Trojaner-Board - avast blockiert http://utils.cdneurope.com/ WIN7

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - avast blockiert http://utils.cdneurope.com/ WIN7 (https://www.trojaner-board.de/156243-avast-blockiert-http-utils-cdneurope-com-win7.html)

avast blockiert http://utils.cdneurope.com/ WIN7

Hallo,

seit heute hat AVAST angefangen, jede Tätigkeit mit Mozilla (neue Website öffnen) folgende Fehlermeldung zu geben:

avast! WebSchutz hat eine schädlcieh Website oder Datei blockiert.
Objekt: https://utils.cdneurope.com
Infektion: URL:Mal
Prozess: C:\ProgramFiles\...\firefox.exe

bevor ich die 4 Schritte durchgewführt habe war die Fehlermeldung noch auf das
Objekt: hxxp://utils.cdneurope.com
bezogen.

Logfiles

defogger_disable.txt

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 18:16 on 08/07/2014 (Sarah)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

FRST.txt

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01

Ran by Sarah (administrator) on SARAH-PC on 08-07-2014 17:59:54

Running from C:\Users\Sarah\Downloads

Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe

(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Dropbox, Inc.) C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-08] (AVAST Software)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe

HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)

HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)

HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\iSkysoft\Video Converter Ultimate\BrowserPlugInHelper.exe

HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-30] (Microsoft Corporation)

HKU\S-1-5-21-1941765313-3700113078-3629378886-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-1941765313-3700113078-3629378886-1001\...\Run: [Facebook Update] => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-08] (Facebook Inc.)

Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3323329&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPB31A67AD-728A-4063-BE1F-4DCDF2953507&SSPV=

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x123FAC20AE1DCF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

URLSearchHook: HKLM - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323329&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB31A67AD-728A-4063-BE1F-4DCDF2953507&q={searchTerms}&SSPV=

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323329&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB31A67AD-728A-4063-BE1F-4DCDF2953507&q={searchTerms}&SSPV=

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default

FF SelectedSearchEngine: Google

FF Homepage: hxxp://www.opendoors.de/verfolgung/weltverfolgungsindex2014/weltverfolgungsindex2014/|https://support.mozilla.org/de/products/firefox/get-started

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin: @google.com/npPicasa3,version=3.0.0 - d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 - d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Sarah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\searchplugins\benefind.xml

FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\searchplugins\conduit-search.xml

FF Extension: Site Finder - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\Extensions\sitefinder@sitefinder.com [2014-03-22]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-30]
 

========================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
 

==================== Drivers (Whitelisted) ====================
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-08] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-08] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-08] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-08] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-08] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-08] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-08] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-08] ()

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-08 17:59 - 2014-07-08 18:00 - 00010201 _____ () C:\Users\Sarah\Downloads\FRST.txt

2014-07-08 17:59 - 2014-07-08 17:59 - 01074688 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe

2014-07-08 17:59 - 2014-07-08 17:59 - 00000000 ____D () C:\FRST

2014-07-08 17:57 - 2014-07-08 17:58 - 00000472 _____ () C:\Users\Sarah\Downloads\defogger_disable.log

2014-07-08 17:57 - 2014-07-08 17:57 - 00050477 _____ () C:\Users\Sarah\Downloads\Defogger.exe

2014-07-08 17:57 - 2014-07-08 17:57 - 00000000 _____ () C:\Users\Sarah\defogger_reenable

2014-07-08 16:15 - 2014-07-08 16:20 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001UA.job

2014-07-08 16:15 - 2014-07-08 16:20 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001Core.job

2014-07-08 16:15 - 2014-07-08 16:15 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Facebook

2014-07-08 15:49 - 2014-07-08 15:49 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-07-08 15:47 - 2014-07-08 15:47 - 00284288 _____ (Mozilla) C:\Users\Sarah\Downloads\Firefox Setup Stub 30.0.exe

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList

2014-07-08 15:14 - 2014-07-08 15:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-07-08 15:14 - 2014-07-08 15:14 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-06-24 21:21 - 2014-06-24 21:21 - 00014239 _____ () C:\Users\Sarah\Desktop\Wohnung.odt

2014-06-24 16:15 - 2014-06-24 16:15 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-06-18 17:20 - 2014-07-08 15:14 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-06-11 22:04 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-11 22:04 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-06-11 22:04 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-06-11 22:04 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-06-11 22:04 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-11 22:04 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-06-11 22:04 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-11 22:04 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-11 22:04 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-11 22:04 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-06-11 22:04 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-06-11 22:04 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-06-11 22:04 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-06-11 22:04 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-06-11 22:04 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-11 22:04 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-06-11 22:04 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-11 22:04 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-11 22:04 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-11 22:04 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-11 22:04 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-11 22:04 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-11 22:04 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-06-11 22:04 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-11 22:04 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-11 22:04 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-11 22:04 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-11 22:04 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-06-11 22:04 - 2014-05-08 11:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-11 22:04 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-06-11 22:04 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-11 22:04 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-11 22:04 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-06-11 22:04 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-11 22:04 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-06-11 22:04 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
 

==================== One Month Modified Files and Folders =======
 

2014-07-08 18:00 - 2014-07-08 17:59 - 00010201 _____ () C:\Users\Sarah\Downloads\FRST.txt

2014-07-08 17:59 - 2014-07-08 17:59 - 01074688 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe

2014-07-08 17:59 - 2014-07-08 17:59 - 00000000 ____D () C:\FRST

2014-07-08 17:58 - 2014-07-08 17:57 - 00000472 _____ () C:\Users\Sarah\Downloads\defogger_disable.log

2014-07-08 17:57 - 2014-07-08 17:57 - 00050477 _____ () C:\Users\Sarah\Downloads\Defogger.exe

2014-07-08 17:57 - 2014-07-08 17:57 - 00000000 _____ () C:\Users\Sarah\defogger_reenable

2014-07-08 17:57 - 2014-01-30 00:16 - 00000000 ____D () C:\Users\Sarah

2014-07-08 17:41 - 2014-01-30 11:34 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Skype

2014-07-08 17:31 - 2014-02-05 13:19 - 00000000 ___RD () C:\Users\Sarah\Dropbox

2014-07-08 17:31 - 2014-02-05 13:08 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Dropbox

2014-07-08 17:09 - 2014-02-05 14:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-08 16:20 - 2014-07-08 16:15 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001UA.job

2014-07-08 16:20 - 2014-07-08 16:15 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001Core.job

2014-07-08 16:15 - 2014-07-08 16:15 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Facebook

2014-07-08 16:14 - 2009-07-14 06:39 - 00033066 _____ () C:\Windows\setupact.log

2014-07-08 15:49 - 2014-07-08 15:49 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-07-08 15:47 - 2014-07-08 15:47 - 00284288 _____ (Mozilla) C:\Users\Sarah\Downloads\Firefox Setup Stub 30.0.exe

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList

2014-07-08 15:34 - 2014-01-30 00:15 - 01336344 _____ () C:\Windows\WindowsUpdate.log

2014-07-08 15:24 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-08 15:24 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-08 15:18 - 2014-02-05 13:16 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\DropboxMaster

2014-07-08 15:17 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-08 15:16 - 2014-01-30 11:37 - 00090096 _____ () C:\Windows\PFRO.log

2014-07-08 15:14 - 2014-07-08 15:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-07-08 15:14 - 2014-07-08 15:14 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-07-08 15:14 - 2014-06-18 17:20 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-07-08 15:14 - 2014-01-30 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-07-08 15:14 - 2014-01-30 10:48 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-07-08 15:14 - 2014-01-30 10:48 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-07-08 14:22 - 2014-02-10 19:48 - 00000000 ____D () C:\Program Files\Mobogenie

2014-07-08 14:17 - 2014-02-10 19:48 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\newnext.me

2014-07-08 14:10 - 2014-02-10 19:48 - 00000000 ____D () C:\Users\Sarah\AppData\Local\genienext

2014-06-24 21:21 - 2014-06-24 21:21 - 00014239 _____ () C:\Users\Sarah\Desktop\Wohnung.odt

2014-06-24 16:15 - 2014-06-24 16:15 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-06-24 16:15 - 2014-02-26 21:55 - 00000000 ___RD () C:\Program Files\Skype

2014-06-24 16:15 - 2014-01-30 11:34 - 00000000 ____D () C:\ProgramData\Skype

2014-06-19 22:54 - 2014-02-05 13:19 - 00000000 ____D () C:\Users\Sarah\Desktop\Hochzeit (1)

2014-06-19 21:51 - 2014-01-30 00:13 - 00000000 ____D () C:\Windows\rescache

2014-06-13 15:43 - 2009-10-15 11:59 - 02507726 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-11 22:38 - 2014-01-30 13:43 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-11 22:37 - 2014-01-30 13:43 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

Some content of TEMP:

====================

C:\Users\Sarah\AppData\Local\Temp\6_Offer_5.exe

C:\Users\Sarah\AppData\Local\Temp\DM1392054173.exe

C:\Users\Sarah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphycw2x.dll

C:\Users\Sarah\AppData\Local\Temp\install_reader11_de_ltr5x32d_awc_aih.exe

C:\Users\Sarah\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Sarah\AppData\Local\Temp\nsg2B2A.exe

C:\Users\Sarah\AppData\Local\Temp\nsiFC3E.exe

C:\Users\Sarah\AppData\Local\Temp\nssFF89.exe

C:\Users\Sarah\AppData\Local\Temp\nsx39DB.exe

C:\Users\Sarah\AppData\Local\Temp\nsx3D36.exe

C:\Users\Sarah\AppData\Local\Temp\pdf24-creator-update.exe

C:\Users\Sarah\AppData\Local\Temp\SearchProtectGeneric.exe

C:\Users\Sarah\AppData\Local\Temp\SearchProtectINT.exe

C:\Users\Sarah\AppData\Local\Temp\vlc-2.1.3-win32.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-19 21:43
 

==================== End Of Log ============================

Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01

Ran by Sarah at 2014-07-08 18:00:33

Running from C:\Users\Sarah\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 

==================== Installed Programs ======================
 

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Photoshop Lightroom 4.2 (HKLM\...\{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}) (Version: 4.2.1 - Adobe)

Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)

Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)

Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)

Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)

Fotogalerie (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)

Junk Mail filter update (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Movie Maker (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden

OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)

PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

Photo Gallery (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)

VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

Windows Live Communications Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)

Windows Live Essentials (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
 

==================== Restore Points  =========================
 

18-06-2014 15:16:08 avast! antivirus system restore point

18-06-2014 15:16:19 Windows Update

18-06-2014 15:20:41 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst

24-06-2014 14:19:14 Windows Update

08-07-2014 12:00:04 Windows Update

08-07-2014 13:13:17 avast! antivirus system restore point
 

==================== Hosts content: ==========================
 

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {3F7D09A1-6666-409E-87D6-7554CBF864B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-23] (Adobe Systems Incorporated)

Task: {66E46721-E29F-41D7-9FCD-91ADFE0B9722} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001Core => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-08] (Facebook Inc.)

Task: {75C15E0E-AAA9-4004-8211-CF0E73622095} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001UA => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-08] (Facebook Inc.)

Task: {F4D7B185-41D6-47F5-984C-CEB74E3EFD83} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-08] (AVAST Software)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001Core.job => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001UA.job => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-07-08 15:14 - 2014-07-08 15:14 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

2014-07-08 13:59 - 2014-07-08 13:59 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070800\algo.dll

2014-01-30 01:02 - 2007-09-20 19:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll

2014-07-08 15:14 - 2014-07-08 15:14 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-07-08 15:18 - 2014-07-08 15:18 - 00043008 _____ () c:\users\sarah\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphycw2x.dll

2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Sarah\AppData\Roaming\Dropbox\bin\libcef.dll

2011-01-17 17:19 - 2014-01-30 01:05 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll

2010-11-19 19:45 - 2014-01-30 01:05 - 00170496 _____ () C:\Program Files\OpenOffice.org 3\program\libxslt.dll

2014-07-08 15:49 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

2014-05-23 09:16 - 2014-05-23 09:16 - 16361136 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (07/08/2014 03:13:16 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.

Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {1b52f508-f790-435f-b17a-f81cea9c43d5}
 

Error: (06/25/2014 10:22:04 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3522.110, Zeitstempel: 0x52d0649f

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0xd8dcb779

ID des fehlerhaften Prozesses: 0x1624

Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0

Pfad der fehlerhaften Anwendung: wlmail.exe1

Pfad des fehlerhaften Moduls: wlmail.exe2

Berichtskennung: wlmail.exe3
 

Error: (06/18/2014 05:16:07 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.

Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {507ef199-38fe-4469-b7d9-a0ab82cb088b}
 

Error: (06/03/2014 01:18:21 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80042319).
 

Error: (06/03/2014 01:15:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sarah-PC)

Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
 

Error: (05/28/2014 06:51:45 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sarah-PC)

Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
 

Error: (05/28/2014 02:46:00 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sarah-PC)

Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
 

Error: (05/23/2014 06:02:42 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sarah-PC)

Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
 

Error: (05/23/2014 09:23:15 AM) (Source: MsiInstaller) (EventID: 1024) (User: Sarah-PC)

Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
 

Error: (04/09/2014 08:05:20 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.

Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {111635cd-ee29-46db-8a44-96bd77752ae1}
 
 

System errors:

=============

Error: (07/08/2014 03:38:35 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 

Error: (07/08/2014 03:38:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 

Error: (07/08/2014 03:37:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 

Error: (07/08/2014 03:37:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 

Error: (07/08/2014 03:37:10 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 

Error: (07/08/2014 03:36:50 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 

Error: (07/08/2014 03:25:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 

Error: (07/08/2014 03:25:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 

Error: (07/08/2014 03:24:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 

Error: (07/08/2014 03:24:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
 
 

Microsoft Office Sessions:

=========================

Error: (07/08/2014 03:13:16 PM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Zugriff verweigert
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {1b52f508-f790-435f-b17a-f81cea9c43d5}
 

Error: (06/25/2014 10:22:04 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: wlmail.exe16.4.3522.11052d0649funknown0.0.0.000000000c0000005d8dcb779162401cf90b31ed6587aC:\Program Files\Windows Live\Mail\wlmail.exeunknown5efaaa93-fca6-11e3-99ef-70f39560e4df
 

Error: (06/18/2014 05:16:07 PM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Zugriff verweigert
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {507ef199-38fe-4469-b7d9-a0ab82cb088b}
 

Error: (06/03/2014 01:18:21 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042319
 

Error: (06/03/2014 01:15:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sarah-PC)

Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
 

Error: (05/28/2014 06:51:45 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sarah-PC)

Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
 

Error: (05/28/2014 02:46:00 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sarah-PC)

Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
 

Error: (05/23/2014 06:02:42 PM) (Source: MsiInstaller) (EventID: 1024) (User: Sarah-PC)

Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
 

Error: (05/23/2014 09:23:15 AM) (Source: MsiInstaller) (EventID: 1024) (User: Sarah-PC)

Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
 

Error: (04/09/2014 08:05:20 PM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Zugriff verweigert
 
 

Vorgang:

   Generatordaten werden gesammelt
 

Kontext:

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {111635cd-ee29-46db-8a44-96bd77752ae1}
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 47%

Total physical RAM: 2812.56 MB

Available physical RAM: 1485.15 MB

Total Pagefile: 5623.41 MB

Available Pagefile: 4277.34 MB

Total Virtual: 2047.88 MB

Available Virtual: 1904.99 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:81.39 GB) (Free:48.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Daten) (Fixed) (Total:97.65 GB) (Free:65.67 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 13BA13B9)

Partition 1: (Active) - (Size=81 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Gmer.txt

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-07-08 18:34:48

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.0006HPM1 298,09GB

Running: Gmer-19357.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\fgloypow.sys
 
 

---- System - GMER 2.1 ----
 

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwAddBootEntry [0x8F82EBA6]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwAssignProcessToJobObject [0x8F82F684]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateEvent [0x8F83B6F8]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateEventPair [0x8F83B744]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateIoCompletion [0x8F83B8DE]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateMutant [0x8F83B666]

SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwCreateSection [0x8F8E5DF0]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateSemaphore [0x8F83B6AE]

SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwCreateThread [0x8F8E6080]

SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwCreateThreadEx [0x8F8E616A]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateTimer [0x8F83B898]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwDebugActiveProcess [0x8F830472]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwDeleteBootEntry [0x8F82EC0C]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwDuplicateObject [0x8F833C68]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwLoadDriver [0x8F82E7F8]

SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwMapViewOfSection [0x8F8E5ED0]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwModifyBootEntry [0x8F82EC72]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwNotifyChangeKey [0x8F83405E]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwNotifyChangeMultipleKeys [0x8F830F5A]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenEvent [0x8F83B722]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenEventPair [0x8F83B766]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenIoCompletion [0x8F83B902]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenMutant [0x8F83B68C]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenProcess [0x8F833560]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenSection [0x8F83B816]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenSemaphore [0x8F83B6D6]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenThread [0x8F83394C]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenTimer [0x8F83B8BC]

SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwProtectVirtualMemory [0x8F8E5C6E]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwQueryObject [0x8F830DCE]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwQueueApcThreadEx [0x8F830ADC]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSetBootEntryOrder [0x8F82ECD8]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSetBootOptions [0x8F82ED3E]

SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwSetContextThread [0x8F8E5FCC]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSetSystemInformation [0x8F82E892]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSetSystemPowerState [0x8F82EA64]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwShutdownSystem [0x8F82E9F2]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSuspendProcess [0x8F83063C]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSuspendThread [0x8F83079E]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSystemDebugControl [0x8F82EAEC]

SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwTerminateProcess [0x8F8E5D3C]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwTerminateThread [0x8F8302CC]

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwVdmControl [0x8F82EDA4]

SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwWriteVirtualMemory [0x8F8E5BA0]
 

---- Kernel code sections - GMER 2.1 ----
 

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                82A8FA15 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  82AC9212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                     82AD0460 4 Bytes  [A6, EB, 82, 8F]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                     82AD04E8 4 Bytes  [84, F6, 82, 8F]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                     82AD053C 8 Bytes  [F8, B6, 83, 8F, 44, B7, 83, ...]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                     82AD0548 4 Bytes  [DE, B8, 83, 8F]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                                     82AD0564 4 Bytes  [66, B6, 83, 8F]

.text           ...                                                                                                                     

PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                             82C8B4EF 4 Bytes  CALL 8F831641 \SystemRoot\system32\drivers\aswSnx.sys

PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                            82CA5357 4 Bytes  CALL 8F831657 \SystemRoot\system32\drivers\aswSnx.sys

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                section is writeable [0x90A1F000, 0x2D5378, 0xE8000020]
 

---- User code sections - GMER 2.1 ----
 

.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[364] kernel32.dll!GetBinaryTypeW + 70           77196AAC 1 Byte  [62]

.text           C:\Windows\system32\svchost.exe[380] kernel32.dll!GetBinaryTypeW + 70                                                   77196AAC 1 Byte  [62]

.text           C:\Windows\system32\csrss.exe[392] kernel32.dll!GetBinaryTypeW + 70                                                     77196AAC 1 Byte  [62]

.text           C:\Windows\system32\wininit.exe[464] kernel32.dll!GetBinaryTypeW + 70                                                   77196AAC 1 Byte  [62]

.text           C:\Windows\system32\csrss.exe[472] kernel32.dll!GetBinaryTypeW + 70                                                     77196AAC 1 Byte  [62]

.text           ...                                                                                                                     

.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] kernel32.dll!SetUnhandledExceptionFilter                       7717F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }

.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] kernel32.dll!GetBinaryTypeW + 70                               77196AAC 1 Byte  [62]

.text           C:\Windows\system32\conhost.exe[1496] kernel32.dll!GetBinaryTypeW + 70                                                  77196AAC 1 Byte  [62]

.text           C:\Windows\system32\svchost.exe[1584] kernel32.dll!GetBinaryTypeW + 70                                                  77196AAC 1 Byte  [62]

.text           C:\Windows\System32\spoolsv.exe[1684] kernel32.dll!GetBinaryTypeW + 70                                                  77196AAC 1 Byte  [62]

.text           C:\Windows\system32\svchost.exe[1724] kernel32.dll!GetBinaryTypeW + 70                                                  77196AAC 1 Byte  [62]

.text           ...                                                                                                                     

.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[3404] kernel32.dll!SetUnhandledExceptionFilter                        7717F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }

.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[3404] kernel32.dll!GetBinaryTypeW + 70                                77196AAC 1 Byte  [62]

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3468] kernel32.dll!GetBinaryTypeW + 70                       77196AAC 1 Byte  [62]

.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3492] kernel32.dll!GetBinaryTypeW + 70                                    77196AAC 1 Byte  [62]

.text           C:\Windows\system32\wbem\unsecapp.exe[3544] kernel32.dll!GetBinaryTypeW + 70                                            77196AAC 1 Byte  [62]

.text           C:\Program Files\PDF24\pdf24.exe[3612] kernel32.dll!GetBinaryTypeW + 70                                                 77196AAC 1 Byte  [62]

.text           ...                                                                                                                     
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                 Wdf01000.sys

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                 Wdf01000.sys
 

Device          \Driver\BTHUSB \Device\00000079                                                                                         bthport.sys

Device          \Driver\BTHUSB \Device\0000007b                                                                                         bthport.sys
 

---- Registry - GMER 2.1 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39560e4df                                             

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39560e4df (not active ControlSet)                         

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{07F3B12A-8932-11E3-B250-806E6F6E6963}  854668784
 

---- EOF - GMER 2.1 ----

Die Logs von AVAST habe ich leider nicht gefunden.

Danke schonmal für die Hilfe!

hi,

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

mbam.txt

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 08.07.2014

Suchlauf-Zeit: 23:20:34

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.07.08.10

Rootkit Datenbank: v2014.07.07.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x86

Dateisystem: NTFS

Benutzer: Sarah
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 247296

Verstrichene Zeit: 8 Min, 10 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 4

PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, In Quarantäne, [8c8ec1dc6b10171f77c1223339c9de22], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [ca50811cdc9f5adc3f423a19808229d7], 

PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [ca50811cdc9f5adc3f423a19808229d7], 

PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1941765313-3700113078-3629378886-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [0119debfe6952b0bb804321c7b876a96], 
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 1

PUP.Optional.Conduit.A, HKU\S-1-5-21-1941765313-3700113078-3629378886-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?ctid=CT3323329&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPB31A67AD-728A-4063-BE1F-4DCDF2953507&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com/?ctid=CT3323329&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPB31A67AD-728A-4063-BE1F-4DCDF2953507&SSPV=),Ersetzt,[9b7fb7e6d4a758dea0086a24bc4857a9]
 

Ordner: 10

PUP.Optional.NextLive.A, C:\Users\Sarah\AppData\Roaming\newnext.me, In Quarantäne, [48d2f3aacead9d99eaf1277539c9b848], 

PUP.Optional.NextLive.A, C:\Users\Sarah\AppData\Roaming\newnext.me\cache, In Quarantäne, [48d2f3aacead9d99eaf1277539c9b848], 

PUP.Optional.SimilarSites.A, C:\Users\Sarah\AppData\Roaming\SimilarSites, In Quarantäne, [c5557a23a9d2aa8c17058c1779890ef2], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\locale, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\locale\en-US, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 
 

Dateien: 29

PUP.Optional.OutBrowse, C:\Users\Sarah\AppData\Local\Temp\DM1392054173.exe, In Quarantäne, [ca50811cdc9f5adc3f423a19808229d7], 

PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\nsg2B2A.exe, In Quarantäne, [e436b3ea176458de56aa3ff158a9dd23], 

PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\nsiFC3E.exe, In Quarantäne, [0f0bb6e791ea89ad17e955db14edaa56], 

PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\nssFF89.exe, In Quarantäne, [4cceb4e9374432049c645ad6fe03d42c], 

PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\nsx39DB.exe, In Quarantäne, [20fa2b721b603afc08f89b9514ed4fb1], 

PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\nsx3D36.exe, In Quarantäne, [81997d20ed8e48ee649c1d13e61bc838], 

PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\SearchProtectGeneric.exe, In Quarantäne, [ee2c603d2c4f1f178462b5865aa65da3], 

PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Local\Temp\SearchProtectINT.exe, In Quarantäne, [001adac36516e0569995d94a1de4c13f], 

PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Local\Temp\nsxE7F2\SpSetup.exe, In Quarantäne, [2cee5f3ee299e84e7c7614107f8228d8], 

PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\searchplugins\conduit-search.xml, In Quarantäne, [e139abf20774b383d83fba586e9653ad], 

PUP.Optional.NextLive.A, C:\Users\Sarah\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [48d2f3aacead9d99eaf1277539c9b848], 

PUP.Optional.NextLive.A, C:\Users\Sarah\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [48d2f3aacead9d99eaf1277539c9b848], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome.manifest, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\install.rdf, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\aff.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\jquery-1.8.3.min.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\options.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\options.xul, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\overlay.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\overlay.xul, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\popup.html, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\popup.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\tabs_listener.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\locale\en-US\settings.dtd, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\button.png, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\icon.png, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\main.css, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\overlay.css, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 

PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\sitefinder.css, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d], 
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

adwCleaner

Code:

# AdwCleaner v3.214 - Bericht erstellt am 08/07/2014 um 23:38:46

# Aktualisiert 29/06/2014 von Xplode

# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)

# Benutzername : Sarah - SARAH-PC

# Gestartet von : C:\Users\Sarah\Downloads\adwcleaner_3.214.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Program Files\Mobogenie

Ordner Gelöscht : C:\Program Files\SimilarSites

Ordner Gelöscht : C:\Users\Sarah\AppData\Local\genienext

Ordner Gelöscht : C:\Users\Sarah\AppData\Local\Mobogenie

Ordner Gelöscht : C:\Users\Sarah\Documents\Mobogenie

Datei Gelöscht : C:\Users\Sarah\daemonprocess.txt
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17126
 
 

-\\ Mozilla Firefox v30.0 (en-US)
 

[ Datei : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\prefs.js ]
 
 

-\\ Google Chrome v35.0.1916.114
 

[ Datei : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [1802 octets] - [08/07/2014 23:37:51]

AdwCleaner[S0].txt - [1727 octets] - [08/07/2014 23:38:46]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1787 octets] ##########

jrt.txt

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Enterprise x86

Ran by Sarah on 08.07.2014 at 23:44:25,21

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\1qspa4yq.default\minidumps [20 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08.07.2014 at 23:47:45,61

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01

Ran by Sarah (administrator) on SARAH-PC on 08-07-2014 23:48:54

Running from C:\Users\Sarah\Downloads

Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe

(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Dropbox, Inc.) C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-08] (AVAST Software)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)

HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)

HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-30] (Microsoft Corporation)

HKU\S-1-5-21-1941765313-3700113078-3629378886-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-1941765313-3700113078-3629378886-1001\...\Run: [Facebook Update] => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-08] (Facebook Inc.)

Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x123FAC20AE1DCF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

URLSearchHook: HKLM - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default

FF SelectedSearchEngine: Google

FF Homepage: hxxp://www.opendoors.de/verfolgung/weltverfolgungsindex2014/weltverfolgungsindex2014/|https://support.mozilla.org/de/products/firefox/get-started

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @google.com/npPicasa3,version=3.0.0 - d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 - d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Sarah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\searchplugins\benefind.xml

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-30]
 

Chrome: 

=======

CHR HomePage: 

CHR Extension: (Docs) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]

CHR Extension: (Google Drive) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]

CHR Extension: (YouTube) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]

CHR Extension: (Google Search) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]

CHR Extension: (avast! Online Security) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-08]

CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]

CHR Extension: (Gmail) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]
 

========================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
 

==================== Drivers (Whitelisted) ====================
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-08] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-08] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-08] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-08] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-08] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-08] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-08] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-08] ()

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-08 23:48 - 2014-07-08 23:48 - 00010677 _____ () C:\Users\Sarah\Downloads\FRST.txt

2014-07-08 23:47 - 2014-07-08 23:47 - 00000883 _____ () C:\Users\Sarah\Desktop\JRT.txt

2014-07-08 23:44 - 2014-07-08 23:44 - 00000000 ____D () C:\Windows\ERUNT

2014-07-08 23:43 - 2014-07-08 23:43 - 01016261 _____ (Thisisu) C:\Users\Sarah\Downloads\JRT.exe

2014-07-08 23:40 - 2014-07-08 23:40 - 00001867 _____ () C:\Users\Sarah\Desktop\AdwCleaner[S0].txt

2014-07-08 23:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-07-08 23:37 - 2014-07-08 23:38 - 00000000 ____D () C:\AdwCleaner

2014-07-08 23:37 - 2014-07-08 23:37 - 01346519 _____ () C:\Users\Sarah\Downloads\adwcleaner_3.214.exe

2014-07-08 23:37 - 2014-07-08 23:37 - 00009426 _____ () C:\Users\Sarah\Desktop\mbam.txt

2014-07-08 23:18 - 2014-07-08 23:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-08 23:18 - 2014-07-08 23:18 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-08 23:18 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-08 23:18 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-08 23:18 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-08 23:17 - 2014-07-08 23:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sarah\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-08 23:08 - 2014-07-08 23:08 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM8887.tmp

2014-07-08 23:07 - 2014-07-08 23:07 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM68F4.tmp

2014-07-08 22:05 - 2014-07-08 23:39 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-08 22:05 - 2014-07-08 23:16 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-08 22:05 - 2014-07-08 22:05 - 00002157 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-08 22:05 - 2014-07-08 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-08 18:45 - 2014-07-08 18:46 - 00000000 ____D () C:\Users\Sarah\Downloads\logfiles 08_07_2014

2014-07-08 18:17 - 2014-07-08 18:17 - 00380416 _____ () C:\Users\Sarah\Downloads\Gmer-19357.exe

2014-07-08 17:59 - 2014-07-08 23:48 - 00000000 ____D () C:\FRST

2014-07-08 17:59 - 2014-07-08 17:59 - 01074688 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe

2014-07-08 17:57 - 2014-07-08 17:57 - 00050477 _____ () C:\Users\Sarah\Downloads\Defogger.exe

2014-07-08 17:57 - 2014-07-08 17:57 - 00000000 _____ () C:\Users\Sarah\defogger_reenable

2014-07-08 16:15 - 2014-07-08 19:20 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001UA.job

2014-07-08 16:15 - 2014-07-08 16:20 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001Core.job

2014-07-08 16:15 - 2014-07-08 16:15 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Facebook

2014-07-08 15:49 - 2014-07-08 15:49 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-07-08 15:47 - 2014-07-08 15:47 - 00284288 _____ (Mozilla) C:\Users\Sarah\Downloads\Firefox Setup Stub 30.0.exe

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList

2014-07-08 15:14 - 2014-07-08 15:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-07-08 15:14 - 2014-07-08 15:14 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-06-24 21:21 - 2014-06-24 21:21 - 00014239 _____ () C:\Users\Sarah\Desktop\Wohnung.odt

2014-06-24 16:15 - 2014-06-24 16:15 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-06-18 17:20 - 2014-07-08 15:14 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-06-11 22:04 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-11 22:04 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-06-11 22:04 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-06-11 22:04 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-06-11 22:04 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-11 22:04 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-06-11 22:04 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-11 22:04 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-11 22:04 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-11 22:04 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-06-11 22:04 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-06-11 22:04 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-06-11 22:04 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-06-11 22:04 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-06-11 22:04 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-11 22:04 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-06-11 22:04 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-11 22:04 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-11 22:04 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-11 22:04 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-11 22:04 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-11 22:04 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-11 22:04 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-06-11 22:04 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-11 22:04 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-11 22:04 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-11 22:04 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-11 22:04 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-06-11 22:04 - 2014-05-08 11:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-11 22:04 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-06-11 22:04 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-11 22:04 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-11 22:04 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-06-11 22:04 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-11 22:04 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-06-11 22:04 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
 

==================== One Month Modified Files and Folders =======
 

2014-07-08 23:49 - 2014-07-08 23:48 - 00010677 _____ () C:\Users\Sarah\Downloads\FRST.txt

2014-07-08 23:48 - 2014-07-08 17:59 - 00000000 ____D () C:\FRST

2014-07-08 23:47 - 2014-07-08 23:47 - 00000883 _____ () C:\Users\Sarah\Desktop\JRT.txt

2014-07-08 23:47 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-08 23:47 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-08 23:46 - 2009-10-15 11:59 - 02507726 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-08 23:44 - 2014-07-08 23:44 - 00000000 ____D () C:\Windows\ERUNT

2014-07-08 23:43 - 2014-07-08 23:43 - 01016261 _____ (Thisisu) C:\Users\Sarah\Downloads\JRT.exe

2014-07-08 23:41 - 2014-02-05 13:19 - 00000000 ___RD () C:\Users\Sarah\Dropbox

2014-07-08 23:41 - 2014-02-05 13:08 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Dropbox

2014-07-08 23:41 - 2014-01-30 11:34 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Skype

2014-07-08 23:40 - 2014-07-08 23:40 - 00001867 _____ () C:\Users\Sarah\Desktop\AdwCleaner[S0].txt

2014-07-08 23:40 - 2014-02-05 13:16 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\DropboxMaster

2014-07-08 23:39 - 2014-07-08 22:05 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-08 23:39 - 2014-01-30 11:37 - 00104700 _____ () C:\Windows\PFRO.log

2014-07-08 23:39 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-08 23:39 - 2009-07-14 06:39 - 00034031 _____ () C:\Windows\setupact.log

2014-07-08 23:38 - 2014-07-08 23:37 - 00000000 ____D () C:\AdwCleaner

2014-07-08 23:38 - 2014-01-30 00:16 - 00000000 ____D () C:\Users\Sarah

2014-07-08 23:38 - 2014-01-30 00:15 - 01379596 _____ () C:\Windows\WindowsUpdate.log

2014-07-08 23:37 - 2014-07-08 23:37 - 01346519 _____ () C:\Users\Sarah\Downloads\adwcleaner_3.214.exe

2014-07-08 23:37 - 2014-07-08 23:37 - 00009426 _____ () C:\Users\Sarah\Desktop\mbam.txt

2014-07-08 23:35 - 2014-07-08 23:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-08 23:28 - 2014-01-30 00:13 - 00000000 ____D () C:\Windows\rescache

2014-07-08 23:18 - 2014-07-08 23:18 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-08 23:18 - 2014-07-08 23:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sarah\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-08 23:16 - 2014-07-08 22:05 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-08 23:09 - 2014-02-05 14:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-08 23:08 - 2014-07-08 23:08 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM8887.tmp

2014-07-08 23:07 - 2014-07-08 23:07 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM68F4.tmp

2014-07-08 22:09 - 2014-02-05 14:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-07-08 22:09 - 2014-02-05 14:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-07-08 22:05 - 2014-07-08 22:05 - 00002157 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-08 22:05 - 2014-07-08 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-08 22:05 - 2014-01-30 11:33 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google

2014-07-08 22:05 - 2014-01-30 11:33 - 00000000 ____D () C:\Program Files\Google

2014-07-08 19:20 - 2014-07-08 16:15 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001UA.job

2014-07-08 18:46 - 2014-07-08 18:45 - 00000000 ____D () C:\Users\Sarah\Downloads\logfiles 08_07_2014

2014-07-08 18:17 - 2014-07-08 18:17 - 00380416 _____ () C:\Users\Sarah\Downloads\Gmer-19357.exe

2014-07-08 17:59 - 2014-07-08 17:59 - 01074688 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe

2014-07-08 17:57 - 2014-07-08 17:57 - 00050477 _____ () C:\Users\Sarah\Downloads\Defogger.exe

2014-07-08 17:57 - 2014-07-08 17:57 - 00000000 _____ () C:\Users\Sarah\defogger_reenable

2014-07-08 16:20 - 2014-07-08 16:15 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001Core.job

2014-07-08 16:15 - 2014-07-08 16:15 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Facebook

2014-07-08 15:49 - 2014-07-08 15:49 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-07-08 15:47 - 2014-07-08 15:47 - 00284288 _____ (Mozilla) C:\Users\Sarah\Downloads\Firefox Setup Stub 30.0.exe

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList

2014-07-08 15:14 - 2014-07-08 15:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-07-08 15:14 - 2014-07-08 15:14 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-07-08 15:14 - 2014-06-18 17:20 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-07-08 15:14 - 2014-01-30 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-07-08 15:14 - 2014-01-30 10:48 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-07-08 15:14 - 2014-01-30 10:48 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-06-24 21:21 - 2014-06-24 21:21 - 00014239 _____ () C:\Users\Sarah\Desktop\Wohnung.odt

2014-06-24 16:15 - 2014-06-24 16:15 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-06-24 16:15 - 2014-02-26 21:55 - 00000000 ___RD () C:\Program Files\Skype

2014-06-24 16:15 - 2014-01-30 11:34 - 00000000 ____D () C:\ProgramData\Skype

2014-06-19 22:54 - 2014-02-05 13:19 - 00000000 ____D () C:\Users\Sarah\Desktop\Hochzeit (1)

2014-06-11 22:38 - 2014-01-30 13:43 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-11 22:37 - 2014-01-30 13:43 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

Some content of TEMP:

====================

C:\Users\Sarah\AppData\Local\Temp\6_Offer_5.exe

C:\Users\Sarah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo7qvhi.dll

C:\Users\Sarah\AppData\Local\Temp\install_reader11_de_ltr5x32d_awc_aih.exe

C:\Users\Sarah\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Sarah\AppData\Local\Temp\pdf24-creator-update.exe

C:\Users\Sarah\AppData\Local\Temp\Quarantine.exe

C:\Users\Sarah\AppData\Local\Temp\vlc-2.1.3-win32.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-19 21:43
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Die Fehlermeldung kommt schon seid deinen letzten Anweisungen nicht mehr. ;)

Hier die logs:

ESET

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=1ef0e0182c31f04a98e2f40767bdf031

# engine=19130

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-07-11 02:43:38

# local_time=2014-07-11 04:43:38 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='avast! Antivirus'

# compatibility_mode=783 16777213 100 97 264454 14021698 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 4048 156721009 0 0

# scanned=149866

# found=6

# cleaned=0

# scan_time=2937

sh=AE42BB3FDB146F697FFA6DE35E42DC5B869DB78C ft=1 fh=2b69271612420e74 vn="Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZJFR4UG\DefaultTabSetup[1].exe"

sh=11D5EE05ADD03CE3107715CD59EF350BC5084E9F ft=1 fh=825b9b0785a89e52 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXL31RW2\SPSetup[1].exe"

sh=3406087F8ABE6AC8BA34E96DC139C9933E15987C ft=1 fh=1a6775cb8f999136 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COSHAXYI\SearchProtectBlekkoSetup[1].exe"

sh=92FDF01ECE4D936103EBFF1A8922B0067C33353C ft=1 fh=d7d0f22406514848 vn="Variante von Win32/Toolbar.GadgetBox.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COSHAXYI\sitefinder_installer[1].exe"

sh=4691C7A8857888C049C46C147C6C66E4F25A4EBF ft=1 fh=02d3e1f077d9a807 vn="Win32/Conduit.SearchProtect.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKBKUE07\spstub[1].exe"

sh=845B1F6C45E4AAA1D1C2BE2FA0ECC5363FB2528D ft=1 fh=3f4827bfbe5b391f vn="Win32/OutBrowse.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Downloads\setup.exe"

SecurityCheck

Code:

 Results of screen317's Security Check version 0.99.85  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

avast! Antivirus   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Java(TM) 6 Update 22  

 Java 7 Update 51  

 Java version out of Date! 

 Adobe Flash Player         14.0.0.145  

 Adobe Reader XI  

 Mozilla Firefox (30.0) 

 Google Chrome 35.0.1916.114  

 Google Chrome 35.0.1916.153  
 ````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-07-2014

Ran by Sarah (administrator) on SARAH-PC on 11-07-2014 16:55:28

Running from C:\Users\Sarah\Downloads

Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe

(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Dropbox, Inc.) C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-08] (AVAST Software)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)

HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)

HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-30] (Microsoft Corporation)

HKU\S-1-5-21-1941765313-3700113078-3629378886-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-1941765313-3700113078-3629378886-1001\...\Run: [Facebook Update] => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-08] (Facebook Inc.)

Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x123FAC20AE1DCF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

URLSearchHook: HKLM - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default

FF SelectedSearchEngine: Google

FF Homepage: hxxp://www.opendoors.de/verfolgung/weltverfolgungsindex2014/weltverfolgungsindex2014/|https://support.mozilla.org/de/products/firefox/get-started

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @google.com/npPicasa3,version=3.0.0 - d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 - d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Sarah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\searchplugins\benefind.xml

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-30]
 

Chrome: 

=======

CHR HomePage: 

CHR Extension: (Docs) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]

CHR Extension: (Google Drive) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]

CHR Extension: (YouTube) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]

CHR Extension: (Google Search) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]

CHR Extension: (avast! Online Security) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-08]

CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]

CHR Extension: (Gmail) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]
 

========================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
 

==================== Drivers (Whitelisted) ====================
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-08] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-08] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-08] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-08] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-08] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-08] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-08] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-08] ()

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-11 16:55 - 2014-07-11 16:55 - 00010608 _____ () C:\Users\Sarah\Downloads\FRST.txt

2014-07-11 16:55 - 2014-07-11 16:55 - 00000000 ____D () C:\Users\Sarah\Downloads\FRST-OlderVersion

2014-07-11 16:54 - 2014-07-11 16:54 - 00000925 _____ () C:\Users\Sarah\Desktop\checkup.txt

2014-07-11 16:51 - 2014-07-11 16:51 - 00854390 _____ () C:\Users\Sarah\Downloads\SecurityCheck.exe

2014-07-11 16:47 - 2014-07-11 16:47 - 00000973 _____ () C:\Users\Sarah\Desktop\esetOnlinelist.txt

2014-07-10 22:28 - 2014-07-10 22:28 - 02347384 _____ (ESET) C:\Users\Sarah\Downloads\esetsmartinstaller_deu.exe

2014-07-10 21:42 - 2014-07-10 21:42 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Adobe

2014-07-10 21:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-10 21:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-10 21:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-10 21:29 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-10 21:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-10 21:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-10 21:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-10 21:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-10 21:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-10 21:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-10 21:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-10 21:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-10 21:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-10 21:29 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-10 21:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-10 21:29 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-10 21:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-10 21:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-10 21:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-10 21:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-10 21:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-10 21:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-10 21:29 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-10 21:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-10 21:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-10 21:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-10 21:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-10 21:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-10 21:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-10 21:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-10 21:28 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-10 21:28 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-10 21:27 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-10 21:27 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-10 21:27 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-07-10 21:27 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-07-10 21:27 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-07-10 21:27 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-07-10 21:27 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-07-10 21:27 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-07-10 21:27 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-07-10 21:27 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-08 23:44 - 2014-07-08 23:44 - 00000000 ____D () C:\Windows\ERUNT

2014-07-08 23:43 - 2014-07-08 23:43 - 01016261 _____ (Thisisu) C:\Users\Sarah\Downloads\JRT.exe

2014-07-08 23:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-07-08 23:37 - 2014-07-08 23:38 - 00000000 ____D () C:\AdwCleaner

2014-07-08 23:37 - 2014-07-08 23:37 - 01346519 _____ () C:\Users\Sarah\Downloads\adwcleaner_3.214.exe

2014-07-08 23:18 - 2014-07-08 23:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-08 23:18 - 2014-07-08 23:18 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-08 23:18 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-08 23:18 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-08 23:18 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-08 23:17 - 2014-07-08 23:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sarah\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-08 23:08 - 2014-07-08 23:08 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM8887.tmp

2014-07-08 23:07 - 2014-07-08 23:07 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM68F4.tmp

2014-07-08 22:05 - 2014-07-11 16:46 - 00002081 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-08 22:05 - 2014-07-11 16:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-08 22:05 - 2014-07-11 15:51 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-08 22:05 - 2014-07-08 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-08 18:45 - 2014-07-08 18:46 - 00000000 ____D () C:\Users\Sarah\Downloads\logfiles 08_07_2014

2014-07-08 18:17 - 2014-07-08 18:17 - 00380416 _____ () C:\Users\Sarah\Downloads\Gmer-19357.exe

2014-07-08 17:59 - 2014-07-11 16:55 - 01075200 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe

2014-07-08 17:59 - 2014-07-11 16:55 - 00000000 ____D () C:\FRST

2014-07-08 17:57 - 2014-07-08 17:57 - 00050477 _____ () C:\Users\Sarah\Downloads\Defogger.exe

2014-07-08 17:57 - 2014-07-08 17:57 - 00000000 _____ () C:\Users\Sarah\defogger_reenable

2014-07-08 16:15 - 2014-07-11 16:20 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001UA.job

2014-07-08 16:15 - 2014-07-11 16:20 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001Core.job

2014-07-08 16:15 - 2014-07-08 16:15 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Facebook

2014-07-08 15:49 - 2014-07-08 15:49 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-07-08 15:47 - 2014-07-08 15:47 - 00284288 _____ (Mozilla) C:\Users\Sarah\Downloads\Firefox Setup Stub 30.0.exe

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList

2014-07-08 15:14 - 2014-07-08 15:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-07-08 15:14 - 2014-07-08 15:14 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-06-24 21:21 - 2014-06-24 21:21 - 00014239 _____ () C:\Users\Sarah\Desktop\Wohnung.odt

2014-06-24 16:15 - 2014-06-24 16:15 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-06-18 17:20 - 2014-07-08 15:14 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-06-11 22:04 - 2014-05-08 11:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-11 22:04 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-06-11 22:04 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-11 22:04 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-11 22:04 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-06-11 22:04 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-11 22:04 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-06-11 22:04 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
 

==================== One Month Modified Files and Folders =======
 

2014-07-11 16:56 - 2014-07-11 16:55 - 00010608 _____ () C:\Users\Sarah\Downloads\FRST.txt

2014-07-11 16:55 - 2014-07-11 16:55 - 00000000 ____D () C:\Users\Sarah\Downloads\FRST-OlderVersion

2014-07-11 16:55 - 2014-07-08 17:59 - 01075200 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe

2014-07-11 16:55 - 2014-07-08 17:59 - 00000000 ____D () C:\FRST

2014-07-11 16:54 - 2014-07-11 16:54 - 00000925 _____ () C:\Users\Sarah\Desktop\checkup.txt

2014-07-11 16:51 - 2014-07-11 16:51 - 00854390 _____ () C:\Users\Sarah\Downloads\SecurityCheck.exe

2014-07-11 16:47 - 2014-07-11 16:47 - 00000973 _____ () C:\Users\Sarah\Desktop\esetOnlinelist.txt

2014-07-11 16:46 - 2014-07-08 22:05 - 00002081 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-11 16:46 - 2014-07-08 22:05 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-11 16:42 - 2014-02-05 13:08 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Dropbox

2014-07-11 16:25 - 2014-01-30 11:34 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Skype

2014-07-11 16:20 - 2014-07-08 16:15 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001UA.job

2014-07-11 16:20 - 2014-07-08 16:15 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001Core.job

2014-07-11 16:09 - 2014-02-05 14:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-11 15:52 - 2014-02-05 13:19 - 00000000 ___RD () C:\Users\Sarah\Dropbox

2014-07-11 15:52 - 2014-02-05 13:16 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\DropboxMaster

2014-07-11 15:51 - 2014-07-08 22:05 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-11 15:38 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-11 15:38 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-11 15:36 - 2014-01-30 00:15 - 01985092 _____ () C:\Windows\WindowsUpdate.log

2014-07-11 15:35 - 2009-10-15 11:59 - 02507726 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-11 15:31 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-11 15:31 - 2009-07-14 06:39 - 00034311 _____ () C:\Windows\setupact.log

2014-07-10 22:28 - 2014-07-10 22:28 - 02347384 _____ (ESET) C:\Users\Sarah\Downloads\esetsmartinstaller_deu.exe

2014-07-10 22:22 - 2009-07-14 06:33 - 00294080 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-10 22:20 - 2009-07-14 11:14 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-10 22:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\fr-FR

2014-07-10 22:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-07-10 21:56 - 2014-01-30 13:43 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-10 21:54 - 2014-01-30 13:43 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-07-10 21:42 - 2014-07-10 21:42 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Adobe

2014-07-08 23:44 - 2014-07-08 23:44 - 00000000 ____D () C:\Windows\ERUNT

2014-07-08 23:43 - 2014-07-08 23:43 - 01016261 _____ (Thisisu) C:\Users\Sarah\Downloads\JRT.exe

2014-07-08 23:39 - 2014-01-30 11:37 - 00104700 _____ () C:\Windows\PFRO.log

2014-07-08 23:38 - 2014-07-08 23:37 - 00000000 ____D () C:\AdwCleaner

2014-07-08 23:38 - 2014-01-30 00:16 - 00000000 ____D () C:\Users\Sarah

2014-07-08 23:37 - 2014-07-08 23:37 - 01346519 _____ () C:\Users\Sarah\Downloads\adwcleaner_3.214.exe

2014-07-08 23:35 - 2014-07-08 23:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-08 23:31 - 2014-01-30 00:13 - 00000000 ____D () C:\Windows\rescache

2014-07-08 23:18 - 2014-07-08 23:18 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-08 23:18 - 2014-07-08 23:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sarah\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-08 23:08 - 2014-07-08 23:08 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM8887.tmp

2014-07-08 23:07 - 2014-07-08 23:07 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM68F4.tmp

2014-07-08 22:09 - 2014-02-05 14:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-07-08 22:09 - 2014-02-05 14:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-07-08 22:05 - 2014-07-08 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-08 22:05 - 2014-01-30 11:33 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google

2014-07-08 22:05 - 2014-01-30 11:33 - 00000000 ____D () C:\Program Files\Google

2014-07-08 18:46 - 2014-07-08 18:45 - 00000000 ____D () C:\Users\Sarah\Downloads\logfiles 08_07_2014

2014-07-08 18:17 - 2014-07-08 18:17 - 00380416 _____ () C:\Users\Sarah\Downloads\Gmer-19357.exe

2014-07-08 17:57 - 2014-07-08 17:57 - 00050477 _____ () C:\Users\Sarah\Downloads\Defogger.exe

2014-07-08 17:57 - 2014-07-08 17:57 - 00000000 _____ () C:\Users\Sarah\defogger_reenable

2014-07-08 16:15 - 2014-07-08 16:15 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Facebook

2014-07-08 15:49 - 2014-07-08 15:49 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-07-08 15:47 - 2014-07-08 15:47 - 00284288 _____ (Mozilla) C:\Users\Sarah\Downloads\Firefox Setup Stub 30.0.exe

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList

2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList

2014-07-08 15:14 - 2014-07-08 15:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-07-08 15:14 - 2014-07-08 15:14 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2014-07-08 15:14 - 2014-06-18 17:20 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-07-08 15:14 - 2014-01-30 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

2014-07-08 15:14 - 2014-01-30 10:48 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-07-08 15:14 - 2014-01-30 10:48 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2014-07-08 15:14 - 2014-01-30 10:48 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-06-24 21:21 - 2014-06-24 21:21 - 00014239 _____ () C:\Users\Sarah\Desktop\Wohnung.odt

2014-06-24 16:15 - 2014-06-24 16:15 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-06-24 16:15 - 2014-02-26 21:55 - 00000000 ___RD () C:\Program Files\Skype

2014-06-24 16:15 - 2014-01-30 11:34 - 00000000 ____D () C:\ProgramData\Skype

2014-06-20 21:39 - 2014-07-10 21:29 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-06-19 22:54 - 2014-02-05 13:19 - 00000000 ____D () C:\Users\Sarah\Desktop\Hochzeit (1)

2014-06-19 02:16 - 2014-07-10 21:29 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-19 01:56 - 2014-07-10 21:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-06-19 01:56 - 2014-07-10 21:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-06-19 01:38 - 2014-07-10 21:29 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-06-19 01:37 - 2014-07-10 21:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-19 01:36 - 2014-07-10 21:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-06-19 01:35 - 2014-07-10 21:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-06-19 01:32 - 2014-07-10 21:29 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-19 01:28 - 2014-07-10 21:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-19 01:28 - 2014-07-10 21:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-19 01:25 - 2014-07-10 21:29 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-06-19 01:23 - 2014-07-10 21:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-06-19 01:23 - 2014-07-10 21:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-06-19 01:22 - 2014-07-10 21:29 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-06-19 01:16 - 2014-07-10 21:29 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-06-19 01:12 - 2014-07-10 21:29 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-19 01:06 - 2014-07-10 21:29 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-06-19 01:01 - 2014-07-10 21:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-19 00:59 - 2014-07-10 21:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-19 00:58 - 2014-07-10 21:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-19 00:52 - 2014-07-10 21:29 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-19 00:52 - 2014-07-10 21:29 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-19 00:49 - 2014-07-10 21:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-19 00:46 - 2014-07-10 21:29 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-06-19 00:45 - 2014-07-10 21:29 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-19 00:35 - 2014-07-10 21:29 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-19 00:13 - 2014-07-10 21:29 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-19 00:09 - 2014-07-10 21:29 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-19 00:07 - 2014-07-10 21:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-06-18 03:51 - 2014-07-10 21:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-06-18 02:52 - 2014-07-10 21:28 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 

Some content of TEMP:

====================

C:\Users\Sarah\AppData\Local\Temp\6_Offer_5.exe

C:\Users\Sarah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2alr7r.dll

C:\Users\Sarah\AppData\Local\Temp\install_reader11_de_ltr5x32d_awc_aih.exe

C:\Users\Sarah\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Sarah\AppData\Local\Temp\pdf24-creator-update.exe

C:\Users\Sarah\AppData\Local\Temp\Quarantine.exe

C:\Users\Sarah\AppData\Local\Temp\vlc-2.1.3-win32.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-19 21:43
 

==================== End Of Log ============================

--- --- ---

Merci beaucup!!

Java updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Danke vielmals, hat alles super geklappt!