Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7, download protector 2.2.0 nicht zu entfernen, firefox user (https://www.trojaner-board.de/152428-windows-7-download-protector-2-2-0-entfernen-firefox-user.html)

dodo2014 13.04.2014 12:11
Windows 7, download protector 2.2.0 nicht zu entfernen, firefox user
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo,

habe seit geraumer Zeit bei firefox den download protector 2.2.0 drin und werde ihn einfach nicht los, habe schon mit verschiedenen Programmen (ccleaner, malwarebyte, tempcleaner) und auch mit Windows-Mitteln (im Explorer und über regedit in firefox angezeigten Pfad entfernt) versucht das Problem zu lösen.
Dabei zeigten sich noch exe-Dateinen wie:
save sense
wprotectmanager
updatemegabrowse

welche ich teilweise schon entfernen konnte.

Hoffe ihr könnt mir helfen.

Danke

schrauber 13.04.2014 13:19
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

dodo2014 13.04.2014 13:45
uups, sorry


Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2014 01
Ran by Sven at 2014-04-13 12:40:02
Running from C:\Users\Sven\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.13 - Advanced Micro Devices, Inc.) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
fotoalbum.de Editor (HKLM-x32\...\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.5.3.1028 - myphotobook GmbH)
fotoalbum.de Editor (x32 Version: 1.5.3 - myphotobook GmbH) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) PRO/Wireless Driver (Version: 16.1.4000.0546 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{bc9808f5-afda-4f96-b90e-da5bfb2ef8da}) (Version: 16.1.4 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.3000.0256 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Protegere (HKLM-x32\...\Protegere) (Version:  - )
RawTherapee Version 4.0.12 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.0.12 - rawtherapee.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 4.2.0.1 - ASCOMP Software GmbH)
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

21-03-2014 23:11:03 Installed Eraser 6.0.10.2620
21-03-2014 23:17:04 Removed Eraser 6.0.10.2620
27-03-2014 11:56:22 Windows Update
27-03-2014 12:02:19 Windows-Sicherung
30-03-2014 17:00:00 Windows-Sicherung
01-04-2014 19:04:51 Windows Update
07-04-2014 04:13:48 Windows-Sicherung
08-04-2014 11:27:09 Windows Update
11-04-2014 11:32:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {36835CA1-76ED-4625-918E-0800C7547D54} - System32\Tasks\addplushd-codedownloader => C:\Program Files (x86)\addplushd\addplushd-codedownloader.exe
Task: {59232B90-1DDE-4AD5-8EFE-666BB3899F35} - System32\Tasks\addplushd-enabler => C:\Program Files (x86)\addplushd\addplushd-enabler.exe <==== ATTENTION
Task: {5E5EAEDF-27A8-4F18-B633-8D79786B2562} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {60070A62-5525-43EC-AC5A-3EE9F8DEA95E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6BDEBC16-987B-48A2-96DD-D6C8412F0A61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {A8539217-B507-4FF5-ADE2-1B1D96019790} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-28] (Adobe Systems Incorporated)
Task: {BCA2483E-D6CE-40FC-BD47-E6C3CFA3CE65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {CD04C871-9D06-4965-9475-3F499996F316} - System32\Tasks\addplushd-firefoxinstaller => C:\Program Files (x86)\addplushd\addplushd-firefoxinstaller.exe
Task: {EB609D82-28B1-4E0B-A6EF-BD553F8D8C05} - System32\Tasks\addplushd-updater => C:\Program Files (x86)\addplushd\addplushd-updater.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-26 08:42 - 2013-07-26 08:42 - 00034304 _____ () C:\Windows\System32\ssk3mlm.dll
2013-08-30 20:47 - 2013-08-30 20:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 15:41 - 2012-10-22 15:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 15:42 - 2012-10-22 15:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-30 20:47 - 2013-08-30 20:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-22 01:25 - 2014-03-22 01:25 - 01005056 _____ () C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe
2014-03-22 01:25 - 2014-03-22 01:25 - 00118784 _____ () C:\Windows\system32\bitspry5.exe
2014-03-22 01:27 - 2012-09-07 17:57 - 00559424 _____ () D:\Program Files (x86)\Secure Eraser\SecEraser64.dll
2013-08-30 20:47 - 2013-08-30 20:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-22 10:38 - 2014-02-14 12:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-22 01:25 - 2014-03-22 01:25 - 00374272 _____ () C:\Users\Sven\AppData\Roaming\BupSystem\sub\default.dll
2014-04-05 18:00 - 2014-03-15 10:40 - 03642480 _____ () D:\Program Files (x86)\Mozilla\mozjs.dll
2014-03-28 13:37 - 2014-03-28 13:37 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2014 00:20:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2014 11:04:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 04:18:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 03:49:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 03:45:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 03:42:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 03:39:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: bitspry5.exe, Version: 0.0.0.0, Zeitstempel: 0x529d12e8
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000002ae1dc4
ID des fehlerhaften Prozesses: 0x450
Startzeit der fehlerhaften Anwendung: 0xbitspry5.exe0
Pfad der fehlerhaften Anwendung: bitspry5.exe1
Pfad des fehlerhaften Moduls: bitspry5.exe2
Berichtskennung: bitspry5.exe3

Error: (04/12/2014 03:38:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 03:28:49 PM) (Source: Microsoft-Windows-User Profiles Service) (User: KUNDEN-08UF0KJ6)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (04/12/2014 03:28:49 PM) (Source: Microsoft-Windows-User Profiles Service) (User: KUNDEN-08UF0KJ6)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.


System errors:
=============
Error: (04/13/2014 00:21:32 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/13/2014 00:21:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (04/13/2014 00:21:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (04/13/2014 00:21:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (04/13/2014 00:21:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (04/13/2014 00:21:03 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/13/2014 00:21:03 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (04/13/2014 00:20:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (04/13/2014 00:20:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (04/13/2014 00:20:52 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801


Microsoft Office Sessions:
=========================
Error: (04/13/2014 00:20:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2014 11:04:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 04:18:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 03:49:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 03:45:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 03:42:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 03:39:35 PM) (Source: Application Error)(User: )
Description: bitspry5.exe0.0.0.0529d12e8unknown0.0.0.000000000c00000050000000002ae1dc445001cf56546c331c2bC:\Windows\system32\bitspry5.exeunknowne1edf59d-c247-11e3-9922-0c8bfd730c2a

Error: (04/12/2014 03:38:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2014 03:28:49 PM) (Source: Microsoft-Windows-User Profiles Service)(User: KUNDEN-08UF0KJ6)
Description:

Error: (04/12/2014 03:28:49 PM) (Source: Microsoft-Windows-User Profiles Service)(User: KUNDEN-08UF0KJ6)
Description:


CodeIntegrity Errors:
===================================
  Date: 2012-12-31 00:06:32.556
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\TSTWRE~1\tswnt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-31 00:06:32.553
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\TSTWRE~1\tswnt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-31 00:04:17.082
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\TSTWRE~1\tswnt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-12-31 00:04:17.078
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\TSTWRE~1\tswnt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 15558.01 MB
Available physical RAM: 13599.71 MB
Total Pagefile: 31114.2 MB
Available Pagefile: 28790.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:62.67 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:728.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 1B3870BA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1B3870AD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by Sven (administrator) on KUNDEN-08UF0KJ6 on 13-04-2014 12:39:45
Running from C:\Users\Sven\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) D:\Program Files\superantispy\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe
() C:\Windows\system32\bitspry5.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) D:\Program Files\superantispy\SUPERAntiSpyware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKU\S-1-5-21-4107197625-2974202506-744648078-1002\...\Run: [SUPERAntiSpyware] - D:\Program Files\superantispy\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://syb.msn.com/
hxxp://www.tecstore.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com
hxxp://www.tecstore.net
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF86C9E15A82FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1396074421&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF139410F&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1396074421&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF139410F&q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9319C907-DB12-4DC7-8EAA-7DBAE70AA664} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {29E6354C-A337-421C-B60B-D4CCBA49659C} URL =
SearchScopes: HKCU - {9319C907-DB12-4DC7-8EAA-7DBAE70AA664} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {95FA172C-6F07-4463-97FA-B0C21E7A082C} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default
FF user.js: detected! => C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.nw-news.de/
FF Keyword.URL: hxxp://www.sm.de/?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default\searchplugins\search_engine.xml
FF HKLM-x32\...\Firefox\Extensions: [{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}] - C:\Windows\Installer\{F727B133-40D4-4F89-95FA-C4C9CE6BC51E}\{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}] - C:\Windows\Installer\{4BDE0211-F443-44BE-8034-30B3F39E568D}\{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{3045FBA1-BC7C-4104-A2C4-6408C2EECB81}] - C:\Windows\Installer\{7D93B3B1-D20A-43CC-9649-1D5FF4F688D6}\{3045FBA1-BC7C-4104-A2C4-6408C2EECB81}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{7D93B3B1-D20A-43CC-9649-1D5FF4F688D6}\{3045FBA1-BC7C-4104-A2C4-6408C2EECB81}.xpi [2014-04-13]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla\firefox.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; D:\Program Files\superantispy\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 bupService; C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe [1005056 2014-03-22] ()
R2 cmdl3264; C:\Windows\system32\bitspry5.exe [118784 2014-03-22] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-06] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-06] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3586528 2013-08-15] (Intel Corporation)
R1 SASDIFSV; D:\Program Files\superantispy\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\superantispy\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\TSTWRE~1\tswnt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-13 12:39 - 2014-04-13 12:39 - 00011285 _____ () C:\Users\Sven\Desktop\FRST.txt
2014-04-13 12:39 - 2014-04-13 12:39 - 00000000 ____D () C:\FRST
2014-04-13 12:38 - 2014-04-13 12:38 - 02157568 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe
2014-04-13 12:37 - 2014-04-13 12:37 - 00000470 _____ () C:\Users\Sven\Desktop\defogger_disable.log
2014-04-13 12:37 - 2014-04-13 12:37 - 00000000 _____ () C:\Users\Sven\defogger_reenable
2014-04-13 12:36 - 2014-04-13 12:34 - 00050477 _____ () C:\Users\Sven\Desktop\Defogger.exe
2014-04-12 15:37 - 2014-04-12 16:18 - 00006490 _____ () C:\Windows\PFRO.log
2014-04-12 14:25 - 2014-04-12 16:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 14:25 - 2014-04-12 14:25 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 14:25 - 2014-04-12 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 14:25 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 14:25 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 14:25 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-12 09:14 - 2014-04-12 09:14 - 00000847 _____ () C:\Users\Sven\Desktop\temp-killer.lnk
2014-04-11 13:42 - 2014-04-11 13:42 - 00001374 _____ () C:\Users\Sven\Desktop\CCleaner64.lnk
2014-04-11 12:27 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 12:26 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 12:26 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 12:26 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 12:21 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 12:21 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 12:21 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 12:21 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 12:21 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 12:21 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 12:21 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 12:21 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 12:21 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 12:21 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 12:21 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 12:21 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 13:33 - 2014-04-13 12:20 - 00001008 _____ () C:\Windows\setupact.log
2014-04-07 13:33 - 2014-04-07 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 13:18 - 2014-04-07 13:18 - 00042900 _____ () C:\Users\Sven\Documents\cc_20140407_131819.reg
2014-04-07 13:13 - 2014-04-07 13:13 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-06 11:47 - 2014-04-06 11:47 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\Mozilla
2014-04-06 11:47 - 2014-04-06 11:46 - 00001115 _____ () C:\Users\KLM\Desktop\firefox - Verknüpfung.lnk
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 16:54 - 2014-04-05 16:54 - 00000000 ____D () C:\SUPERDelete
2014-04-05 15:43 - 2014-04-07 13:15 - 00000000 ____D () C:\Windows\Minidump
2014-03-30 18:42 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-29 08:32 - 2014-03-29 08:32 - 00000000 ____D () C:\Users\Sven\Documents\PC Speed Maximizer
2014-03-29 08:31 - 2014-03-29 08:31 - 01893706 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-29 08:27 - 2014-04-05 16:10 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\sweet-page
2014-03-29 08:27 - 2014-03-29 09:07 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-29 08:26 - 2014-03-29 09:09 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-03-29 08:26 - 2014-03-29 08:26 - 00512992 _____ () C:\Users\Sven\Downloads\spyware-doctor.exe
2014-03-28 13:37 - 2014-04-13 12:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-28 13:37 - 2014-04-13 11:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 13:37 - 2014-03-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-22 10:36 - 2014-03-22 10:36 - 00001171 _____ () C:\Users\Sven\Desktop\Eraser.lnk
2014-03-22 01:27 - 2014-03-22 01:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ASCOMP Software
2014-03-22 01:25 - 2014-03-22 01:25 - 00118784 _____ () C:\Windows\system32\bitspry5.exe
2014-03-22 01:25 - 2014-03-22 01:25 - 00004524 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-22 01:25 - 2014-03-22 01:25 - 00004478 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-22 01:25 - 2014-03-22 01:25 - 00004378 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Security System 2
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\BupSystem
2014-03-20 15:13 - 2014-03-22 00:31 - 00000000 ____D () C:\Users\Sven\.thumbnails
2014-03-19 15:17 - 2014-03-19 15:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator
2014-03-18 14:00 - 2014-03-18 14:00 - 00001057 _____ () C:\Users\Sven\Desktop\Fotoalbum.de.lnk
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fotoalbum.de
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2014-03-18 13:59 - 2014-03-18 13:59 - 00000000 _____ () C:\Users\Sven\.airinstall.log
2014-03-16 20:19 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 20:19 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 20:19 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 20:19 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 20:19 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 20:19 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 20:19 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 20:19 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 20:19 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 20:19 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 20:19 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 20:19 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 20:19 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 20:19 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 20:19 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-16 20:19 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-16 20:19 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 20:19 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 20:19 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-16 20:19 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 20:19 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 20:19 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 20:19 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-16 20:19 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 20:19 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 20:19 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-16 20:19 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 20:19 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 20:19 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 20:19 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 20:19 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 20:19 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 20:19 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 20:19 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 20:19 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 20:19 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-16 20:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 20:19 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 20:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 20:19 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-16 20:17 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 20:17 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 20:17 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 20:17 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-13 12:39 - 2014-04-13 12:39 - 00011285 _____ () C:\Users\Sven\Desktop\FRST.txt
2014-04-13 12:39 - 2014-04-13 12:39 - 00000000 ____D () C:\FRST
2014-04-13 12:38 - 2014-04-13 12:38 - 02157568 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe
2014-04-13 12:37 - 2014-04-13 12:37 - 00000470 _____ () C:\Users\Sven\Desktop\defogger_disable.log
2014-04-13 12:37 - 2014-04-13 12:37 - 00000000 _____ () C:\Users\Sven\defogger_reenable
2014-04-13 12:37 - 2014-02-22 10:26 - 00000000 ____D () C:\Users\Sven
2014-04-13 12:34 - 2014-04-13 12:36 - 00050477 _____ () C:\Users\Sven\Desktop\Defogger.exe
2014-04-13 12:27 - 2009-07-14 06:45 - 00022496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 12:27 - 2009-07-14 06:45 - 00022496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 12:24 - 2010-11-21 08:50 - 00699318 _____ () C:\Windows\system32\perfh007.dat
2014-04-13 12:24 - 2010-11-21 08:50 - 00149458 _____ () C:\Windows\system32\perfc007.dat
2014-04-13 12:24 - 2009-07-14 07:13 - 00844136 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-13 12:22 - 2014-03-28 13:37 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 12:20 - 2014-04-07 13:33 - 00001008 _____ () C:\Windows\setupact.log
2014-04-13 12:20 - 2014-03-02 16:35 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-13 12:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 11:26 - 2014-02-22 00:17 - 01344366 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 11:07 - 2014-03-28 13:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-12 16:36 - 2014-04-12 14:25 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 16:18 - 2014-04-12 15:37 - 00006490 _____ () C:\Windows\PFRO.log
2014-04-12 15:46 - 2014-03-02 16:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-12 14:25 - 2014-04-12 14:25 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 14:25 - 2014-04-12 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 13:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 09:19 - 2009-07-14 06:45 - 00295896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 09:14 - 2014-04-12 09:14 - 00000847 _____ () C:\Users\Sven\Desktop\temp-killer.lnk
2014-04-12 08:27 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-11 13:42 - 2014-04-11 13:42 - 00001374 _____ () C:\Users\Sven\Desktop\CCleaner64.lnk
2014-04-11 13:33 - 2014-03-08 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 13:32 - 2014-03-08 09:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-11 12:38 - 2014-02-22 15:16 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-04-07 13:33 - 2014-04-07 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 13:18 - 2014-04-07 13:18 - 00042900 _____ () C:\Users\Sven\Documents\cc_20140407_131819.reg
2014-04-07 13:15 - 2014-04-05 15:43 - 00000000 ____D () C:\Windows\Minidump
2014-04-07 13:15 - 2014-02-22 00:12 - 00000000 ____D () C:\Windows\Panther
2014-04-07 13:13 - 2014-04-07 13:13 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-06 11:47 - 2014-04-06 11:47 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\Mozilla
2014-04-06 11:46 - 2014-04-06 11:47 - 00001115 _____ () C:\Users\KLM\Desktop\firefox - Verknüpfung.lnk
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 16:54 - 2014-04-05 16:54 - 00000000 ____D () C:\SUPERDelete
2014-04-05 16:10 - 2014-03-29 08:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\sweet-page
2014-04-05 15:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-03 09:51 - 2014-04-12 14:25 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-12 14:25 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-12 14:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 19:28 - 2014-03-01 10:34 - 00000000 ____D () C:\Users\KLM\Desktop\KIRA
2014-03-31 07:37 - 2014-02-22 17:37 - 00000084 _____ () C:\Users\Sven\AppData\Roaming\WB.CFG
2014-03-31 03:16 - 2014-04-11 12:27 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-11 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-11 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-11 12:26 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 18:42 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 09:09 - 2014-03-29 08:26 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-03-29 09:07 - 2014-03-29 08:27 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-29 08:41 - 2014-03-02 16:35 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 08:41 - 2014-03-02 16:35 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 08:32 - 2014-03-29 08:32 - 00000000 ____D () C:\Users\Sven\Documents\PC Speed Maximizer
2014-03-29 08:31 - 2014-03-29 08:31 - 01893706 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-29 08:26 - 2014-03-29 08:26 - 00512992 _____ () C:\Users\Sven\Downloads\spyware-doctor.exe
2014-03-28 13:37 - 2014-03-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-28 13:37 - 2014-02-22 12:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-28 13:37 - 2014-02-22 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-28 13:37 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-22 19:24 - 2014-02-22 17:31 - 00000000 ____D () C:\Users\Sven\.gimp-2.8
2014-03-22 10:36 - 2014-03-22 10:36 - 00001171 _____ () C:\Users\Sven\Desktop\Eraser.lnk
2014-03-22 01:27 - 2014-03-22 01:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ASCOMP Software
2014-03-22 01:25 - 2014-03-22 01:25 - 00118784 _____ () C:\Windows\system32\bitspry5.exe
2014-03-22 01:25 - 2014-03-22 01:25 - 00004524 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-22 01:25 - 2014-03-22 01:25 - 00004478 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-22 01:25 - 2014-03-22 01:25 - 00004378 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Security System 2
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\BupSystem
2014-03-22 00:31 - 2014-03-20 15:13 - 00000000 ____D () C:\Users\Sven\.thumbnails
2014-03-19 15:17 - 2014-03-19 15:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator
2014-03-18 14:01 - 2014-02-22 12:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-18 14:00 - 2014-03-18 14:00 - 00001057 _____ () C:\Users\Sven\Desktop\Fotoalbum.de.lnk
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fotoalbum.de
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2014-03-18 14:00 - 2014-02-22 12:08 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Adobe
2014-03-18 14:00 - 2014-02-22 12:06 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-18 13:59 - 2014-03-18 13:59 - 00000000 _____ () C:\Users\Sven\.airinstall.log
2014-03-17 18:40 - 2014-03-01 10:34 - 00000000 ____D () C:\Users\KLM\Desktop\LUNA

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-11 13:05

==================== End Of Log ============================
--- --- ---



defogger
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:37 on 13/04/2014 (Sven)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Gmer
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-13 12:51:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 Samsung_ rev.EXT0 111,79GB
Running: Gmer-19357.exe; Driver: D:\Windows\Temp\awniiaob.sys

---- Processes - GMER 2.1 ----

Process  C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe (*** suspicious ***) @ C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe [1948](2014-03-2                    0000000000400000
Library  C:\Users\Sven\AppData\Roaming\BupSystem\sub\default.dll (*** suspicious ***) @ C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe [1948](2014-03-21 23:25:47)  0000000002d40000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c8bfd730c2a                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c8bfd730c2a (not active ControlSet)                                                           

---- EOF - GMER 2.1 ----
AVIRA
Code:
Exportierte Ereignisse:

12.04.2014 08:32 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\IePluginService\update\PluginUpdate.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '571f4cae.qua'
      verschoben!

12.04.2014 08:29 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\IePluginService\update\PluginUpdate.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

12.04.2014 08:29 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\IePluginService\update\PluginUpdate.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

11.04.2014 13:26 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\IePluginService\update\PluginUpdate.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55cd436d.qua'
      verschoben!

11.04.2014 13:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\IePluginService\update\PluginUpdate.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

11.04.2014 13:23 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\IePluginService\update\PluginUpdate.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

11.04.2014 12:19 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\IePluginService\update\PluginUpdate.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54235ccc.qua'
      verschoben!

11.04.2014 12:18 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\IePluginService\update\PluginUpdate.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

11.04.2014 12:18 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\IePluginService\update\PluginUpdate.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

05.04.2014 15:59 [System-Scanner] Malware gefunden
      Die Datei 'D:\Downloads\spyware-doctor_setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/InstallCore.A.142'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5703a2e9.qua'
      verschoben!

Malwarebyte
1
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 12.04.2014
Suchlauf-Zeit: 16:41:17
Logdatei: mm1.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.12.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sven

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 299583
Verstrichene Zeit: 4 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
2
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 12.04.2014 14:25:47, SYSTEM, KUNDEN-08UF0KJ6, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 12.04.2014 14:25:58, SYSTEM, KUNDEN-08UF0KJ6, Manual, Malware Database, 2014.3.4.9, 2014.4.12.2,
Update, 12.04.2014 16:10:44, SYSTEM, KUNDEN-08UF0KJ6, Manual, Malware Database, 2014.4.12.2, 2014.4.12.3,
Update, 12.04.2014 16:36:17, SYSTEM, KUNDEN-08UF0KJ6, Manual, Malware Database, 2014.4.12.3, 2014.4.12.4,

(end)
3
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 12.04.2014
Suchlauf-Zeit: 16:18:22
Logdatei: mm3.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.12.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sven

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 299159
Verstrichene Zeit: 6 Min, 35 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 37
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, In Quarantäne, [dc977bae5229af87e85a440cac55fb05],
PUP.Optional.WpManager, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wpm, In Quarantäne, [482b76b3c8b345f1acea1f3b758c30d0],
PUP.Optional.WpManager, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WPM, In Quarantäne, [482b76b3c8b345f1acea1f3b758c30d0],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [7bf82405b1ca3006ed6c89be6d95a65a],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [7bf82405b1ca3006ed6c89be6d95a65a],
PUP.Optional.SupTab.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [99da5dcca7d443f3133944cefd05916f],
PUP.Optional.SupTab.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [99da5dcca7d443f3133944cefd05916f],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4e6cd411-ce62-4584-97ff-6afbcf6900af}, In Quarantäne, [3a39d55475060036f3951ef305fdda26],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052916.BHO, In Quarantäne, [522105247efd4de9ce675d31867dfa06],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052916.BHO.1, In Quarantäne, [383bc069cead1f1755e0c4cab64d7090],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052916.Sandbox, In Quarantäne, [acc737f2d4a7ea4c5dd8830baf5443bd],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0052916.Sandbox.1, In Quarantäne, [88ebb3763a418da960d52a64ac572ed2],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, In Quarantäne, [12611d0caad1d85e6eb11258e9194eb2],
PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\WOW6432NODE\addplushd, In Quarantäne, [046f73b683f8fd391c514921689a28d8],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\Mega Browse, In Quarantäne, [1a594ddcff7c003612a294d9ea186a96],
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [2e452702e3981f1747d5247e9d66916f],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0052916.BHO, In Quarantäne, [5a1961c80e6d3bfb76bf26680cf7eb15],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0052916.BHO.1, In Quarantäne, [9ad90920e59674c2979e305e659ee020],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0052916.Sandbox, In Quarantäne, [e19240e965163402c86df69819ea2ed2],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0052916.Sandbox.1, In Quarantäne, [4f2422073e3d72c43401810dac572bd5],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\19979, In Quarantäne, [90e3a683d9a21422a47b1357877b3cc4],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [423135f40e6d88ae33e4a5f4bf4459a7],
PUP.Optional.MegaBrowse.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mega Browse, In Quarantäne, [13605ecbd9a21521ebca87e617ebc937],
PUP.Optional.AddPusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\addplushd, In Quarantäne, [b1c2c465403bcb6bd89408629f630ef2],
PUP.Optional.MegaBrowse.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Mega Browse, In Quarantäne, [f28144e53546fc3a4073204dee14649c],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSense, In Quarantäne, [42312603a4d76ec8e063d0cc10f3ba46],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLive, In Quarantäne, [9dd667c290eb6ec8093b8b110af9ee12],
PUP.Optional.AddPusHD.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\addplushd, In Quarantäne, [4f2478b1a0db33036c000664ed15758b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [373cc5644e2d47eff9e7ffa20ef5e61a],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [c0b3af7ab3c890a662ae90e7cf33b947],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [75fed950d5a668ce90bb622bdd26936d],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, In Quarantäne, [2053bf6a0f6c4ee855cb86e419e96799],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\hdideo, In Quarantäne, [353e9d8c2b50c175492585e5d23009f7],
PUP.Optional.AddPusHD.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1009.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\addplushd, In Quarantäne, [fd768b9e760532042d3fef7be51d7f81],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1009.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [096afd2cd9a2e74fecf4950c1ee525db],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511291116}, In Quarantäne, [81f20f1a17647cbaa1d8c35f61a3639d],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511291116}, In Quarantäne, [81f20f1a17647cbaa1d8c35f61a3639d],

Registrierungswerte: 3
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default\extensions\quick_start@gmail.com, In Quarantäne, [6013e247ec8fec4a47766bff42c08977]
PUP.Optional.WpManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM|ImagePath, C:\ProgramData\WPM\wprotectmanager.exe -service, In Quarantäne, [f87baa7fbbc0e0561ed79c016f941ce4]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4107197625-2974202506-744648078-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1R1Q1O0G2Z1I1E, In Quarantäne, [75fed950d5a668ce90bb622bdd26936d]

Registrierungsdaten: 4
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1396074421&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF139410F&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1396074421&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF139410F&q={searchTerms}),Ersetzt,[b6bd0722116ae94dd4417aa615ef58a8]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a7ccfc2d28535adcf0b7ab742fd525db]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1396074421&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF139410F&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1396074421&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF139410F&q={searchTerms}),Ersetzt,[3a39b079f883181e33e2a37dd430e41c]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[c2b1e0492e4d1323881f47d8887cf10f]

Ordner: 8
PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive, In Quarantäne, [373cc465ff7c191dc0ab75e621e1738d],
PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive\Update, In Quarantäne, [373cc465ff7c191dc0ab75e621e1738d],
PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive\Update\Log, In Quarantäne, [373cc465ff7c191dc0ab75e621e1738d],
PUP.Optional.SaveSense, C:\Users\Sven\AppData\Roaming\SaveSense, In Quarantäne, [f18247e2a5d657df86e6dc7f4bb7da26],
PUP.Optional.SaveSense, C:\Users\Sven\AppData\Roaming\SaveSense\UpdateProc, In Quarantäne, [f18247e2a5d657df86e6dc7f4bb7da26],
PUP.Optional.SaveSense, C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense, In Quarantäne, [87ec97923a41eb4b90ddadae020056aa],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [eb881e0b9fdce254f1d787d543bf9967],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [eb881e0b9fdce254f1d787d543bf9967],

Dateien: 17
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, In Quarantäne, [dc977bae5229af87e85a440cac55fb05],
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, In Quarantäne, [482b76b3c8b345f1acea1f3b758c30d0],
PUP.Optional.AddPusHD.A, C:\Windows\Tasks\addplushd-codedownloader.job, In Quarantäne, [492aa08984f77cbad89284e6f210a060],
PUP.Optional.AddPusHD.A, C:\Windows\Tasks\addplushd-enabler.job, In Quarantäne, [ee8507222457b284c4a68bdf4cb6f709],
PUP.Optional.AddPusHD.A, C:\Windows\Tasks\addplushd-firefoxinstaller.job, In Quarantäne, [383ba4851d5e68ce5c0eb8b256ac3dc3],
PUP.Optional.AddPusHD.A, C:\Windows\Tasks\addplushd-updater.job, In Quarantäne, [1e55d1580c6fc76f5f0b9ccee12114ec],
PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive\Update\Log\SaveSenseLive.log, In Quarantäne, [373cc465ff7c191dc0ab75e621e1738d],
PUP.Optional.SaveSense, C:\Users\Sven\AppData\Roaming\SaveSense\UpdateProc\config.dat, In Quarantäne, [f18247e2a5d657df86e6dc7f4bb7da26],
PUP.Optional.SaveSense, C:\Users\Sven\AppData\Roaming\SaveSense\UpdateProc\info.dat, In Quarantäne, [f18247e2a5d657df86e6dc7f4bb7da26],
PUP.Optional.SaveSense, C:\Users\Sven\AppData\Roaming\SaveSense\UpdateProc\STTL.DAT, In Quarantäne, [f18247e2a5d657df86e6dc7f4bb7da26],
PUP.Optional.SaveSense, C:\Users\Sven\AppData\Roaming\SaveSense\UpdateProc\TTL.DAT, In Quarantäne, [f18247e2a5d657df86e6dc7f4bb7da26],
PUP.Optional.SaveSense, C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url, In Quarantäne, [87ec97923a41eb4b90ddadae020056aa],
PUP.Optional.SaveSense, C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url, In Quarantäne, [87ec97923a41eb4b90ddadae020056aa],
PUP.Optional.SaveSense, C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk, In Quarantäne, [87ec97923a41eb4b90ddadae020056aa],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [eb881e0b9fdce254f1d787d543bf9967],
PUP.Optional.CrossRider.A, C:\Users\KLM\AppData\Roaming\Mozilla\Firefox\Profiles\xj5ug50y.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "1453675e28f26f94b9bcf460d0e10e10");), Ersetzt,[8ae9c465c8b3bf77f85c57f38b792ed2]
PUP.Optional.CrossRider.A, C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "144e6fa0388ceedf6f3726988073bd8e");), Ersetzt,[b5be35f4a5d6072fdf755ded31d3c63a]

Physische Sektoren: 0
(No malicious items detected)


(end)
SUPERAntiSpyware
1
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/07/2014 at 01:28 PM

Application Version : 5.7.1018

Core Rules Database Version : 11145
Trace Rules Database Version: 8957

Scan type      : Complete Scan
Total Scan Time : 00:08:22

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 758
Memory threats detected  : 0
Registry items scanned    : 69985
Registry threats detected : 0
File items scanned        : 53797
File threats detected    : 58

Adware.Tracking Cookie
        .doubleclick.net [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        c1.adform.net [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        c1.adform.net [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        content.yieldmanager.edgesuite.net [ C:\USERS\SVEN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N6TNHSDR ]
        core.insightexpressai.com [ C:\USERS\SVEN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N6TNHSDR ]
        .doubleclick.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
2
Code:
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 04/11/2014 bei 12:28 PM

Version der Applikation : 5.7.1018

Version der Kern-Datenbank : 11160
Version der Spur-Datenbank : 8972

Scan Art      : Kundendefinierter Scann
Totale Scann-Zeit : 00:00:34

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Gescannte Speicherelemente  : 551
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 61360
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 7658
Erfasste Datei-Elemente  : 0
3
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/11/2014 at 12:48 PM

Application Version : 5.7.1018

Core Rules Database Version : 11160
Trace Rules Database Version: 8972

Scan type      : Complete Scan
Total Scan Time : 00:08:54

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 564
Memory threats detected  : 0
Registry items scanned    : 65310
Registry threats detected : 0
File items scanned        : 53803
File threats detected    : 29

Adware.Tracking Cookie
        .adfarm1.adition.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\KLM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJ5UG50Y.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\SVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AXSR37UN.DEFAULT\COOKIES.SQLITE ]

schrauber 14.04.2014 10:26
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Download Protect - C:\Windows\Installer\{7D93B3B1-D20A-43CC-9649-1D5FF4F688D6}\{3045FBA1-BC7C-4104-A2C4-6408C2EECB81}.xpi [2014-04-13]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

dodo2014 14.04.2014 11:27
Hallo Schrauber,

danke, dass du dich meiner annimmst,

hier die frst-datei vor dem Programmdurchlauf


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by Sven (administrator) on KUNDEN-08UF0KJ6 on 14-04-2014 12:04:17
Running from C:\Users\Sven\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) D:\Program Files\superantispy\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe
() C:\Windows\system32\bitspry5.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\system32\userinit.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) D:\Program Files\superantispy\SUPERAntiSpyware.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKU\S-1-5-21-4107197625-2974202506-744648078-1002\...\Run: [SUPERAntiSpyware] - D:\Program Files\superantispy\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://syb.msn.com/
hxxp://www.tecstore.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com
hxxp://www.tecstore.net
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF86C9E15A82FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1396074421&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF139410F&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1396074421&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBF139410F&q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9319C907-DB12-4DC7-8EAA-7DBAE70AA664} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {29E6354C-A337-421C-B60B-D4CCBA49659C} URL =
SearchScopes: HKCU - {9319C907-DB12-4DC7-8EAA-7DBAE70AA664} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {95FA172C-6F07-4463-97FA-B0C21E7A082C} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default
FF user.js: detected! => C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.nw-news.de/
FF Keyword.URL: hxxp://www.sm.de/?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default\searchplugins\search_engine.xml
FF HKLM-x32\...\Firefox\Extensions: [{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}] - C:\Windows\Installer\{F727B133-40D4-4F89-95FA-C4C9CE6BC51E}\{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}] - C:\Windows\Installer\{4BDE0211-F443-44BE-8034-30B3F39E568D}\{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}] - C:\Windows\Installer\{45C432DF-F7E4-4C28-8FEC-ADB9184DF141}\{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{45C432DF-F7E4-4C28-8FEC-ADB9184DF141}\{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}.xpi [2014-04-13]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla\firefox.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; D:\Program Files\superantispy\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 bupService; C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe [1005056 2014-03-22] ()
R2 cmdl3264; C:\Windows\system32\bitspry5.exe [118784 2014-03-22] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-06] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-06] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3586528 2013-08-15] (Intel Corporation)
R1 SASDIFSV; D:\Program Files\superantispy\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\superantispy\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\TSTWRE~1\tswnt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-14 12:04 - 2014-04-14 12:04 - 00011033 _____ () C:\Users\Sven\Desktop\FRST.txt
2014-04-13 13:12 - 2014-04-13 13:43 - 00000000 ____D () C:\Users\Sven\Desktop\trojanerboard
2014-04-13 12:42 - 2014-04-13 12:42 - 00380416 _____ () C:\Users\Sven\Desktop\Gmer-19357.exe
2014-04-13 12:39 - 2014-04-14 12:04 - 00000000 ____D () C:\FRST
2014-04-13 12:38 - 2014-04-13 12:38 - 02157568 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe
2014-04-13 12:37 - 2014-04-13 12:37 - 00000000 _____ () C:\Users\Sven\defogger_reenable
2014-04-13 12:36 - 2014-04-13 12:34 - 00050477 _____ () C:\Users\Sven\Desktop\Defogger.exe
2014-04-12 15:37 - 2014-04-12 16:18 - 00006490 _____ () C:\Windows\PFRO.log
2014-04-12 14:25 - 2014-04-13 12:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 14:25 - 2014-04-12 14:25 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 14:25 - 2014-04-12 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 14:25 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 14:25 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 14:25 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-12 09:14 - 2014-04-12 09:14 - 00000847 _____ () C:\Users\Sven\Desktop\temp-killer.lnk
2014-04-11 13:42 - 2014-04-11 13:42 - 00001374 _____ () C:\Users\Sven\Desktop\CCleaner64.lnk
2014-04-11 12:27 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 12:26 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 12:26 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 12:26 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 12:21 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 12:21 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 12:21 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 12:21 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 12:21 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 12:21 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 12:21 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 12:21 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 12:21 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 12:21 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 12:21 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 12:21 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 13:33 - 2014-04-14 12:03 - 00001400 _____ () C:\Windows\setupact.log
2014-04-07 13:33 - 2014-04-07 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 13:18 - 2014-04-07 13:18 - 00042900 _____ () C:\Users\Sven\Documents\cc_20140407_131819.reg
2014-04-07 13:13 - 2014-04-07 13:13 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-06 11:47 - 2014-04-06 11:47 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\Mozilla
2014-04-06 11:47 - 2014-04-06 11:46 - 00001115 _____ () C:\Users\KLM\Desktop\firefox - Verknüpfung.lnk
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 16:54 - 2014-04-05 16:54 - 00000000 ____D () C:\SUPERDelete
2014-04-05 15:43 - 2014-04-07 13:15 - 00000000 ____D () C:\Windows\Minidump
2014-03-30 18:42 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-29 08:32 - 2014-03-29 08:32 - 00000000 ____D () C:\Users\Sven\Documents\PC Speed Maximizer
2014-03-29 08:31 - 2014-03-29 08:31 - 01893706 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-29 08:27 - 2014-04-05 16:10 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\sweet-page
2014-03-29 08:27 - 2014-03-29 09:07 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-29 08:26 - 2014-03-29 09:09 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-03-29 08:26 - 2014-03-29 08:26 - 00512992 _____ () C:\Users\Sven\Downloads\spyware-doctor.exe
2014-03-28 13:37 - 2014-04-13 19:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 13:37 - 2014-04-13 12:22 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-28 13:37 - 2014-03-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-22 10:36 - 2014-03-22 10:36 - 00001171 _____ () C:\Users\Sven\Desktop\Eraser.lnk
2014-03-22 01:27 - 2014-03-22 01:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ASCOMP Software
2014-03-22 01:25 - 2014-03-22 01:25 - 00118784 _____ () C:\Windows\system32\bitspry5.exe
2014-03-22 01:25 - 2014-03-22 01:25 - 00004524 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-22 01:25 - 2014-03-22 01:25 - 00004478 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-22 01:25 - 2014-03-22 01:25 - 00004378 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Security System 2
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\BupSystem
2014-03-20 15:13 - 2014-03-22 00:31 - 00000000 ____D () C:\Users\Sven\.thumbnails
2014-03-19 15:17 - 2014-03-19 15:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator
2014-03-18 14:00 - 2014-03-18 14:00 - 00001057 _____ () C:\Users\Sven\Desktop\Fotoalbum.de.lnk
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fotoalbum.de
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2014-03-18 13:59 - 2014-03-18 13:59 - 00000000 _____ () C:\Users\Sven\.airinstall.log
2014-03-16 20:19 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 20:19 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 20:19 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 20:19 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 20:19 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 20:19 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 20:19 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 20:19 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 20:19 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 20:19 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 20:19 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 20:19 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 20:19 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 20:19 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 20:19 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-16 20:19 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-16 20:19 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 20:19 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 20:19 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-16 20:19 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 20:19 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 20:19 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 20:19 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-16 20:19 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 20:19 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 20:19 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-16 20:19 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 20:19 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 20:19 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 20:19 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 20:19 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 20:19 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 20:19 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 20:19 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 20:19 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 20:19 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-16 20:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 20:19 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 20:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 20:19 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-16 20:17 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 20:17 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 20:17 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 20:17 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-14 12:04 - 2014-04-14 12:04 - 00011033 _____ () C:\Users\Sven\Desktop\FRST.txt
2014-04-14 12:04 - 2014-04-13 12:39 - 00000000 ____D () C:\FRST
2014-04-14 12:03 - 2014-04-07 13:33 - 00001400 _____ () C:\Windows\setupact.log
2014-04-14 12:03 - 2014-03-02 16:35 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 12:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 09:32 - 2014-02-22 00:17 - 01400447 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 09:31 - 2009-07-14 06:45 - 00022496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 09:31 - 2009-07-14 06:45 - 00022496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 09:27 - 2010-11-21 08:50 - 00699318 _____ () C:\Windows\system32\perfh007.dat
2014-04-14 09:27 - 2010-11-21 08:50 - 00149458 _____ () C:\Windows\system32\perfc007.dat
2014-04-14 09:27 - 2009-07-14 07:13 - 00844136 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-13 19:07 - 2014-03-28 13:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 14:46 - 2014-03-02 16:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 13:43 - 2014-04-13 13:12 - 00000000 ____D () C:\Users\Sven\Desktop\trojanerboard
2014-04-13 12:55 - 2014-04-12 14:25 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 12:45 - 2014-02-22 15:16 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-04-13 12:42 - 2014-04-13 12:42 - 00380416 _____ () C:\Users\Sven\Desktop\Gmer-19357.exe
2014-04-13 12:38 - 2014-04-13 12:38 - 02157568 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe
2014-04-13 12:37 - 2014-04-13 12:37 - 00000000 _____ () C:\Users\Sven\defogger_reenable
2014-04-13 12:37 - 2014-02-22 10:26 - 00000000 ____D () C:\Users\Sven
2014-04-13 12:34 - 2014-04-13 12:36 - 00050477 _____ () C:\Users\Sven\Desktop\Defogger.exe
2014-04-13 12:22 - 2014-03-28 13:37 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-12 16:18 - 2014-04-12 15:37 - 00006490 _____ () C:\Windows\PFRO.log
2014-04-12 14:25 - 2014-04-12 14:25 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 14:25 - 2014-04-12 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 13:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 09:19 - 2009-07-14 06:45 - 00295896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 09:14 - 2014-04-12 09:14 - 00000847 _____ () C:\Users\Sven\Desktop\temp-killer.lnk
2014-04-12 08:27 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-11 13:42 - 2014-04-11 13:42 - 00001374 _____ () C:\Users\Sven\Desktop\CCleaner64.lnk
2014-04-11 13:33 - 2014-03-08 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 13:32 - 2014-03-08 09:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 13:33 - 2014-04-07 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 13:18 - 2014-04-07 13:18 - 00042900 _____ () C:\Users\Sven\Documents\cc_20140407_131819.reg
2014-04-07 13:15 - 2014-04-05 15:43 - 00000000 ____D () C:\Windows\Minidump
2014-04-07 13:15 - 2014-02-22 00:12 - 00000000 ____D () C:\Windows\Panther
2014-04-07 13:13 - 2014-04-07 13:13 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-06 11:47 - 2014-04-06 11:47 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\Mozilla
2014-04-06 11:46 - 2014-04-06 11:47 - 00001115 _____ () C:\Users\KLM\Desktop\firefox - Verknüpfung.lnk
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 16:54 - 2014-04-05 16:54 - 00000000 ____D () C:\SUPERDelete
2014-04-05 16:10 - 2014-03-29 08:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\sweet-page
2014-04-05 15:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-03 09:51 - 2014-04-12 14:25 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-12 14:25 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-12 14:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 19:28 - 2014-03-01 10:34 - 00000000 ____D () C:\Users\KLM\Desktop\KIRA
2014-03-31 07:37 - 2014-02-22 17:37 - 00000084 _____ () C:\Users\Sven\AppData\Roaming\WB.CFG
2014-03-31 03:16 - 2014-04-11 12:27 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-11 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-11 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-11 12:26 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 18:42 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 09:09 - 2014-03-29 08:26 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-03-29 09:07 - 2014-03-29 08:27 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-29 08:41 - 2014-03-02 16:35 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 08:41 - 2014-03-02 16:35 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 08:32 - 2014-03-29 08:32 - 00000000 ____D () C:\Users\Sven\Documents\PC Speed Maximizer
2014-03-29 08:31 - 2014-03-29 08:31 - 01893706 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-29 08:26 - 2014-03-29 08:26 - 00512992 _____ () C:\Users\Sven\Downloads\spyware-doctor.exe
2014-03-28 13:37 - 2014-03-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-28 13:37 - 2014-02-22 12:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-28 13:37 - 2014-02-22 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-28 13:37 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-22 19:24 - 2014-02-22 17:31 - 00000000 ____D () C:\Users\Sven\.gimp-2.8
2014-03-22 10:36 - 2014-03-22 10:36 - 00001171 _____ () C:\Users\Sven\Desktop\Eraser.lnk
2014-03-22 01:27 - 2014-03-22 01:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ASCOMP Software
2014-03-22 01:25 - 2014-03-22 01:25 - 00118784 _____ () C:\Windows\system32\bitspry5.exe
2014-03-22 01:25 - 2014-03-22 01:25 - 00004524 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-22 01:25 - 2014-03-22 01:25 - 00004478 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-22 01:25 - 2014-03-22 01:25 - 00004378 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Security System 2
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\BupSystem
2014-03-22 00:31 - 2014-03-20 15:13 - 00000000 ____D () C:\Users\Sven\.thumbnails
2014-03-19 15:17 - 2014-03-19 15:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator
2014-03-18 14:01 - 2014-02-22 12:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-18 14:00 - 2014-03-18 14:00 - 00001057 _____ () C:\Users\Sven\Desktop\Fotoalbum.de.lnk
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fotoalbum.de
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2014-03-18 14:00 - 2014-02-22 12:08 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Adobe
2014-03-18 14:00 - 2014-02-22 12:06 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-18 13:59 - 2014-03-18 13:59 - 00000000 _____ () C:\Users\Sven\.airinstall.log
2014-03-17 18:40 - 2014-03-01 10:34 - 00000000 ____D () C:\Users\KLM\Desktop\LUNA

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-11 13:05

==================== End Of Log ============================
--- --- ---




hier die nach dem Durchlauf:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by Sven (administrator) on KUNDEN-08UF0KJ6 on 14-04-2014 12:25:12
Running from C:\Users\Sven\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) D:\Program Files\superantispy\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe
() C:\Windows\system32\bitspry5.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) D:\Program Files\superantispy\SUPERAntiSpyware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKU\S-1-5-21-4107197625-2974202506-744648078-1002\...\Run: [SUPERAntiSpyware] - D:\Program Files\superantispy\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://syb.msn.com/
hxxp://www.tecstore.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com
hxxp://www.tecstore.net
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF86C9E15A82FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9319C907-DB12-4DC7-8EAA-7DBAE70AA664} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {29E6354C-A337-421C-B60B-D4CCBA49659C} URL =
SearchScopes: HKCU - {9319C907-DB12-4DC7-8EAA-7DBAE70AA664} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {95FA172C-6F07-4463-97FA-B0C21E7A082C} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.nw-news.de/
FF Keyword.URL: hxxp://www.sm.de/?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default\searchplugins\search_engine.xml
FF HKLM-x32\...\Firefox\Extensions: [{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}] - C:\Windows\Installer\{F727B133-40D4-4F89-95FA-C4C9CE6BC51E}\{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}] - C:\Windows\Installer\{4BDE0211-F443-44BE-8034-30B3F39E568D}\{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}] - C:\Windows\Installer\{45C432DF-F7E4-4C28-8FEC-ADB9184DF141}\{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{45C432DF-F7E4-4C28-8FEC-ADB9184DF141}\{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}.xpi [2014-04-13]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla\firefox.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; D:\Program Files\superantispy\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 bupService; C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe [1005056 2014-03-22] ()
R2 cmdl3264; C:\Windows\system32\bitspry5.exe [118784 2014-03-22] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-06] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-06] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3586528 2013-08-15] (Intel Corporation)
R1 SASDIFSV; D:\Program Files\superantispy\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\superantispy\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\TSTWRE~1\tswnt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-14 12:21 - 2014-04-14 12:21 - 00000766 _____ () C:\Users\Sven\Desktop\JRT.txt
2014-04-14 12:17 - 2014-04-14 12:17 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 12:16 - 2014-04-14 12:16 - 01016261 _____ (Thisisu) C:\Users\Sven\Desktop\JRT.exe
2014-04-14 12:14 - 2014-04-14 12:14 - 00002615 _____ () C:\Users\Sven\Desktop\AdwCleaner[S0].txt
2014-04-14 12:11 - 2014-04-14 12:13 - 00000000 ____D () C:\AdwCleaner
2014-04-14 12:11 - 2014-04-14 12:09 - 01426178 _____ () C:\Users\Sven\Desktop\adwcleaner.exe
2014-04-14 12:04 - 2014-04-14 12:25 - 00010492 _____ () C:\Users\Sven\Desktop\FRST.txt
2014-04-13 13:12 - 2014-04-13 13:43 - 00000000 ____D () C:\Users\Sven\Desktop\trojanerboard
2014-04-13 12:42 - 2014-04-13 12:42 - 00380416 _____ () C:\Users\Sven\Desktop\Gmer-19357.exe
2014-04-13 12:39 - 2014-04-14 12:25 - 00000000 ____D () C:\FRST
2014-04-13 12:38 - 2014-04-13 12:38 - 02157568 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe
2014-04-13 12:37 - 2014-04-13 12:37 - 00000000 _____ () C:\Users\Sven\defogger_reenable
2014-04-13 12:36 - 2014-04-13 12:34 - 00050477 _____ () C:\Users\Sven\Desktop\Defogger.exe
2014-04-12 15:37 - 2014-04-12 16:18 - 00006490 _____ () C:\Windows\PFRO.log
2014-04-12 14:25 - 2014-04-13 12:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 14:25 - 2014-04-12 14:25 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 14:25 - 2014-04-12 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 14:25 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 14:25 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 14:25 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-12 09:14 - 2014-04-12 09:14 - 00000847 _____ () C:\Users\Sven\Desktop\temp-killer.lnk
2014-04-11 13:42 - 2014-04-11 13:42 - 00001374 _____ () C:\Users\Sven\Desktop\CCleaner64.lnk
2014-04-11 12:27 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 12:26 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 12:26 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 12:26 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 12:21 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 12:21 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 12:21 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 12:21 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 12:21 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 12:21 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 12:21 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 12:21 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 12:21 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 12:21 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 12:21 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 12:21 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 13:33 - 2014-04-14 12:14 - 00001512 _____ () C:\Windows\setupact.log
2014-04-07 13:33 - 2014-04-07 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 13:18 - 2014-04-07 13:18 - 00042900 _____ () C:\Users\Sven\Documents\cc_20140407_131819.reg
2014-04-07 13:13 - 2014-04-07 13:13 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-06 11:47 - 2014-04-06 11:47 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\Mozilla
2014-04-06 11:47 - 2014-04-06 11:46 - 00001115 _____ () C:\Users\KLM\Desktop\firefox - Verknüpfung.lnk
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 16:54 - 2014-04-05 16:54 - 00000000 ____D () C:\SUPERDelete
2014-04-05 15:43 - 2014-04-07 13:15 - 00000000 ____D () C:\Windows\Minidump
2014-03-30 18:42 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-29 08:31 - 2014-03-29 08:31 - 01893706 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-29 08:27 - 2014-04-05 16:10 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\sweet-page
2014-03-29 08:27 - 2014-03-29 09:07 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-29 08:26 - 2014-03-29 08:26 - 00512992 _____ () C:\Users\Sven\Downloads\spyware-doctor.exe
2014-03-28 13:37 - 2014-04-14 12:08 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-28 13:37 - 2014-04-14 12:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 13:37 - 2014-03-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-22 10:36 - 2014-03-22 10:36 - 00001171 _____ () C:\Users\Sven\Desktop\Eraser.lnk
2014-03-22 01:27 - 2014-03-22 01:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ASCOMP Software
2014-03-22 01:25 - 2014-03-22 01:25 - 00118784 _____ () C:\Windows\system32\bitspry5.exe
2014-03-22 01:25 - 2014-03-22 01:25 - 00004524 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-22 01:25 - 2014-03-22 01:25 - 00004478 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-22 01:25 - 2014-03-22 01:25 - 00004378 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Security System 2
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\BupSystem
2014-03-20 15:13 - 2014-03-22 00:31 - 00000000 ____D () C:\Users\Sven\.thumbnails
2014-03-19 15:17 - 2014-03-19 15:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator
2014-03-18 14:00 - 2014-03-18 14:00 - 00001057 _____ () C:\Users\Sven\Desktop\Fotoalbum.de.lnk
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fotoalbum.de
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2014-03-18 13:59 - 2014-03-18 13:59 - 00000000 _____ () C:\Users\Sven\.airinstall.log
2014-03-16 20:19 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 20:19 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 20:19 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 20:19 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 20:19 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 20:19 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 20:19 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 20:19 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 20:19 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 20:19 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 20:19 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 20:19 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 20:19 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 20:19 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 20:19 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-16 20:19 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-16 20:19 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 20:19 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 20:19 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-16 20:19 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 20:19 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 20:19 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 20:19 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-16 20:19 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 20:19 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 20:19 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-16 20:19 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 20:19 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 20:19 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 20:19 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 20:19 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 20:19 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 20:19 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 20:19 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 20:19 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 20:19 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-16 20:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 20:19 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 20:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 20:19 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-16 20:17 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 20:17 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 20:17 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 20:17 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-14 12:25 - 2014-04-14 12:04 - 00010492 _____ () C:\Users\Sven\Desktop\FRST.txt
2014-04-14 12:25 - 2014-04-13 12:39 - 00000000 ____D () C:\FRST
2014-04-14 12:21 - 2014-04-14 12:21 - 00000766 _____ () C:\Users\Sven\Desktop\JRT.txt
2014-04-14 12:21 - 2009-07-14 06:45 - 00022496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 12:21 - 2009-07-14 06:45 - 00022496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 12:20 - 2010-11-21 08:50 - 00699318 _____ () C:\Windows\system32\perfh007.dat
2014-04-14 12:20 - 2010-11-21 08:50 - 00149458 _____ () C:\Windows\system32\perfc007.dat
2014-04-14 12:20 - 2009-07-14 07:13 - 00844136 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 12:17 - 2014-04-14 12:17 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 12:16 - 2014-04-14 12:16 - 01016261 _____ (Thisisu) C:\Users\Sven\Desktop\JRT.exe
2014-04-14 12:14 - 2014-04-14 12:14 - 00002615 _____ () C:\Users\Sven\Desktop\AdwCleaner[S0].txt
2014-04-14 12:14 - 2014-04-07 13:33 - 00001512 _____ () C:\Windows\setupact.log
2014-04-14 12:14 - 2014-03-02 16:35 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 12:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 12:13 - 2014-04-14 12:11 - 00000000 ____D () C:\AdwCleaner
2014-04-14 12:13 - 2014-02-22 00:17 - 01418646 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 12:09 - 2014-04-14 12:11 - 01426178 _____ () C:\Users\Sven\Desktop\adwcleaner.exe
2014-04-14 12:08 - 2014-03-28 13:37 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 12:07 - 2014-03-28 13:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 12:07 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-13 14:46 - 2014-03-02 16:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 13:43 - 2014-04-13 13:12 - 00000000 ____D () C:\Users\Sven\Desktop\trojanerboard
2014-04-13 12:55 - 2014-04-12 14:25 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 12:45 - 2014-02-22 15:16 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-04-13 12:42 - 2014-04-13 12:42 - 00380416 _____ () C:\Users\Sven\Desktop\Gmer-19357.exe
2014-04-13 12:38 - 2014-04-13 12:38 - 02157568 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe
2014-04-13 12:37 - 2014-04-13 12:37 - 00000000 _____ () C:\Users\Sven\defogger_reenable
2014-04-13 12:37 - 2014-02-22 10:26 - 00000000 ____D () C:\Users\Sven
2014-04-13 12:34 - 2014-04-13 12:36 - 00050477 _____ () C:\Users\Sven\Desktop\Defogger.exe
2014-04-12 16:18 - 2014-04-12 15:37 - 00006490 _____ () C:\Windows\PFRO.log
2014-04-12 14:25 - 2014-04-12 14:25 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 14:25 - 2014-04-12 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 13:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 09:19 - 2009-07-14 06:45 - 00295896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 09:14 - 2014-04-12 09:14 - 00000847 _____ () C:\Users\Sven\Desktop\temp-killer.lnk
2014-04-12 08:27 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-11 13:42 - 2014-04-11 13:42 - 00001374 _____ () C:\Users\Sven\Desktop\CCleaner64.lnk
2014-04-11 13:33 - 2014-03-08 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 13:32 - 2014-03-08 09:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 13:33 - 2014-04-07 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 13:18 - 2014-04-07 13:18 - 00042900 _____ () C:\Users\Sven\Documents\cc_20140407_131819.reg
2014-04-07 13:15 - 2014-04-05 15:43 - 00000000 ____D () C:\Windows\Minidump
2014-04-07 13:15 - 2014-02-22 00:12 - 00000000 ____D () C:\Windows\Panther
2014-04-07 13:13 - 2014-04-07 13:13 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-06 11:47 - 2014-04-06 11:47 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\Mozilla
2014-04-06 11:46 - 2014-04-06 11:47 - 00001115 _____ () C:\Users\KLM\Desktop\firefox - Verknüpfung.lnk
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 16:54 - 2014-04-05 16:54 - 00000000 ____D () C:\SUPERDelete
2014-04-05 16:10 - 2014-03-29 08:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\sweet-page
2014-04-05 15:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-03 09:51 - 2014-04-12 14:25 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-12 14:25 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-12 14:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 19:28 - 2014-03-01 10:34 - 00000000 ____D () C:\Users\KLM\Desktop\KIRA
2014-03-31 07:37 - 2014-02-22 17:37 - 00000084 _____ () C:\Users\Sven\AppData\Roaming\WB.CFG
2014-03-31 03:16 - 2014-04-11 12:27 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-11 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-11 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-11 12:26 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 18:42 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 09:07 - 2014-03-29 08:27 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-29 08:41 - 2014-03-02 16:35 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 08:41 - 2014-03-02 16:35 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 08:31 - 2014-03-29 08:31 - 01893706 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-29 08:26 - 2014-03-29 08:26 - 00512992 _____ () C:\Users\Sven\Downloads\spyware-doctor.exe
2014-03-28 13:37 - 2014-03-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-28 13:37 - 2014-02-22 12:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-28 13:37 - 2014-02-22 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-22 19:24 - 2014-02-22 17:31 - 00000000 ____D () C:\Users\Sven\.gimp-2.8
2014-03-22 10:36 - 2014-03-22 10:36 - 00001171 _____ () C:\Users\Sven\Desktop\Eraser.lnk
2014-03-22 01:27 - 2014-03-22 01:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ASCOMP Software
2014-03-22 01:25 - 2014-03-22 01:25 - 00118784 _____ () C:\Windows\system32\bitspry5.exe
2014-03-22 01:25 - 2014-03-22 01:25 - 00004524 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-22 01:25 - 2014-03-22 01:25 - 00004478 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-22 01:25 - 2014-03-22 01:25 - 00004378 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Security System 2
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\BupSystem
2014-03-22 00:31 - 2014-03-20 15:13 - 00000000 ____D () C:\Users\Sven\.thumbnails
2014-03-19 15:17 - 2014-03-19 15:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator
2014-03-18 14:01 - 2014-02-22 12:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-18 14:00 - 2014-03-18 14:00 - 00001057 _____ () C:\Users\Sven\Desktop\Fotoalbum.de.lnk
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fotoalbum.de
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2014-03-18 14:00 - 2014-02-22 12:08 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Adobe
2014-03-18 14:00 - 2014-02-22 12:06 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-18 13:59 - 2014-03-18 13:59 - 00000000 _____ () C:\Users\Sven\.airinstall.log
2014-03-17 18:40 - 2014-03-01 10:34 - 00000000 ____D () C:\Users\KLM\Desktop\LUNA

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-11 13:05

==================== End Of Log ============================
--- --- ---




fixlog

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2014 01
Ran by Sven at 2014-04-14 12:07:55 Run:1
Running from C:\Users\Sven\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Download Protect - C:\Windows\Installer\{7D93B3B1-D20A-43CC-9649-1D5FF4F688D6}\{3045FBA1-BC7C-4104-A2C4-6408C2EECB81}.xpi [2014-04-13]
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\Installer\{7D93B3B1-D20A-43CC-9649-1D5FF4F688D6}\{3045FBA1-BC7C-4104-A2C4-6408C2EECB81}.xpi not found.


The system needed a reboot.

==== End of Fixlog ====

AdwCleaner

Code:
# AdwCleaner v3.023 - Bericht erstellt am 14/04/2014 um 12:13:27
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Sven - KUNDEN-08UF0KJ6
# Gestartet von : C:\Users\Sven\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Sven\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Sven\Documents\PC Speed Maximizer
Datei Gelöscht : C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295516}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296616}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544294416}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295516}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296616}
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\IePlugin
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default\prefs.js ]


[ Datei : C:\Users\KLM\AppData\Roaming\Mozilla\Firefox\Profiles\xj5ug50y.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2851 octets] - [14/04/2014 12:11:40]
AdwCleaner[S0].txt - [2459 octets] - [14/04/2014 12:13:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2519 octets] ##########

JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sven on 14.04.2014 at 12:17:21,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Sven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.04.2014 at 12:21:42,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Danke

schrauber 15.04.2014 10:34

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

dodo2014 15.04.2014 12:54
eset

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c18afcd51f07f24d9dd300be28976fa7
# engine=17895
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-15 11:34:50
# local_time=2014-04-15 01:34:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 101162 5193244 93939 0
# compatibility_mode=5893 16776573 100 94 1270 149191540 0 0
# scanned=29613
# found=0
# cleaned=0
# scan_time=1088

checkup


Code:
Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 12.0.0.77 
 Adobe Reader XI 
 Mozilla Firefox (28.0)
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````


frst


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by Sven (administrator) on KUNDEN-08UF0KJ6 on 15-04-2014 13:51:37
Running from C:\Users\Sven\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) D:\Program Files\superantispy\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe
() C:\Windows\system32\bitspry5.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) D:\Program Files\superantispy\SUPERAntiSpyware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-4107197625-2974202506-744648078-1002\...\Run: [SUPERAntiSpyware] => D:\Program Files\superantispy\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://syb.msn.com/
hxxp://www.tecstore.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com
hxxp://www.tecstore.net
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF86C9E15A82FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9319C907-DB12-4DC7-8EAA-7DBAE70AA664} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {29E6354C-A337-421C-B60B-D4CCBA49659C} URL =
SearchScopes: HKCU - {9319C907-DB12-4DC7-8EAA-7DBAE70AA664} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {95FA172C-6F07-4463-97FA-B0C21E7A082C} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.nw-news.de/
FF Keyword.URL: hxxp://www.sm.de/?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default\searchplugins\search_engine.xml
FF HKLM-x32\...\Firefox\Extensions: [{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}] - C:\Windows\Installer\{F727B133-40D4-4F89-95FA-C4C9CE6BC51E}\{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}] - C:\Windows\Installer\{4BDE0211-F443-44BE-8034-30B3F39E568D}\{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}] - C:\Windows\Installer\{45C432DF-F7E4-4C28-8FEC-ADB9184DF141}\{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{45C432DF-F7E4-4C28-8FEC-ADB9184DF141}\{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}.xpi [2014-04-13]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla\firefox.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; D:\Program Files\superantispy\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 bupService; C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe [1005056 2014-03-22] ()
R2 cmdl3264; C:\Windows\system32\bitspry5.exe [118784 2014-03-22] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-06] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-06] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3586528 2013-08-15] (Intel Corporation)
R1 SASDIFSV; D:\Program Files\superantispy\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\superantispy\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\TSTWRE~1\tswnt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-15 13:51 - 2014-04-15 13:51 - 00010491 _____ () C:\Users\Sven\Desktop\FRST.txt
2014-04-15 13:51 - 2014-04-15 13:51 - 00000000 ____D () C:\Users\Sven\Desktop\FRST-OlderVersion
2014-04-15 13:50 - 2014-04-15 13:49 - 00987448 _____ () C:\Users\Sven\Desktop\SecurityCheck.exe
2014-04-15 13:14 - 2014-04-15 13:13 - 02347384 _____ (ESET) C:\Users\Sven\Desktop\esetsmartinstaller_enu.exe
2014-04-14 12:17 - 2014-04-14 12:17 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 12:16 - 2014-04-14 12:16 - 01016261 _____ (Thisisu) C:\Users\Sven\Desktop\JRT.exe
2014-04-14 12:11 - 2014-04-14 12:13 - 00000000 ____D () C:\AdwCleaner
2014-04-14 12:11 - 2014-04-14 12:09 - 01426178 _____ () C:\Users\Sven\Desktop\adwcleaner.exe
2014-04-13 13:12 - 2014-04-14 12:28 - 00000000 ____D () C:\Users\Sven\Desktop\trojanerboard
2014-04-13 12:42 - 2014-04-13 12:42 - 00380416 _____ () C:\Users\Sven\Desktop\Gmer-19357.exe
2014-04-13 12:39 - 2014-04-15 13:51 - 00000000 ____D () C:\FRST
2014-04-13 12:38 - 2014-04-15 13:51 - 02054144 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe
2014-04-13 12:37 - 2014-04-13 12:37 - 00000000 _____ () C:\Users\Sven\defogger_reenable
2014-04-13 12:36 - 2014-04-13 12:34 - 00050477 _____ () C:\Users\Sven\Desktop\Defogger.exe
2014-04-12 15:37 - 2014-04-12 16:18 - 00006490 _____ () C:\Windows\PFRO.log
2014-04-12 14:25 - 2014-04-13 12:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 14:25 - 2014-04-12 14:25 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 14:25 - 2014-04-12 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 14:25 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 14:25 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 14:25 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-12 09:14 - 2014-04-12 09:14 - 00000847 _____ () C:\Users\Sven\Desktop\temp-killer.lnk
2014-04-11 13:42 - 2014-04-11 13:42 - 00001374 _____ () C:\Users\Sven\Desktop\CCleaner64.lnk
2014-04-11 12:27 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 12:26 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 12:26 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 12:26 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 12:21 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 12:21 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 12:21 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 12:21 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 12:21 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 12:21 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 12:21 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 12:21 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 12:21 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 12:21 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 12:21 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 12:21 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 13:33 - 2014-04-15 13:09 - 00001624 _____ () C:\Windows\setupact.log
2014-04-07 13:33 - 2014-04-07 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 13:18 - 2014-04-07 13:18 - 00042900 _____ () C:\Users\Sven\Documents\cc_20140407_131819.reg
2014-04-07 13:13 - 2014-04-07 13:13 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-06 11:47 - 2014-04-06 11:47 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\Mozilla
2014-04-06 11:47 - 2014-04-06 11:46 - 00001115 _____ () C:\Users\KLM\Desktop\firefox - Verknüpfung.lnk
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 16:54 - 2014-04-05 16:54 - 00000000 ____D () C:\SUPERDelete
2014-04-05 15:43 - 2014-04-07 13:15 - 00000000 ____D () C:\Windows\Minidump
2014-03-30 18:42 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-29 08:31 - 2014-03-29 08:31 - 01893706 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-29 08:27 - 2014-04-05 16:10 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\sweet-page
2014-03-29 08:27 - 2014-03-29 09:07 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-29 08:26 - 2014-03-29 08:26 - 00512992 _____ () C:\Users\Sven\Downloads\spyware-doctor.exe
2014-03-28 13:37 - 2014-04-14 12:08 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-28 13:37 - 2014-04-14 12:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 13:37 - 2014-03-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-22 10:36 - 2014-03-22 10:36 - 00001171 _____ () C:\Users\Sven\Desktop\Eraser.lnk
2014-03-22 01:27 - 2014-03-22 01:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ASCOMP Software
2014-03-22 01:25 - 2014-03-22 01:25 - 00118784 _____ () C:\Windows\system32\bitspry5.exe
2014-03-22 01:25 - 2014-03-22 01:25 - 00004524 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-22 01:25 - 2014-03-22 01:25 - 00004478 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-22 01:25 - 2014-03-22 01:25 - 00004378 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Security System 2
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\BupSystem
2014-03-20 15:13 - 2014-03-22 00:31 - 00000000 ____D () C:\Users\Sven\.thumbnails
2014-03-19 15:17 - 2014-03-19 15:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator
2014-03-18 14:00 - 2014-03-18 14:00 - 00001057 _____ () C:\Users\Sven\Desktop\Fotoalbum.de.lnk
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fotoalbum.de
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2014-03-18 13:59 - 2014-03-18 13:59 - 00000000 _____ () C:\Users\Sven\.airinstall.log
2014-03-16 20:19 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-16 20:19 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 20:19 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-16 20:19 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-16 20:19 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 20:19 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-16 20:19 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 20:19 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 20:19 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-16 20:19 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-16 20:19 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-16 20:19 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-16 20:19 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-16 20:19 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 20:19 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-16 20:19 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-16 20:19 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 20:19 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 20:19 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-16 20:19 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 20:19 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-16 20:19 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 20:19 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-16 20:19 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 20:19 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 20:19 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-16 20:19 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 20:19 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 20:19 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 20:19 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 20:19 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 20:19 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 20:19 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 20:19 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 20:19 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-16 20:19 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-16 20:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-16 20:19 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-16 20:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-16 20:19 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-16 20:17 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-16 20:17 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-16 20:17 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-16 20:17 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-15 13:51 - 2014-04-15 13:51 - 00010491 _____ () C:\Users\Sven\Desktop\FRST.txt
2014-04-15 13:51 - 2014-04-15 13:51 - 00000000 ____D () C:\Users\Sven\Desktop\FRST-OlderVersion
2014-04-15 13:51 - 2014-04-13 12:39 - 00000000 ____D () C:\FRST
2014-04-15 13:51 - 2014-04-13 12:38 - 02054144 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe
2014-04-15 13:49 - 2014-04-15 13:50 - 00987448 _____ () C:\Users\Sven\Desktop\SecurityCheck.exe
2014-04-15 13:46 - 2014-03-02 16:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-15 13:16 - 2009-07-14 06:45 - 00022496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-15 13:16 - 2009-07-14 06:45 - 00022496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-15 13:14 - 2010-11-21 08:50 - 00699318 _____ () C:\Windows\system32\perfh007.dat
2014-04-15 13:14 - 2010-11-21 08:50 - 00149458 _____ () C:\Windows\system32\perfc007.dat
2014-04-15 13:14 - 2009-07-14 07:13 - 00844136 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-15 13:13 - 2014-04-15 13:14 - 02347384 _____ (ESET) C:\Users\Sven\Desktop\esetsmartinstaller_enu.exe
2014-04-15 13:13 - 2014-02-22 00:17 - 01449628 _____ () C:\Windows\WindowsUpdate.log
2014-04-15 13:10 - 2014-03-02 16:35 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-15 13:09 - 2014-04-07 13:33 - 00001624 _____ () C:\Windows\setupact.log
2014-04-15 13:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 12:28 - 2014-04-13 13:12 - 00000000 ____D () C:\Users\Sven\Desktop\trojanerboard
2014-04-14 12:17 - 2014-04-14 12:17 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 12:16 - 2014-04-14 12:16 - 01016261 _____ (Thisisu) C:\Users\Sven\Desktop\JRT.exe
2014-04-14 12:13 - 2014-04-14 12:11 - 00000000 ____D () C:\AdwCleaner
2014-04-14 12:09 - 2014-04-14 12:11 - 01426178 _____ () C:\Users\Sven\Desktop\adwcleaner.exe
2014-04-14 12:08 - 2014-03-28 13:37 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 12:07 - 2014-03-28 13:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 12:07 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-13 12:55 - 2014-04-12 14:25 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 12:45 - 2014-02-22 15:16 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-04-13 12:42 - 2014-04-13 12:42 - 00380416 _____ () C:\Users\Sven\Desktop\Gmer-19357.exe
2014-04-13 12:37 - 2014-04-13 12:37 - 00000000 _____ () C:\Users\Sven\defogger_reenable
2014-04-13 12:37 - 2014-02-22 10:26 - 00000000 ____D () C:\Users\Sven
2014-04-13 12:34 - 2014-04-13 12:36 - 00050477 _____ () C:\Users\Sven\Desktop\Defogger.exe
2014-04-12 16:18 - 2014-04-12 15:37 - 00006490 _____ () C:\Windows\PFRO.log
2014-04-12 14:25 - 2014-04-12 14:25 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 14:25 - 2014-04-12 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 13:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 09:19 - 2009-07-14 06:45 - 00295896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 09:14 - 2014-04-12 09:14 - 00000847 _____ () C:\Users\Sven\Desktop\temp-killer.lnk
2014-04-12 08:27 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-11 13:42 - 2014-04-11 13:42 - 00001374 _____ () C:\Users\Sven\Desktop\CCleaner64.lnk
2014-04-11 13:33 - 2014-03-08 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 13:32 - 2014-03-08 09:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 13:33 - 2014-04-07 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 13:18 - 2014-04-07 13:18 - 00042900 _____ () C:\Users\Sven\Documents\cc_20140407_131819.reg
2014-04-07 13:15 - 2014-04-05 15:43 - 00000000 ____D () C:\Windows\Minidump
2014-04-07 13:15 - 2014-02-22 00:12 - 00000000 ____D () C:\Windows\Panther
2014-04-07 13:13 - 2014-04-07 13:13 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-06 11:47 - 2014-04-06 11:47 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\Mozilla
2014-04-06 11:46 - 2014-04-06 11:47 - 00001115 _____ () C:\Users\KLM\Desktop\firefox - Verknüpfung.lnk
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 16:54 - 2014-04-05 16:54 - 00000000 ____D () C:\SUPERDelete
2014-04-05 16:10 - 2014-03-29 08:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\sweet-page
2014-04-05 15:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-03 09:51 - 2014-04-12 14:25 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-12 14:25 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-12 14:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 19:28 - 2014-03-01 10:34 - 00000000 ____D () C:\Users\KLM\Desktop\KIRA
2014-03-31 07:37 - 2014-02-22 17:37 - 00000084 _____ () C:\Users\Sven\AppData\Roaming\WB.CFG
2014-03-31 03:16 - 2014-04-11 12:27 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-11 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-11 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-11 12:26 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 18:42 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 09:07 - 2014-03-29 08:27 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-29 08:41 - 2014-03-02 16:35 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 08:41 - 2014-03-02 16:35 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 08:31 - 2014-03-29 08:31 - 01893706 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-29 08:26 - 2014-03-29 08:26 - 00512992 _____ () C:\Users\Sven\Downloads\spyware-doctor.exe
2014-03-28 13:37 - 2014-03-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-28 13:37 - 2014-02-22 12:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-28 13:37 - 2014-02-22 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-22 19:24 - 2014-02-22 17:31 - 00000000 ____D () C:\Users\Sven\.gimp-2.8
2014-03-22 10:36 - 2014-03-22 10:36 - 00001171 _____ () C:\Users\Sven\Desktop\Eraser.lnk
2014-03-22 01:27 - 2014-03-22 01:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ASCOMP Software
2014-03-22 01:25 - 2014-03-22 01:25 - 00118784 _____ () C:\Windows\system32\bitspry5.exe
2014-03-22 01:25 - 2014-03-22 01:25 - 00004524 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-22 01:25 - 2014-03-22 01:25 - 00004478 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-22 01:25 - 2014-03-22 01:25 - 00004378 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Security System 2
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\BupSystem
2014-03-22 00:31 - 2014-03-20 15:13 - 00000000 ____D () C:\Users\Sven\.thumbnails
2014-03-19 15:17 - 2014-03-19 15:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator
2014-03-18 14:01 - 2014-02-22 12:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-18 14:00 - 2014-03-18 14:00 - 00001057 _____ () C:\Users\Sven\Desktop\Fotoalbum.de.lnk
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fotoalbum.de
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2014-03-18 14:00 - 2014-02-22 12:08 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Adobe
2014-03-18 14:00 - 2014-02-22 12:06 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-18 13:59 - 2014-03-18 13:59 - 00000000 _____ () C:\Users\Sven\.airinstall.log
2014-03-17 18:40 - 2014-03-01 10:34 - 00000000 ____D () C:\Users\KLM\Desktop\LUNA

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-11 13:05

==================== End Of Log ============================
--- --- ---

--- --- ---



thx

download protect ist immer noch da???

LG

schrauber 16.04.2014 10:15
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
FF Extension: Download Protect - C:\Windows\Installer\{45C432DF-F7E4-4C28-8FEC-ADB9184DF141}\{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}.xpi [2014-04-13]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Jetzt nimmer ;)

dodo2014 17.04.2014 16:11
Fixlog

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014
Ran by Sven at 2014-04-17 16:49:22 Run:2
Running from C:\Users\Sven\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
FF Extension: Download Protect - C:\Windows\Installer\{45C432DF-F7E4-4C28-8FEC-ADB9184DF141}\{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}.xpi [2014-04-13]
*****************

"C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Value Data removed successfully.
"C:\PROGRA~2\SupTab\SEARCH~1.DLL" => Value Data removed successfully.
C:\Windows\Installer\{45C432DF-F7E4-4C28-8FEC-ADB9184DF141}\{0E54BA71-5CF2-4D1B-AAE5-A0CE3648E0DC}.xpi not found.

==== End of Fixlog ====
hier noch die

frst


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by Sven (administrator) on KUNDEN-08UF0KJ6 on 17-04-2014 16:50:48
Running from C:\Users\Sven\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) D:\Program Files\superantispy\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe
() C:\Windows\system32\bitspry5.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) D:\Program Files\superantispy\SUPERAntiSpyware.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
HKU\S-1-5-21-4107197625-2974202506-744648078-1002\...\Run: [SUPERAntiSpyware] => D:\Program Files\superantispy\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://syb.msn.com/
hxxp://www.tecstore.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com
hxxp://www.tecstore.net
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF86C9E15A82FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9319C907-DB12-4DC7-8EAA-7DBAE70AA664} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {29E6354C-A337-421C-B60B-D4CCBA49659C} URL =
SearchScopes: HKCU - {9319C907-DB12-4DC7-8EAA-7DBAE70AA664} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {95FA172C-6F07-4463-97FA-B0C21E7A082C} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: SuchMaschine
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.nw-news.de/
FF Keyword.URL: hxxp://www.sm.de/?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\axsr37un.default\searchplugins\search_engine.xml
FF HKLM-x32\...\Firefox\Extensions: [{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}] - C:\Windows\Installer\{F727B133-40D4-4F89-95FA-C4C9CE6BC51E}\{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}] - C:\Windows\Installer\{4BDE0211-F443-44BE-8034-30B3F39E568D}\{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F4D6C5B9-9B7D-4C4C-8AFE-80624DA12E30}] - C:\Windows\Installer\{0CC2BEE8-190D-41DB-8953-CF6827A7C459}\{F4D6C5B9-9B7D-4C4C-8AFE-80624DA12E30}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{0CC2BEE8-190D-41DB-8953-CF6827A7C459}\{F4D6C5B9-9B7D-4C4C-8AFE-80624DA12E30}.xpi [2014-04-15]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla\firefox.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; D:\Program Files\superantispy\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 bupService; C:\Users\Sven\AppData\Roaming\BupSystem\bup.exe [1005056 2014-03-22] ()
R2 cmdl3264; C:\Windows\system32\bitspry5.exe [118784 2014-03-22] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-06] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-06] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3586528 2013-08-15] (Intel Corporation)
R1 SASDIFSV; D:\Program Files\superantispy\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Program Files\superantispy\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\TSTWRE~1\tswnt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 16:50 - 2014-04-17 16:50 - 00010359 _____ () C:\Users\Sven\Desktop\FRST.txt
2014-04-15 13:50 - 2014-04-15 13:49 - 00987448 _____ () C:\Users\Sven\Desktop\SecurityCheck.exe
2014-04-15 13:14 - 2014-04-15 13:13 - 02347384 _____ (ESET) C:\Users\Sven\Desktop\esetsmartinstaller_enu.exe
2014-04-14 12:17 - 2014-04-14 12:17 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 12:16 - 2014-04-14 12:16 - 01016261 _____ (Thisisu) C:\Users\Sven\Desktop\JRT.exe
2014-04-14 12:11 - 2014-04-14 12:13 - 00000000 ____D () C:\AdwCleaner
2014-04-14 12:11 - 2014-04-14 12:09 - 01426178 _____ () C:\Users\Sven\Desktop\adwcleaner.exe
2014-04-13 13:12 - 2014-04-15 13:53 - 00000000 ____D () C:\Users\Sven\Desktop\trojanerboard
2014-04-13 12:42 - 2014-04-13 12:42 - 00380416 _____ () C:\Users\Sven\Desktop\Gmer-19357.exe
2014-04-13 12:39 - 2014-04-17 16:50 - 00000000 ____D () C:\FRST
2014-04-13 12:38 - 2014-04-17 16:48 - 02158592 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe
2014-04-13 12:37 - 2014-04-13 12:37 - 00000000 _____ () C:\Users\Sven\defogger_reenable
2014-04-13 12:36 - 2014-04-13 12:34 - 00050477 _____ () C:\Users\Sven\Desktop\Defogger.exe
2014-04-12 15:37 - 2014-04-15 14:00 - 00007316 _____ () C:\Windows\PFRO.log
2014-04-12 14:25 - 2014-04-13 12:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-12 14:25 - 2014-04-12 14:25 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 14:25 - 2014-04-12 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 14:25 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-12 14:25 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-12 14:25 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-12 09:14 - 2014-04-12 09:14 - 00000847 _____ () C:\Users\Sven\Desktop\temp-killer.lnk
2014-04-11 13:42 - 2014-04-11 13:42 - 00001374 _____ () C:\Users\Sven\Desktop\CCleaner64.lnk
2014-04-11 12:27 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 12:26 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 12:26 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-11 12:26 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 12:21 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 12:21 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 12:21 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 12:21 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 12:21 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 12:21 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 12:21 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 12:21 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 12:21 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 12:21 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 12:21 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 12:21 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 12:21 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 13:33 - 2014-04-17 16:44 - 00001904 _____ () C:\Windows\setupact.log
2014-04-07 13:33 - 2014-04-07 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 13:18 - 2014-04-07 13:18 - 00042900 _____ () C:\Users\Sven\Documents\cc_20140407_131819.reg
2014-04-07 13:13 - 2014-04-07 13:13 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-06 11:47 - 2014-04-06 11:47 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\Mozilla
2014-04-06 11:47 - 2014-04-06 11:46 - 00001115 _____ () C:\Users\KLM\Desktop\firefox - Verknüpfung.lnk
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 16:54 - 2014-04-05 16:54 - 00000000 ____D () C:\SUPERDelete
2014-04-05 15:43 - 2014-04-07 13:15 - 00000000 ____D () C:\Windows\Minidump
2014-03-30 18:42 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-29 08:31 - 2014-03-29 08:31 - 01893706 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-29 08:27 - 2014-04-05 16:10 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\sweet-page
2014-03-29 08:27 - 2014-03-29 09:07 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-29 08:26 - 2014-03-29 08:26 - 00512992 _____ () C:\Users\Sven\Downloads\spyware-doctor.exe
2014-03-28 13:37 - 2014-04-15 15:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 13:37 - 2014-04-15 14:02 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-28 13:37 - 2014-03-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-22 10:36 - 2014-03-22 10:36 - 00001171 _____ () C:\Users\Sven\Desktop\Eraser.lnk
2014-03-22 01:27 - 2014-03-22 01:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ASCOMP Software
2014-03-22 01:25 - 2014-03-22 01:25 - 00118784 _____ () C:\Windows\system32\bitspry5.exe
2014-03-22 01:25 - 2014-03-22 01:25 - 00004524 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-22 01:25 - 2014-03-22 01:25 - 00004478 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-22 01:25 - 2014-03-22 01:25 - 00004378 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Security System 2
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\BupSystem
2014-03-20 15:13 - 2014-03-22 00:31 - 00000000 ____D () C:\Users\Sven\.thumbnails
2014-03-19 15:17 - 2014-03-19 15:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator
2014-03-18 14:00 - 2014-03-18 14:00 - 00001057 _____ () C:\Users\Sven\Desktop\Fotoalbum.de.lnk
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fotoalbum.de
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2014-03-18 13:59 - 2014-03-18 13:59 - 00000000 _____ () C:\Users\Sven\.airinstall.log

==================== One Month Modified Files and Folders =======

2014-04-17 16:50 - 2014-04-17 16:50 - 00010359 _____ () C:\Users\Sven\Desktop\FRST.txt
2014-04-17 16:50 - 2014-04-13 12:39 - 00000000 ____D () C:\FRST
2014-04-17 16:49 - 2010-11-21 08:50 - 00699318 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 16:49 - 2010-11-21 08:50 - 00149458 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 16:49 - 2009-07-14 07:13 - 00844136 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 16:48 - 2014-04-13 12:38 - 02158592 _____ (Farbar) C:\Users\Sven\Desktop\FRST64.exe
2014-04-17 16:46 - 2014-03-02 16:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 16:45 - 2014-03-02 16:35 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 16:44 - 2014-04-07 13:33 - 00001904 _____ () C:\Windows\setupact.log
2014-04-17 16:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-15 15:22 - 2014-02-22 00:17 - 01475982 _____ () C:\Windows\WindowsUpdate.log
2014-04-15 15:20 - 2014-03-28 13:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-15 14:08 - 2009-07-14 06:45 - 00022496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-15 14:08 - 2009-07-14 06:45 - 00022496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-15 14:02 - 2014-03-28 13:37 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-15 14:02 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-15 14:00 - 2014-04-12 15:37 - 00007316 _____ () C:\Windows\PFRO.log
2014-04-15 13:53 - 2014-04-13 13:12 - 00000000 ____D () C:\Users\Sven\Desktop\trojanerboard
2014-04-15 13:49 - 2014-04-15 13:50 - 00987448 _____ () C:\Users\Sven\Desktop\SecurityCheck.exe
2014-04-15 13:13 - 2014-04-15 13:14 - 02347384 _____ (ESET) C:\Users\Sven\Desktop\esetsmartinstaller_enu.exe
2014-04-14 12:17 - 2014-04-14 12:17 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 12:16 - 2014-04-14 12:16 - 01016261 _____ (Thisisu) C:\Users\Sven\Desktop\JRT.exe
2014-04-14 12:13 - 2014-04-14 12:11 - 00000000 ____D () C:\AdwCleaner
2014-04-14 12:09 - 2014-04-14 12:11 - 01426178 _____ () C:\Users\Sven\Desktop\adwcleaner.exe
2014-04-13 12:55 - 2014-04-12 14:25 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 12:45 - 2014-02-22 15:16 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-04-13 12:42 - 2014-04-13 12:42 - 00380416 _____ () C:\Users\Sven\Desktop\Gmer-19357.exe
2014-04-13 12:37 - 2014-04-13 12:37 - 00000000 _____ () C:\Users\Sven\defogger_reenable
2014-04-13 12:37 - 2014-02-22 10:26 - 00000000 ____D () C:\Users\Sven
2014-04-13 12:34 - 2014-04-13 12:36 - 00050477 _____ () C:\Users\Sven\Desktop\Defogger.exe
2014-04-12 14:25 - 2014-04-12 14:25 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 14:25 - 2014-04-12 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 13:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 09:19 - 2009-07-14 06:45 - 00295896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 09:14 - 2014-04-12 09:14 - 00000847 _____ () C:\Users\Sven\Desktop\temp-killer.lnk
2014-04-12 08:27 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-11 13:42 - 2014-04-11 13:42 - 00001374 _____ () C:\Users\Sven\Desktop\CCleaner64.lnk
2014-04-11 13:33 - 2014-03-08 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 13:32 - 2014-03-08 09:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 13:33 - 2014-04-07 13:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-07 13:18 - 2014-04-07 13:18 - 00042900 _____ () C:\Users\Sven\Documents\cc_20140407_131819.reg
2014-04-07 13:15 - 2014-04-05 15:43 - 00000000 ____D () C:\Windows\Minidump
2014-04-07 13:15 - 2014-02-22 00:12 - 00000000 ____D () C:\Windows\Panther
2014-04-07 13:13 - 2014-04-07 13:13 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-07 13:13 - 2014-04-07 13:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-06 11:47 - 2014-04-06 11:47 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\Mozilla
2014-04-06 11:46 - 2014-04-06 11:47 - 00001115 _____ () C:\Users\KLM\Desktop\firefox - Verknüpfung.lnk
2014-04-05 18:00 - 2014-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-05 16:54 - 2014-04-05 16:54 - 00000000 ____D () C:\SUPERDelete
2014-04-05 16:10 - 2014-03-29 08:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\sweet-page
2014-04-05 15:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-03 09:51 - 2014-04-12 14:25 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-12 14:25 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-12 14:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 19:28 - 2014-03-01 10:34 - 00000000 ____D () C:\Users\KLM\Desktop\KIRA
2014-03-31 07:37 - 2014-02-22 17:37 - 00000084 _____ () C:\Users\Sven\AppData\Roaming\WB.CFG
2014-03-31 03:16 - 2014-04-11 12:27 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-11 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-11 12:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-11 12:26 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 18:42 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\KLM\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 09:07 - 2014-03-29 08:27 - 00000000 ____D () C:\ProgramData\PC Tools
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\SUPERAntiSpyware.com
2014-03-29 08:50 - 2014-03-29 08:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-29 08:41 - 2014-03-02 16:35 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 08:41 - 2014-03-02 16:35 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 08:31 - 2014-03-29 08:31 - 01893706 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-29 08:26 - 2014-03-29 08:26 - 00512992 _____ () C:\Users\Sven\Downloads\spyware-doctor.exe
2014-03-28 13:37 - 2014-03-28 13:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-28 13:37 - 2014-02-22 12:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-28 13:37 - 2014-02-22 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-22 19:24 - 2014-02-22 17:31 - 00000000 ____D () C:\Users\Sven\.gimp-2.8
2014-03-22 10:36 - 2014-03-22 10:36 - 00001171 _____ () C:\Users\Sven\Desktop\Eraser.lnk
2014-03-22 01:27 - 2014-03-22 01:27 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ASCOMP Software
2014-03-22 01:25 - 2014-03-22 01:25 - 00118784 _____ () C:\Windows\system32\bitspry5.exe
2014-03-22 01:25 - 2014-03-22 01:25 - 00004524 _____ () C:\Windows\System32\Tasks\addplushd-updater
2014-03-22 01:25 - 2014-03-22 01:25 - 00004478 _____ () C:\Windows\System32\Tasks\addplushd-codedownloader
2014-03-22 01:25 - 2014-03-22 01:25 - 00004378 _____ () C:\Windows\System32\Tasks\addplushd-enabler
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Security System 2
2014-03-22 01:25 - 2014-03-22 01:25 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\BupSystem
2014-03-22 00:31 - 2014-03-20 15:13 - 00000000 ____D () C:\Users\Sven\.thumbnails
2014-03-19 15:17 - 2014-03-19 15:17 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator
2014-03-18 14:01 - 2014-02-22 12:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-18 14:00 - 2014-03-18 14:00 - 00001057 _____ () C:\Users\Sven\Desktop\Fotoalbum.de.lnk
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fotoalbum.de
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2014-03-18 14:00 - 2014-02-22 12:08 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Adobe
2014-03-18 14:00 - 2014-02-22 12:06 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-18 13:59 - 2014-03-18 13:59 - 00000000 _____ () C:\Users\Sven\.airinstall.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-11 13:05

==================== End Of Log ============================
--- --- ---

--- --- ---



und gerade bekam ich folgende avira-Meldung

Code:
Zusammenfassung
Vollständige Beschreibung
Statistiken



Name: ADWARE/AgentCV.A.3743
Entdeckt am: 15/04/2014
Art: Trojan
In freier Wildbahn: Ja
Gemeldete Infektionen: Niedrig
Verbreitungspotenzial: Niedrig
Schadenspotenzial: Niedrig
Statische Datei: Ja
Dateigröße: 1.005.056 Bytes
MD5 Prüfsumme: c6660f050d4014a6977160b84be5bc75
VDF Version: 7.11.143.174 - Dienstag, 15. April 2014
IVDF Version: 7.11.143.174 - Dienstag, 15. April 2014


Die Beschreibung wurde erstellt von Oscar Anduiza am Mittwoch, 16. April 2014
Die Beschreibung wurde geändert von Oscar Anduiza am Mittwoch, 16. April 2014


zurück

thx

... und DownLoad Protect 2.2.0 ist immer noch da....

schrauber 18.04.2014 16:15
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}] - C:\Windows\Installer\{F727B133-40D4-4F89-95FA-C4C9CE6BC51E}\{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}] - C:\Windows\Installer\{4BDE0211-F443-44BE-8034-30B3F39E568D}\{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F4D6C5B9-9B7D-4C4C-8AFE-80624DA12E30}] - C:\Windows\Installer\{0CC2BEE8-190D-41DB-8953-CF6827A7C459}\{F4D6C5B9-9B7D-4C4C-8AFE-80624DA12E30}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{0CC2BEE8-190D-41DB-8953-CF6827A7C459}\{F4D6C5B9-9B7D-4C4C-8AFE-80624DA12E30}.xpi [2014-04-15]
FF Keyword.URL: hxxp://www.sm.de/?q=

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

dodo2014 18.04.2014 17:16
fixlog

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014
Ran by Sven at 2014-04-18 17:41:40 Run:3
Running from C:\Users\Sven\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}] - C:\Windows\Installer\{F727B133-40D4-4F89-95FA-C4C9CE6BC51E}\{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}] - C:\Windows\Installer\{4BDE0211-F443-44BE-8034-30B3F39E568D}\{CC3D6104-82BE-46E2-A26A-3394D6A1CD44}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F4D6C5B9-9B7D-4C4C-8AFE-80624DA12E30}] - C:\Windows\Installer\{0CC2BEE8-190D-41DB-8953-CF6827A7C459}\{F4D6C5B9-9B7D-4C4C-8AFE-80624DA12E30}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{0CC2BEE8-190D-41DB-8953-CF6827A7C459}\{F4D6C5B9-9B7D-4C4C-8AFE-80624DA12E30}.xpi [2014-04-15]
FF Keyword.URL: hxxp://www.sm.de/?q=
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{91D8A5E2-2F7C-45AB-A304-7280AB9B63F5} => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{CC3D6104-82BE-46E2-A26A-3394D6A1CD44} => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F4D6C5B9-9B7D-4C4C-8AFE-80624DA12E30} => Value deleted successfully.
C:\Windows\Installer\{0CC2BEE8-190D-41DB-8953-CF6827A7C459}\{F4D6C5B9-9B7D-4C4C-8AFE-80624DA12E30}.xpi => Moved successfully.
Firefox Keyword.URL deleted successfully.


The system needed a reboot.

==== End of Fixlog ====
rest erledige ich sofort ....

thx

Hallo Schrauber,

scheint erst mal weg zu sein..... :-)

Tausend Dank


kannst du mir jetzt noch einen Tip geben, welche ich von den ganzen Sicherheitsprogrammen außer AVIRA, MalwareBytes, TFC, PSI, REVO behalten soll...

Taugt SUPERAntiSpyware, CCCleaner was,

reicht die firewall von AVIRA oder besser die Windows firewall


thx

schrauber 19.04.2014 10:32
Windows Firewall, mach Avira weg und nimm was anständiges.

MBAM, TFC,Revo,PSI, Ccleaner (ausser Registry) kannste behalten, Rest weg.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

dodo2014 19.04.2014 12:06
Hallo Schrauber,

nochmals vielen Dank für deine Hilfe....

ich denke du kannst den thread jetzt löschen....


dodo

schrauber 19.04.2014 19:42
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131