter und lasse es laufen soll ich die Logs auch mal posten?
gruß :-)

schrauber 23.02.2014 11:22
Zitat:
lade mir jetzt mal defogger, Combfix und del fix runter und lasse es laufen soll ich die Logs auch mal posten?
Stop! hab ich das gesagt?

für den anderen Rechner:

Secunia weg, versuch mal FileHippo UpdateChecker. Zu dem Browser:
Das ist NoScript. das ist so gewollt. Du musst die Scripte dann einzeln zulassen bis die Seiten gehen.

Was für Probleme macht der XP Rechner?

N_O_O_O_P 23.02.2014 13:39
Halllo sorry hab ich wohl falsch verstanden.....:pfeiff:

also der XP fährt nicht richtig hoch und wenn er hochfährt habe ich keine icons auf dem desktop, im taskmanager - prozesse - explorer beenden- dann neuer task - explorer - und es sind die icons da. Internet geht dann aber ordner aufmachen geht langsam bzw. gar nicht. irgendwelche exe dateien oder downloads funktionieren nicht. ( Im abgesicherten Modus schon)
ansonsten kann ich nicht viel sagen da er ja nicht mehr viel macht.

gruß


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:13 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131