Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: IE öffnet ständig Werbefenster.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.07.2013, 13:04   #1
zombie8580
 
IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



Hallo,

seit zwei tagen öffnet sich ständig der IE mit werbungen. hab die seiten schon blockiert, aber es hilft nichts. hab auch schon mein norton und avg-antivirus laufen lassen. haben aber nichts gefunden.
kann mir jemend helfen, bitte?

Alt 15.07.2013, 13:21   #2
schrauber
/// the machine
/// TB-Ausbilder
 

IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 15.07.2013, 14:02   #3
zombie8580
 
IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by Christian (administrator) on 15-07-2013 14:58:36
Running from C:\Users\Christian\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
() C:\Program Files\tutoriales100_es_19\tutoriales100_es_19.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Symantec Corporation) C:\PROGRAM FILES\NORTON ANTIVIRUS\ENGINE\20.4.0.40\cltLMH.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] - "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [tutoriales100_es_19] - "C:\Program Files\tutoriales100_es_19\tutoriales100_es_19.exe" [3962216 2013-05-31] ()
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2012-03-17] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [ScrSav] -  [x]
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [ScrSav] -  [x]
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Googlebar.url ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0312&m=aspire_6930g
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: movie2kdownloader - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [ffox@bandoo.com] C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com
FF Extension: Bandoo for Firefox - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\

========================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1342024 2012-12-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87992 2012-09-07] (Nero AG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [703008 2009-04-15] (Acer Incorporated)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S4 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)
S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
S4 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [26496 2007-08-19] (AVerMedia TECHNOLOGIES, Inc.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-20] (AVG Technologies)
R3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42496 2007-08-19] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-10] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130712.001\IDSvix86.sys [386720 2012-10-19] (Symantec Corporation)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130714.004\NAVENG.SYS [93272 2013-06-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130714.004\NAVEX15.SYS [1611992 2013-06-20] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-09-22] (TuneUp Software)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 k57nd60x; system32\DRIVERS\k57nd60x.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 srservice; 
S3 SYMFW; \SystemRoot\System32\Drivers\NAV\1008030.006\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NAV\1008030.006\SYMNDISV.SYS [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
U2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 13:54 - 2013-07-15 13:54 - 00000000 ____D C:\FRST
2013-07-15 13:53 - 2013-07-15 13:53 - 01218214 _____ (Farbar) C:\Users\Christian\Desktop\FRST.exe
2013-07-15 12:21 - 2013-07-15 12:22 - 05088557 _____ (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2013-07-13 07:11 - 2013-07-13 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 22:36 - 2013-07-15 13:40 - 00000000 ____D C:\Users\Christian\Desktop\Neuer Ordner
2013-07-12 21:21 - 2013-07-12 21:21 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\tutoriales100_es_19
2013-07-12 21:04 - 2013-07-12 21:17 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\NPE
2013-07-12 11:55 - 2013-07-12 11:55 - 00000000 ____D C:\Users\Christian\Documents\default
2013-07-12 11:49 - 2013-07-12 11:49 - 00001080 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Ashampoo
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\ashampoo
2013-07-12 11:48 - 2013-07-12 11:49 - 00000000 ____D C:\ProgramData\Ashampoo
2013-07-12 11:48 - 2013-07-12 11:48 - 00000000 ____D C:\Program Files\Ashampoo
2013-07-11 17:36 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 17:36 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 17:36 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 17:36 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 17:36 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 17:36 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 17:36 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 17:36 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 17:36 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 17:36 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-11 17:36 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 17:36 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 17:36 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 17:36 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 17:36 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 17:36 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 15:21 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:21 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:21 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:21 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 15:21 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 15:21 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 15:21 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 15:21 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 15:21 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-07 10:12 - 2013-07-07 10:12 - 00000000 ____D C:\Users\Christian\Documents\Add-in Express
2013-07-06 20:44 - 2013-07-12 20:49 - 00000000 ____D C:\Users\Christian\Desktop\Spanisch
2013-07-06 20:35 - 2013-07-12 11:09 - 00000000 ____D C:\Users\Christian\AppData\Roaming\uTorrent
2013-07-06 20:31 - 2013-07-07 10:06 - 00000000 ____D C:\Program Files\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-07-06 20:31 - 2011-02-17 14:37 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\mfc70.dll
2013-07-06 20:31 - 2011-02-17 14:37 - 00487424 _____ (Microsoft Corporation) C:\Windows\system32\msvcp70.dll
2013-07-06 20:31 - 2010-05-11 14:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2013-07-06 20:31 - 2010-05-11 14:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2013-07-06 20:27 - 2013-07-07 10:10 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-07-06 20:26 - 2013-07-06 20:26 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\eorezo
2013-07-06 20:26 - 2013-07-06 20:26 - 00000000 ____D C:\Program Files\tutoriales100_es_19
2013-07-03 02:07 - 2013-07-03 02:07 - 00002096 _____ C:\{BD098FC9-031D-451B-A78F-51E95D042C36}
2013-07-02 21:13 - 2013-07-06 18:50 - 00025088 _____ C:\Users\Christian\Desktop\2013-07 GASTOS DE VIAJE CON FÓRMULA.xls
2013-07-02 06:38 - 2013-07-02 06:38 - 00110592 _____ C:\Users\Christian\Desktop\Control Poleas.xls
2013-06-24 17:59 - 2013-06-24 17:58 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-22 12:41 - 2013-06-22 12:41 - 00000000 ____D C:\_OTL
2013-06-21 15:42 - 2013-06-21 15:42 - 00000115 _____ C:\Windows\DeleteOnReboot.bat
2013-06-21 15:28 - 2013-06-21 15:35 - 00000000 ____D C:\JRT
2013-06-21 15:28 - 2013-06-21 15:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 19:42 - 2013-06-20 20:04 - 00000000 ____D C:\Qoobox
2013-06-20 19:42 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-06-20 19:42 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-06-20 19:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-06-20 19:41 - 2013-06-20 20:01 - 00000000 ____D C:\Windows\erdnt
2013-06-20 19:02 - 2013-07-12 23:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-20 00:27 - 2013-07-12 23:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-19 21:21 - 2013-06-19 21:21 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-06-19 21:20 - 2013-06-19 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 19:01 - 2013-06-19 19:01 - 00000823 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-16 09:34 - 2013-06-16 09:34 - 00000386 _____ C:\Users\Christian\Desktop\Filme.lnk

==================== One Month Modified Files and Folders =======

2013-07-15 14:52 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 14:52 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 14:52 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 14:51 - 2012-03-17 23:26 - 01927281 _____ C:\Windows\WindowsUpdate.log
2013-07-15 14:51 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-15 14:24 - 2012-04-02 16:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 14:10 - 2012-10-25 09:45 - 00000000 ____D C:\ProgramData\MFAData
2013-07-15 13:56 - 2012-03-17 23:38 - 00000000 ___RD C:\Users\Christian\Desktop
2013-07-15 13:54 - 2013-07-15 13:54 - 00000000 ____D C:\FRST
2013-07-15 13:53 - 2013-07-15 13:53 - 01218214 _____ (Farbar) C:\Users\Christian\Desktop\FRST.exe
2013-07-15 13:40 - 2013-07-12 22:36 - 00000000 ____D C:\Users\Christian\Desktop\Neuer Ordner
2013-07-15 13:39 - 2012-03-18 00:31 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Adobe
2013-07-15 13:09 - 2012-04-02 16:41 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-15 13:09 - 2012-03-18 19:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-15 12:22 - 2013-07-15 12:21 - 05088557 _____ (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2013-07-15 08:36 - 2012-03-18 13:14 - 00000000 ____D C:\Users\Christian\AppData\Roaming\UseNeXT
2013-07-15 00:44 - 2006-11-02 12:33 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-13 07:13 - 2013-07-13 07:11 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 06:35 - 2012-03-18 01:19 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2013-07-12 23:07 - 2013-06-20 19:02 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-12 23:01 - 2013-06-20 00:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 21:30 - 2013-04-30 09:04 - 00000000 ____D C:\Users\Christian\Desktop\jMovieManager V1.12
2013-07-12 21:21 - 2013-07-12 21:21 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\tutoriales100_es_19
2013-07-12 21:17 - 2013-07-12 21:04 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\NPE
2013-07-12 21:05 - 2012-03-18 11:45 - 00000000 ____D C:\ProgramData\Norton
2013-07-12 20:49 - 2013-07-06 20:44 - 00000000 ____D C:\Users\Christian\Desktop\Spanisch
2013-07-12 12:28 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-12 11:55 - 2013-07-12 11:55 - 00000000 ____D C:\Users\Christian\Documents\default
2013-07-12 11:49 - 2013-07-12 11:49 - 00001080 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Ashampoo
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\ashampoo
2013-07-12 11:49 - 2013-07-12 11:48 - 00000000 ____D C:\ProgramData\Ashampoo
2013-07-12 11:48 - 2013-07-12 11:48 - 00000000 ____D C:\Program Files\Ashampoo
2013-07-12 11:09 - 2013-07-06 20:35 - 00000000 ____D C:\Users\Christian\AppData\Roaming\uTorrent
2013-07-11 18:16 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 17:56 - 2006-11-02 14:47 - 00296800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 17:54 - 2012-03-18 13:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 17:51 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-11 17:37 - 2009-03-12 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 17:29 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 12:01 - 2012-12-03 14:38 - 00031614 _____ C:\Windows\PFRO.log
2013-07-07 10:12 - 2013-07-07 10:12 - 00000000 ____D C:\Users\Christian\Documents\Add-in Express
2013-07-07 10:10 - 2013-07-06 20:27 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-07-07 10:06 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\AVS4YOU
2013-07-06 20:34 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-07-06 20:26 - 2013-07-06 20:26 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\eorezo
2013-07-06 20:26 - 2013-07-06 20:26 - 00000000 ____D C:\Program Files\tutoriales100_es_19
2013-07-06 20:25 - 2012-03-17 23:38 - 00001356 _____ C:\Users\CHRIST~1\AppData\Local\d3d9caps.dat
2013-07-06 18:50 - 2013-07-02 21:13 - 00025088 _____ C:\Users\Christian\Desktop\2013-07 GASTOS DE VIAJE CON FÓRMULA.xls
2013-07-06 07:26 - 2012-05-13 22:03 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype
2013-07-03 02:07 - 2013-07-03 02:07 - 00002096 _____ C:\{BD098FC9-031D-451B-A78F-51E95D042C36}
2013-07-02 06:38 - 2013-07-02 06:38 - 00110592 _____ C:\Users\Christian\Desktop\Control Poleas.xls
2013-07-01 22:06 - 2012-12-24 10:46 - 00000000 ____D C:\Program Files\XMedia Recode
2013-07-01 20:13 - 2013-05-01 22:59 - 00000000 ____D C:\Users\Christian\Desktop\Facebook
2013-06-29 15:05 - 2013-01-28 18:43 - 00000000 ___RD C:\Program Files\Skype
2013-06-29 15:05 - 2012-05-13 22:03 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 05:10 - 2012-03-18 01:35 - 00008192 _____ C:\Users\CHRIST~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-24 17:58 - 2013-06-24 17:59 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-24 17:58 - 2012-07-02 15:44 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-24 17:58 - 2012-03-18 15:01 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-24 17:58 - 2012-03-18 15:01 - 00000000 ____D C:\Program Files\Java
2013-06-24 15:41 - 2012-03-17 23:40 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\VirtualStore
2013-06-24 06:10 - 2012-03-18 13:14 - 00000000 ____D C:\ProgramData\Nero
2013-06-24 06:10 - 2012-03-18 12:29 - 00000000 ____D C:\Program Files\Common Files\Ahead
2013-06-24 00:37 - 2006-11-02 12:24 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-23 20:50 - 2012-09-13 20:04 - 00000000 ____D C:\Filme
2013-06-22 12:41 - 2013-06-22 12:41 - 00000000 ____D C:\_OTL
2013-06-21 15:42 - 2013-06-21 15:42 - 00000115 _____ C:\Windows\DeleteOnReboot.bat
2013-06-21 15:42 - 2012-10-25 09:56 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-06-21 15:35 - 2013-06-21 15:28 - 00000000 ____D C:\JRT
2013-06-21 15:28 - 2013-06-21 15:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 20:04 - 2013-06-20 19:42 - 00000000 ____D C:\Qoobox
2013-06-20 20:04 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-06-20 20:01 - 2013-06-20 19:41 - 00000000 ____D C:\Windows\erdnt
2013-06-20 19:59 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-06-20 00:13 - 2012-10-07 11:16 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Paint.NET
2013-06-19 23:33 - 2012-10-25 20:52 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\CrashDumps
2013-06-19 21:21 - 2013-06-19 21:21 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-06-19 21:20 - 2013-06-19 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 20:56 - 2012-10-19 22:22 - 00000000 ____D C:\Windows\system32\Drivers\NST
2013-06-19 20:56 - 2012-03-18 11:46 - 00000000 ____D C:\Windows\system32\Drivers\NAV
2013-06-19 20:47 - 2012-04-05 20:27 - 00000000 ____D C:\ProgramData\Western Digital
2013-06-19 19:01 - 2013-06-19 19:01 - 00000823 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-19 04:21 - 2012-03-18 11:46 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-06-19 04:21 - 2012-03-18 11:46 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-06-16 09:34 - 2013-06-16 09:34 - 00000386 _____ C:\Users\Christian\Desktop\Filme.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 14:15

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-07-2013
Ran by Christian at 2013-07-15 15:00:49
Running from C:\Users\Christian\Desktop
Boot Mode: Normal
==========================================================

 Update for Microsoft Office 2007 (KB2508958)
Acer Backup Manager (Version: 1.0.0.58)
Acer Crystal Eye Webcam (Version: 2.0.0.17)
Acer GridVista (Version: 2.72.317)
Acer PowerSmart Manager (Version: 4.01.3013)
Acer Product Registration (Version: 3.0.0.10)
Adobe AIR (Version: 3.5.0.600)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader 9.5.1 - Deutsch (Version: 9.5.1)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Ashampoo Burning Studio 2013 v.11.0.6 (Version: 11.0.6)
AVG 2013 (Version: 13.0.2677)
AVG 2013 (Version: 13.0.2742)
AVG 2013 (Version: 13.0.2793)
AVG 2013 (Version: 13.0.2805)
AVG 2013 (Version: 13.0.2890)
AVG 2013 (Version: 13.0.2897)
AVG 2013 (Version: 13.0.2899)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 2013.0.2904)
Backup Manager Basic (Version: 1.0.0.58)
Bullzip PDF Printer 9.3.0.1516 (Version: 9.3.0.1516)
EPSON Scan
EPSON-Drucker-Software
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.99)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi-Software (Version: 12.02.0000)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Lingoes 2.8.1 (Version: 2.8.1)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MotoCast (Version: 2.0.31)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Device Manager (Version: 2.3.9)
Motorola Device Software Update (Version: 13.02.1402)
MOTOROLA MEDIA LINK (Version: 1.9.0002.0)
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
neroxml (Version: 1.0.0)
Norton AntiVirus (Version: 20.4.0.40)
Norton Identity Safe (Version: 2013.4.0.10)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Paint.NET v3.5.10 (Version: 3.60.0)
PDF-Viewer (Version: 2.5.207.0)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20113)
SES Driver (Version: 1.0.0)
Skype™ 6.5 (Version: 6.5.158)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
TreeSize Professional V5.5 (Version: 5.5)
TuneUp Utilities 2012 (Version: 12.0.3600.73)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.73)
tutoriales100_es_19
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
UseNeXT by Tangysoft
Video Download Capture V4.3.3 (Version: 4.3.3)
VLC media player 2.0.7 (Version: 2.0.7)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WinRAR Archivierer
 

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-06-22 12:53 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {087F8E30-7A16-4779-886B-6647FF0593BB} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {11348C5E-88DE-473C-82E8-02C72EF0F961} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\WSCStub.exe No File
Task: {12D98F6E-E437-45B3-AD07-DA54EE9912C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1D7A805D-41DF-4B4B-BFC9-C330619E3972} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-30] (Symantec Corporation)
Task: {31F467FE-9A03-4C41-907F-08924C6B4557} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4A201B95-1DB8-4AFE-9084-0CFB9968270A} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {4D0FC1E7-EEF9-49DC-9C7D-95B44E68AE18} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {5A435254-86FF-4FD3-AC59-A9DBB9EAC6FA} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {5E1BCF67-BA35-4F30-9380-7FE11BE5395C} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {8846980E-E272-4F4D-B092-019561593E53} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-30] (Symantec Corporation)
Task: {8C9E2E53-8B54-4C64-AA72-C676D6122D81} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {A8BD2551-82F0-49FA-BE94-E8605ECBBEEE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {C42B4E92-FF8A-47ED-9665-9EB819E4E223} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Christian => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {C43CA56E-CA28-46B3-916D-CA5C465836C9} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {CDAD4FBA-33A7-4698-8785-6B86BF97548C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {E61282FF-84B8-4BAE-A536-6270E20A6875} - System32\Tasks\{A4D57398-6826-4D9F-8DEE-E618D3F3B736} => C:\Program Files\Internet Explorer\iexplore.exe [2013-05-29] (Microsoft Corporation)
Task: {F530F641-09BD-4905-8BE4-C82C694143C0} - System32\Tasks\MotoCast Update => C:\Program Files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2013 03:00:50 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (07/15/2013 03:00:50 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" 
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (07/15/2013 02:57:53 PM) (Source: MsiInstaller) (User: Zombie)
Description: Produkt: Google Toolbar for Internet Explorer - Update "{BFF70815-2349-409C-8B32-C18E8551B140}" konnte nicht entfernt werden. Fehlercode 1647. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/15/2013 02:57:53 PM) (Source: MsiInstaller) (User: Zombie)
Description: Produkt: Google Toolbar for Internet Explorer - Update "{BFF70815-2349-409C-8B32-C18E8551B140}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/15/2013 02:57:53 PM) (Source: MsiInstaller) (User: Zombie)
Description: Produkt: Google Toolbar for Internet Explorer - Update "{BFF70815-2349-409C-8B32-C18E8551B140}" konnte nicht entfernt werden. Fehlercode 1647. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/15/2013 02:57:53 PM) (Source: MsiInstaller) (User: Zombie)
Description: Produkt: Google Toolbar for Internet Explorer - Update "{BFF70815-2349-409C-8B32-C18E8551B140}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/15/2013 02:54:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2013 02:05:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2013 01:55:19 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (07/15/2013 01:55:19 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" 
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator


System errors:
=============
Error: (07/15/2013 02:57:45 PM) (Source: DCOM) (User: Zombie)
Description: AnwendungsspezifischLokalAktivierung{4991D34B-80A1-4291-83B6-3328366B9097}ZombieChristianS-1-5-21-2655343216-3542076400-2504452006-1000LocalHost (unter Verwendung von LRPC)

Error: (07/15/2013 02:57:45 PM) (Source: DCOM) (User: Zombie)
Description: AnwendungsspezifischLokalAktivierung{4991D34B-80A1-4291-83B6-3328366B9097}ZombieChristianS-1-5-21-2655343216-3542076400-2504452006-1000LocalHost (unter Verwendung von LRPC)

Error: (07/15/2013 02:54:53 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058

Error: (07/15/2013 02:54:53 PM) (Source: Service Control Manager) (User: )
Description: Diagnosesystemhost

Error: (07/15/2013 02:54:51 PM) (Source: Service Control Manager) (User: )
Description: Diagnosediensthost

Error: (07/15/2013 02:54:11 PM) (Source: Service Control Manager) (User: )
Description: Windows-BilderfassungShellhardwareerkennung%%1058

Error: (07/15/2013 02:54:11 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (07/15/2013 02:54:11 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (07/15/2013 02:51:34 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (07/15/2013 02:10:27 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-15 15:00:32.171
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 15:00:31.984
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 15:00:31.797
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 15:00:31.563
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 15:00:26.930
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 15:00:26.743
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 15:00:26.524
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 15:00:26.337
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 15:00:26.165
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 15:00:25.978
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3065.93 MB
Available physical RAM: 1777.98 MB
Total Pagefile: 6334.13 MB
Available Pagefile: 5070.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.14 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:29.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:12.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 50A5B170)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=12)

==================== End Of Log ============================
         
__________________

Alt 15.07.2013, 14:06   #4
schrauber
/// the machine
/// TB-Ausbilder
 

IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



Wer hat denn da schon rumgedoktert mit Combofix und Co?

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.07.2013, 18:22   #5
zombie8580
 
IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



hab nicht rumgedoktert. das ist noch von ca 2 monaten. da hatte ich ein anderes problem.

Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 15/07/2013 um 15:10:13 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Christian - ZOMBIE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Users\Christian\AppData\Local\EoRezo

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : HKLM\Software\Tutoriales100

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S2].txt - [6320 octets] - [15/07/2013 15:10:13]

########## EOF - C:\AdwCleaner[S2].txt - [6380 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows Vista (TM) Home Premium x86
Ran by Christian on 15.07.2013 at 19:23:30,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Christian\appdata\local\eorezo"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.07.2013 at 19:27:03,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by Christian (administrator) on 15-07-2013 19:28:53
Running from C:\Users\Christian\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
() C:\Program Files\tutoriales100_es_19\tutoriales100_es_19.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcfgex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] - "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [tutoriales100_es_19] - "C:\Program Files\tutoriales100_es_19\tutoriales100_es_19.exe" [3962216 2013-05-31] ()
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2012-03-17] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [ScrSav] -  [x]
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [ScrSav] -  [x]
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Googlebar.url ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0312&m=aspire_6930g
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: movie2kdownloader - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [ffox@bandoo.com] C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com
FF Extension: Bandoo for Firefox - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\

========================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1342024 2012-12-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87992 2012-09-07] (Nero AG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [703008 2009-04-15] (Acer Incorporated)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S4 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)
S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
S4 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [26496 2007-08-19] (AVerMedia TECHNOLOGIES, Inc.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-20] (AVG Technologies)
R3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42496 2007-08-19] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-10] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130712.001\IDSvix86.sys [386720 2012-10-19] (Symantec Corporation)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130715.003\NAVENG.SYS [93272 2013-06-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130715.003\NAVEX15.SYS [1611992 2013-06-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-09-22] (TuneUp Software)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 k57nd60x; system32\DRIVERS\k57nd60x.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 srservice; 
S3 SYMFW; \SystemRoot\System32\Drivers\NAV\1008030.006\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NAV\1008030.006\SYMNDISV.SYS [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
U2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-15 19:27 - 2013-07-15 19:27 - 00000714 _____ C:\Users\Christian\Desktop\JRT.txt
2013-07-15 19:21 - 2013-07-15 19:21 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Christian\Desktop\JRT.exe
2013-07-15 15:10 - 2013-07-15 15:10 - 00006449 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:08 - 2013-07-15 15:08 - 00662345 _____ C:\Users\Christian\Desktop\adwcleaner.exe
2013-07-15 15:02 - 2013-07-15 19:28 - 00000000 ____D C:\Users\Christian\Desktop\erledigt
2013-07-15 13:54 - 2013-07-15 13:54 - 00000000 ____D C:\FRST
2013-07-15 13:53 - 2013-07-15 13:53 - 01218214 _____ (Farbar) C:\Users\Christian\Desktop\FRST.exe
2013-07-15 12:21 - 2013-07-15 12:22 - 05088557 _____ (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2013-07-13 07:11 - 2013-07-13 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 22:36 - 2013-07-15 19:27 - 00000000 ____D C:\Users\Christian\Desktop\Neuer Ordner
2013-07-12 21:21 - 2013-07-12 21:21 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\tutoriales100_es_19
2013-07-12 21:04 - 2013-07-12 21:17 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\NPE
2013-07-12 11:55 - 2013-07-12 11:55 - 00000000 ____D C:\Users\Christian\Documents\default
2013-07-12 11:49 - 2013-07-12 11:49 - 00001080 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Ashampoo
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\ashampoo
2013-07-12 11:48 - 2013-07-12 11:49 - 00000000 ____D C:\ProgramData\Ashampoo
2013-07-12 11:48 - 2013-07-12 11:48 - 00000000 ____D C:\Program Files\Ashampoo
2013-07-11 17:36 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 17:36 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 17:36 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 17:36 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 17:36 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 17:36 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 17:36 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 17:36 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 17:36 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 17:36 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-11 17:36 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 17:36 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 17:36 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 17:36 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 17:36 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 17:36 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 15:21 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:21 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:21 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:21 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 15:21 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 15:21 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 15:21 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 15:21 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 15:21 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-07 10:12 - 2013-07-07 10:12 - 00000000 ____D C:\Users\Christian\Documents\Add-in Express
2013-07-06 20:44 - 2013-07-12 20:49 - 00000000 ____D C:\Users\Christian\Desktop\Spanisch
2013-07-06 20:35 - 2013-07-12 11:09 - 00000000 ____D C:\Users\Christian\AppData\Roaming\uTorrent
2013-07-06 20:31 - 2013-07-07 10:06 - 00000000 ____D C:\Program Files\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-07-06 20:31 - 2011-02-17 14:37 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\mfc70.dll
2013-07-06 20:31 - 2011-02-17 14:37 - 00487424 _____ (Microsoft Corporation) C:\Windows\system32\msvcp70.dll
2013-07-06 20:31 - 2010-05-11 14:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2013-07-06 20:31 - 2010-05-11 14:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2013-07-06 20:27 - 2013-07-07 10:10 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-07-06 20:26 - 2013-07-06 20:26 - 00000000 ____D C:\Program Files\tutoriales100_es_19
2013-07-03 02:07 - 2013-07-03 02:07 - 00002096 _____ C:\{BD098FC9-031D-451B-A78F-51E95D042C36}
2013-07-02 21:13 - 2013-07-06 18:50 - 00025088 _____ C:\Users\Christian\Desktop\2013-07 GASTOS DE VIAJE CON FÓRMULA.xls
2013-07-02 06:38 - 2013-07-02 06:38 - 00110592 _____ C:\Users\Christian\Desktop\Control Poleas.xls
2013-06-24 17:59 - 2013-06-24 17:58 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-22 12:41 - 2013-06-22 12:41 - 00000000 ____D C:\_OTL
2013-06-21 15:42 - 2013-07-15 15:10 - 00000230 _____ C:\Windows\DeleteOnReboot.bat
2013-06-21 15:28 - 2013-06-21 15:35 - 00000000 ____D C:\JRT
2013-06-21 15:28 - 2013-06-21 15:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 19:42 - 2013-06-20 20:04 - 00000000 ____D C:\Qoobox
2013-06-20 19:42 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-06-20 19:42 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-06-20 19:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-06-20 19:41 - 2013-06-20 20:01 - 00000000 ____D C:\Windows\erdnt
2013-06-20 19:02 - 2013-07-12 23:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-20 00:27 - 2013-07-12 23:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-19 21:21 - 2013-06-19 21:21 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-06-19 21:20 - 2013-06-19 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 19:01 - 2013-06-19 19:01 - 00000823 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-16 09:34 - 2013-06-16 09:34 - 00000386 _____ C:\Users\Christian\Desktop\Filme.lnk

==================== One Month Modified Files and Folders =======

2013-07-15 19:28 - 2013-07-15 15:02 - 00000000 ____D C:\Users\Christian\Desktop\erledigt
2013-07-15 19:28 - 2012-03-17 23:38 - 00000000 ___RD C:\Users\Christian\Desktop
2013-07-15 19:27 - 2013-07-15 19:27 - 00000714 _____ C:\Users\Christian\Desktop\JRT.txt
2013-07-15 19:27 - 2013-07-12 22:36 - 00000000 ____D C:\Users\Christian\Desktop\Neuer Ordner
2013-07-15 19:24 - 2012-04-02 16:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 19:21 - 2013-07-15 19:21 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Christian\Desktop\JRT.exe
2013-07-15 19:18 - 2012-03-18 13:14 - 00000000 ____D C:\Users\Christian\AppData\Roaming\UseNeXT
2013-07-15 19:14 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 19:14 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 18:27 - 2012-03-17 23:26 - 01938838 _____ C:\Windows\WindowsUpdate.log
2013-07-15 17:57 - 2012-10-25 09:45 - 00000000 ____D C:\ProgramData\MFAData
2013-07-15 15:14 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 15:12 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-15 15:10 - 2013-07-15 15:10 - 00006449 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:10 - 2013-06-21 15:42 - 00000230 _____ C:\Windows\DeleteOnReboot.bat
2013-07-15 15:08 - 2013-07-15 15:08 - 00662345 _____ C:\Users\Christian\Desktop\adwcleaner.exe
2013-07-15 13:54 - 2013-07-15 13:54 - 00000000 ____D C:\FRST
2013-07-15 13:53 - 2013-07-15 13:53 - 01218214 _____ (Farbar) C:\Users\Christian\Desktop\FRST.exe
2013-07-15 13:39 - 2012-03-18 00:31 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Adobe
2013-07-15 13:09 - 2012-04-02 16:41 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-15 13:09 - 2012-03-18 19:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-15 12:22 - 2013-07-15 12:21 - 05088557 _____ (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2013-07-15 00:44 - 2006-11-02 12:33 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-13 07:13 - 2013-07-13 07:11 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 06:35 - 2012-03-18 01:19 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2013-07-12 23:07 - 2013-06-20 19:02 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-12 23:01 - 2013-06-20 00:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 21:30 - 2013-04-30 09:04 - 00000000 ____D C:\Users\Christian\Desktop\jMovieManager V1.12
2013-07-12 21:21 - 2013-07-12 21:21 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\tutoriales100_es_19
2013-07-12 21:17 - 2013-07-12 21:04 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\NPE
2013-07-12 21:05 - 2012-03-18 11:45 - 00000000 ____D C:\ProgramData\Norton
2013-07-12 20:49 - 2013-07-06 20:44 - 00000000 ____D C:\Users\Christian\Desktop\Spanisch
2013-07-12 12:28 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-12 11:55 - 2013-07-12 11:55 - 00000000 ____D C:\Users\Christian\Documents\default
2013-07-12 11:49 - 2013-07-12 11:49 - 00001080 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Ashampoo
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\ashampoo
2013-07-12 11:49 - 2013-07-12 11:48 - 00000000 ____D C:\ProgramData\Ashampoo
2013-07-12 11:48 - 2013-07-12 11:48 - 00000000 ____D C:\Program Files\Ashampoo
2013-07-12 11:09 - 2013-07-06 20:35 - 00000000 ____D C:\Users\Christian\AppData\Roaming\uTorrent
2013-07-11 18:16 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 17:56 - 2006-11-02 14:47 - 00296800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 17:54 - 2012-03-18 13:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 17:51 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-11 17:37 - 2009-03-12 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 17:29 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 12:01 - 2012-12-03 14:38 - 00031614 _____ C:\Windows\PFRO.log
2013-07-07 10:12 - 2013-07-07 10:12 - 00000000 ____D C:\Users\Christian\Documents\Add-in Express
2013-07-07 10:10 - 2013-07-06 20:27 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-07-07 10:06 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\AVS4YOU
2013-07-06 20:34 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-07-06 20:26 - 2013-07-06 20:26 - 00000000 ____D C:\Program Files\tutoriales100_es_19
2013-07-06 20:25 - 2012-03-17 23:38 - 00001356 _____ C:\Users\CHRIST~1\AppData\Local\d3d9caps.dat
2013-07-06 18:50 - 2013-07-02 21:13 - 00025088 _____ C:\Users\Christian\Desktop\2013-07 GASTOS DE VIAJE CON FÓRMULA.xls
2013-07-06 07:26 - 2012-05-13 22:03 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype
2013-07-03 02:07 - 2013-07-03 02:07 - 00002096 _____ C:\{BD098FC9-031D-451B-A78F-51E95D042C36}
2013-07-02 06:38 - 2013-07-02 06:38 - 00110592 _____ C:\Users\Christian\Desktop\Control Poleas.xls
2013-07-01 22:06 - 2012-12-24 10:46 - 00000000 ____D C:\Program Files\XMedia Recode
2013-07-01 20:13 - 2013-05-01 22:59 - 00000000 ____D C:\Users\Christian\Desktop\Facebook
2013-06-29 15:05 - 2013-01-28 18:43 - 00000000 ___RD C:\Program Files\Skype
2013-06-29 15:05 - 2012-05-13 22:03 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 05:10 - 2012-03-18 01:35 - 00008192 _____ C:\Users\CHRIST~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-24 17:58 - 2013-06-24 17:59 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-24 17:58 - 2012-07-02 15:44 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-24 17:58 - 2012-03-18 15:01 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-24 17:58 - 2012-03-18 15:01 - 00000000 ____D C:\Program Files\Java
2013-06-24 15:41 - 2012-03-17 23:40 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\VirtualStore
2013-06-24 06:10 - 2012-03-18 13:14 - 00000000 ____D C:\ProgramData\Nero
2013-06-24 06:10 - 2012-03-18 12:29 - 00000000 ____D C:\Program Files\Common Files\Ahead
2013-06-24 00:37 - 2006-11-02 12:24 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-23 20:50 - 2012-09-13 20:04 - 00000000 ____D C:\Filme
2013-06-22 12:41 - 2013-06-22 12:41 - 00000000 ____D C:\_OTL
2013-06-21 15:42 - 2012-10-25 09:56 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-06-21 15:35 - 2013-06-21 15:28 - 00000000 ____D C:\JRT
2013-06-21 15:28 - 2013-06-21 15:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 20:04 - 2013-06-20 19:42 - 00000000 ____D C:\Qoobox
2013-06-20 20:04 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-06-20 20:01 - 2013-06-20 19:41 - 00000000 ____D C:\Windows\erdnt
2013-06-20 19:59 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-06-20 00:13 - 2012-10-07 11:16 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Paint.NET
2013-06-19 23:33 - 2012-10-25 20:52 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\CrashDumps
2013-06-19 21:21 - 2013-06-19 21:21 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-06-19 21:20 - 2013-06-19 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 20:56 - 2012-10-19 22:22 - 00000000 ____D C:\Windows\system32\Drivers\NST
2013-06-19 20:56 - 2012-03-18 11:46 - 00000000 ____D C:\Windows\system32\Drivers\NAV
2013-06-19 20:47 - 2012-04-05 20:27 - 00000000 ____D C:\ProgramData\Western Digital
2013-06-19 19:01 - 2013-06-19 19:01 - 00000823 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-19 04:21 - 2012-03-18 11:46 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-06-19 04:21 - 2012-03-18 11:46 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-06-16 09:34 - 2013-06-16 09:34 - 00000386 _____ C:\Users\Christian\Desktop\Filme.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 15:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-07-2013
Ran by Christian at 2013-07-15 19:29:16
Running from C:\Users\Christian\Desktop
Boot Mode: Normal
==========================================================

 Update for Microsoft Office 2007 (KB2508958)
Acer Backup Manager (Version: 1.0.0.58)
Acer Crystal Eye Webcam (Version: 2.0.0.17)
Acer GridVista (Version: 2.72.317)
Acer PowerSmart Manager (Version: 4.01.3013)
Acer Product Registration (Version: 3.0.0.10)
Adobe AIR (Version: 3.5.0.600)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader 9.5.1 - Deutsch (Version: 9.5.1)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Ashampoo Burning Studio 2013 v.11.0.6 (Version: 11.0.6)
AVG 2013 (Version: 13.0.2677)
AVG 2013 (Version: 13.0.2742)
AVG 2013 (Version: 13.0.2793)
AVG 2013 (Version: 13.0.2805)
AVG 2013 (Version: 13.0.2890)
AVG 2013 (Version: 13.0.2897)
AVG 2013 (Version: 13.0.2899)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 2013.0.2904)
Backup Manager Basic (Version: 1.0.0.58)
Bullzip PDF Printer 9.3.0.1516 (Version: 9.3.0.1516)
EPSON Scan
EPSON-Drucker-Software
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.99)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi-Software (Version: 12.02.0000)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Lingoes 2.8.1 (Version: 2.8.1)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MotoCast (Version: 2.0.31)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Device Manager (Version: 2.3.9)
Motorola Device Software Update (Version: 13.02.1402)
MOTOROLA MEDIA LINK (Version: 1.9.0002.0)
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
neroxml (Version: 1.0.0)
Norton AntiVirus (Version: 20.4.0.40)
Norton Identity Safe (Version: 2013.4.0.10)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Paint.NET v3.5.10 (Version: 3.60.0)
PDF-Viewer (Version: 2.5.207.0)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20113)
SES Driver (Version: 1.0.0)
Skype™ 6.5 (Version: 6.5.158)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
TreeSize Professional V5.5 (Version: 5.5)
TuneUp Utilities 2012 (Version: 12.0.3600.73)
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.73)
tutoriales100_es_19
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
UseNeXT by Tangysoft
Video Download Capture V4.3.3 (Version: 4.3.3)
VLC media player 2.0.7 (Version: 2.0.7)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WinRAR Archivierer
 

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-06-22 12:53 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {087F8E30-7A16-4779-886B-6647FF0593BB} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {11348C5E-88DE-473C-82E8-02C72EF0F961} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\WSCStub.exe No File
Task: {12D98F6E-E437-45B3-AD07-DA54EE9912C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1D7A805D-41DF-4B4B-BFC9-C330619E3972} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-30] (Symantec Corporation)
Task: {31F467FE-9A03-4C41-907F-08924C6B4557} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4A201B95-1DB8-4AFE-9084-0CFB9968270A} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {4D0FC1E7-EEF9-49DC-9C7D-95B44E68AE18} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {5A435254-86FF-4FD3-AC59-A9DBB9EAC6FA} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {5E1BCF67-BA35-4F30-9380-7FE11BE5395C} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {87E3875F-5580-44E6-A902-013996705852} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Christian => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {8846980E-E272-4F4D-B092-019561593E53} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-30] (Symantec Corporation)
Task: {8C9E2E53-8B54-4C64-AA72-C676D6122D81} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {A8BD2551-82F0-49FA-BE94-E8605ECBBEEE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {C43CA56E-CA28-46B3-916D-CA5C465836C9} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {CDAD4FBA-33A7-4698-8785-6B86BF97548C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {E61282FF-84B8-4BAE-A536-6270E20A6875} - System32\Tasks\{A4D57398-6826-4D9F-8DEE-E618D3F3B736} => C:\Program Files\Internet Explorer\iexplore.exe [2013-05-29] (Microsoft Corporation)
Task: {F530F641-09BD-4905-8BE4-C82C694143C0} - System32\Tasks\MotoCast Update => C:\Program Files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2013 07:29:17 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (07/15/2013 07:29:17 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" 
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator


System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-15 19:29:12.484
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 19:29:12.297
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 19:29:12.110
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 19:29:11.922
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 19:29:00.285
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 19:29:00.113
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 19:28:59.926
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 19:28:59.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 19:28:57.711
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130702.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-15 19:28:57.539
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130702.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3065.93 MB
Available physical RAM: 1650.66 MB
Total Pagefile: 6338.13 MB
Available Pagefile: 4957.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.15 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:29.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:11.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 50A5B170)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=12)

==================== End Of Log ============================
         


Alt 15.07.2013, 19:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 

IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



Man sollte immer bis zum Ende am ball bleiben


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> IE öffnet ständig Werbefenster.

Alt 16.07.2013, 04:18   #7
zombie8580
 
IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=37754102487a7645a1e1a40ea4546293
# engine=14409
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-15 09:37:16
# local_time=2013-07-15 11:37:16 (+0100, Mitteleuropäische Sommerzeit   )
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1040 16777213 100 100 30548 61058220 0 0
# compatibility_mode=3590 16777213 100 90 387336 192942422 0 0
# compatibility_mode=5892 16776574 100 100 22655058 211456964 0 0
# scanned=148454
# found=3
# cleaned=0
# scan_time=4964
sh=AB12019FED2E3C9F0C53BC578559133FB46FE4DA ft=1 fh=6d34806f283c0113 vn="a variant of Win32/Adware.EoRezo.AR application" ac=I fn="C:\Program Files\tutoriales100_es_19\tutoriales100_es_19.exe"
sh=40A0193D22A3F750B0FC3D7D4FA75F708E73F3A3 ft=1 fh=64bc18ebab54f4d8 vn="Win32/BHO.OGC trojan" ac=I fn="C:\TDSSKiller_Quarantine\20.06.2013_19.01.07\susp0000\svc0000\tsk0000.dta"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Adware.EoRezo.AR application" ac=I fn="${Memory}"
         
Code:
ATTFilter
 unsupported operating system! Aborted!
         

Alt 16.07.2013, 07:54   #8
schrauber
/// the machine
/// TB-Ausbilder
 

IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



Frisches FRST log fehlt
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.07.2013, 09:00   #9
zombie8580
 
IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-07-2013 02
Ran by Christian (administrator) on 16-07-2013 09:56:19
Running from C:\Users\Christian\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
() C:\Program Files\tutoriales100_es_19\tutoriales100_es_19.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] - "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [tutoriales100_es_19] - "C:\Program Files\tutoriales100_es_19\tutoriales100_es_19.exe" [3962216 2013-05-31] ()
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2012-03-17] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [ScrSav] -  [x]
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [ScrSav] -  [x]
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Googlebar.url ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0312&m=aspire_6930g
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: movie2kdownloader - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [ffox@bandoo.com] C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com
FF Extension: Bandoo for Firefox - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\

========================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1342024 2012-12-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87992 2012-09-07] (Nero AG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [703008 2009-04-15] (Acer Incorporated)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S4 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)
S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
S4 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [26496 2007-08-19] (AVerMedia TECHNOLOGIES, Inc.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-20] (AVG Technologies)
R3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42496 2007-08-19] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-10] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130713.001\IDSvix86.sys [386720 2012-10-19] (Symantec Corporation)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130715.021\NAVENG.SYS [93272 2013-06-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130715.021\NAVEX15.SYS [1611992 2013-06-20] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-09-22] (TuneUp Software)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 k57nd60x; system32\DRIVERS\k57nd60x.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 srservice; 
S3 SYMFW; \SystemRoot\System32\Drivers\NAV\1008030.006\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NAV\1008030.006\SYMNDISV.SYS [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
U2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 09:51 - 2013-07-16 09:54 - 01218590 _____ (Farbar) C:\Users\Christian\Desktop\FRST.exe
2013-07-16 05:34 - 2013-07-16 05:34 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\eorezo
2013-07-16 05:12 - 2013-07-16 05:13 - 00891022 _____ C:\Users\Christian\Desktop\SecurityCheck.exe
2013-07-15 21:38 - 2013-07-15 21:38 - 02347384 _____ (ESET) C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
2013-07-15 15:10 - 2013-07-15 15:10 - 00006449 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:02 - 2013-07-16 05:16 - 00000000 ____D C:\Users\Christian\Desktop\erledigt
2013-07-15 13:54 - 2013-07-15 13:54 - 00000000 ____D C:\FRST
2013-07-15 12:21 - 2013-07-15 12:22 - 05088557 _____ (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2013-07-13 07:11 - 2013-07-13 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 22:36 - 2013-07-15 19:27 - 00000000 ____D C:\Users\Christian\Desktop\Neuer Ordner
2013-07-12 21:21 - 2013-07-12 21:21 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\tutoriales100_es_19
2013-07-12 21:04 - 2013-07-12 21:17 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\NPE
2013-07-12 11:55 - 2013-07-12 11:55 - 00000000 ____D C:\Users\Christian\Documents\default
2013-07-12 11:49 - 2013-07-12 11:49 - 00001080 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Ashampoo
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\ashampoo
2013-07-12 11:48 - 2013-07-12 11:49 - 00000000 ____D C:\ProgramData\Ashampoo
2013-07-12 11:48 - 2013-07-12 11:48 - 00000000 ____D C:\Program Files\Ashampoo
2013-07-11 17:36 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 17:36 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 17:36 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 17:36 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 17:36 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 17:36 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 17:36 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 17:36 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 17:36 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 17:36 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-11 17:36 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 17:36 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 17:36 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 17:36 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 17:36 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 17:36 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 15:21 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:21 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:21 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:21 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 15:21 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 15:21 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 15:21 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 15:21 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 15:21 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-07 10:12 - 2013-07-07 10:12 - 00000000 ____D C:\Users\Christian\Documents\Add-in Express
2013-07-06 20:44 - 2013-07-12 20:49 - 00000000 ____D C:\Users\Christian\Desktop\Spanisch
2013-07-06 20:35 - 2013-07-12 11:09 - 00000000 ____D C:\Users\Christian\AppData\Roaming\uTorrent
2013-07-06 20:31 - 2013-07-07 10:06 - 00000000 ____D C:\Program Files\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-07-06 20:31 - 2011-02-17 14:37 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\mfc70.dll
2013-07-06 20:31 - 2011-02-17 14:37 - 00487424 _____ (Microsoft Corporation) C:\Windows\system32\msvcp70.dll
2013-07-06 20:31 - 2010-05-11 14:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2013-07-06 20:31 - 2010-05-11 14:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2013-07-06 20:27 - 2013-07-07 10:10 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-07-06 20:26 - 2013-07-06 20:26 - 00000000 ____D C:\Program Files\tutoriales100_es_19
2013-07-03 02:07 - 2013-07-03 02:07 - 00002096 _____ C:\{BD098FC9-031D-451B-A78F-51E95D042C36}
2013-07-02 21:13 - 2013-07-06 18:50 - 00025088 _____ C:\Users\Christian\Desktop\2013-07 GASTOS DE VIAJE CON FÓRMULA.xls
2013-07-02 06:38 - 2013-07-02 06:38 - 00110592 _____ C:\Users\Christian\Desktop\Control Poleas.xls
2013-06-24 17:59 - 2013-06-24 17:58 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-22 12:41 - 2013-06-22 12:41 - 00000000 ____D C:\_OTL
2013-06-21 15:42 - 2013-07-15 15:10 - 00000230 _____ C:\Windows\DeleteOnReboot.bat
2013-06-21 15:28 - 2013-06-21 15:35 - 00000000 ____D C:\JRT
2013-06-21 15:28 - 2013-06-21 15:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 19:42 - 2013-06-20 20:04 - 00000000 ____D C:\Qoobox
2013-06-20 19:42 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-06-20 19:42 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-06-20 19:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-06-20 19:41 - 2013-06-20 20:01 - 00000000 ____D C:\Windows\erdnt
2013-06-20 19:02 - 2013-07-12 23:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-20 00:27 - 2013-07-12 23:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-19 21:21 - 2013-06-19 21:21 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-06-19 21:20 - 2013-06-19 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 19:01 - 2013-06-19 19:01 - 00000823 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-16 09:34 - 2013-06-16 09:34 - 00000386 _____ C:\Users\Christian\Desktop\Filme.lnk

==================== One Month Modified Files and Folders =======

2013-07-16 09:54 - 2013-07-16 09:51 - 01218590 _____ (Farbar) C:\Users\Christian\Desktop\FRST.exe
2013-07-16 09:52 - 2012-03-17 23:38 - 00000000 ___RD C:\Users\Christian\Desktop
2013-07-16 09:32 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 09:32 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 09:24 - 2012-04-02 16:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 09:09 - 2012-10-25 09:45 - 00000000 ____D C:\ProgramData\MFAData
2013-07-16 05:49 - 2012-03-17 23:26 - 01945688 _____ C:\Windows\WindowsUpdate.log
2013-07-16 05:34 - 2013-07-16 05:34 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\eorezo
2013-07-16 05:32 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-16 05:31 - 2012-12-03 14:38 - 00032404 _____ C:\Windows\PFRO.log
2013-07-16 05:30 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-16 05:16 - 2013-07-15 15:02 - 00000000 ____D C:\Users\Christian\Desktop\erledigt
2013-07-16 05:13 - 2013-07-16 05:12 - 00891022 _____ C:\Users\Christian\Desktop\SecurityCheck.exe
2013-07-15 22:01 - 2012-03-18 13:14 - 00000000 ____D C:\Users\Christian\AppData\Roaming\UseNeXT
2013-07-15 21:38 - 2013-07-15 21:38 - 02347384 _____ (ESET) C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
2013-07-15 19:27 - 2013-07-12 22:36 - 00000000 ____D C:\Users\Christian\Desktop\Neuer Ordner
2013-07-15 15:10 - 2013-07-15 15:10 - 00006449 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:10 - 2013-06-21 15:42 - 00000230 _____ C:\Windows\DeleteOnReboot.bat
2013-07-15 13:54 - 2013-07-15 13:54 - 00000000 ____D C:\FRST
2013-07-15 13:39 - 2012-03-18 00:31 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Adobe
2013-07-15 13:09 - 2012-04-02 16:41 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-15 13:09 - 2012-03-18 19:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-15 12:22 - 2013-07-15 12:21 - 05088557 _____ (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2013-07-15 00:44 - 2006-11-02 12:33 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-13 07:13 - 2013-07-13 07:11 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 06:35 - 2012-03-18 01:19 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2013-07-12 23:07 - 2013-06-20 19:02 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-12 23:01 - 2013-06-20 00:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 21:30 - 2013-04-30 09:04 - 00000000 ____D C:\Users\Christian\Desktop\jMovieManager V1.12
2013-07-12 21:21 - 2013-07-12 21:21 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\tutoriales100_es_19
2013-07-12 21:17 - 2013-07-12 21:04 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\NPE
2013-07-12 21:05 - 2012-03-18 11:45 - 00000000 ____D C:\ProgramData\Norton
2013-07-12 20:49 - 2013-07-06 20:44 - 00000000 ____D C:\Users\Christian\Desktop\Spanisch
2013-07-12 12:28 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-12 11:55 - 2013-07-12 11:55 - 00000000 ____D C:\Users\Christian\Documents\default
2013-07-12 11:49 - 2013-07-12 11:49 - 00001080 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Ashampoo
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\ashampoo
2013-07-12 11:49 - 2013-07-12 11:48 - 00000000 ____D C:\ProgramData\Ashampoo
2013-07-12 11:48 - 2013-07-12 11:48 - 00000000 ____D C:\Program Files\Ashampoo
2013-07-12 11:09 - 2013-07-06 20:35 - 00000000 ____D C:\Users\Christian\AppData\Roaming\uTorrent
2013-07-11 18:16 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 17:56 - 2006-11-02 14:47 - 00296800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 17:54 - 2012-03-18 13:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 17:51 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-11 17:37 - 2009-03-12 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 17:29 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-07 10:12 - 2013-07-07 10:12 - 00000000 ____D C:\Users\Christian\Documents\Add-in Express
2013-07-07 10:10 - 2013-07-06 20:27 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-07-07 10:06 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\AVS4YOU
2013-07-06 20:34 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-07-06 20:26 - 2013-07-06 20:26 - 00000000 ____D C:\Program Files\tutoriales100_es_19
2013-07-06 20:25 - 2012-03-17 23:38 - 00001356 _____ C:\Users\CHRIST~1\AppData\Local\d3d9caps.dat
2013-07-06 18:50 - 2013-07-02 21:13 - 00025088 _____ C:\Users\Christian\Desktop\2013-07 GASTOS DE VIAJE CON FÓRMULA.xls
2013-07-06 07:26 - 2012-05-13 22:03 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype
2013-07-03 02:07 - 2013-07-03 02:07 - 00002096 _____ C:\{BD098FC9-031D-451B-A78F-51E95D042C36}
2013-07-02 06:38 - 2013-07-02 06:38 - 00110592 _____ C:\Users\Christian\Desktop\Control Poleas.xls
2013-07-01 22:06 - 2012-12-24 10:46 - 00000000 ____D C:\Program Files\XMedia Recode
2013-07-01 20:13 - 2013-05-01 22:59 - 00000000 ____D C:\Users\Christian\Desktop\Facebook
2013-06-29 15:05 - 2013-01-28 18:43 - 00000000 ___RD C:\Program Files\Skype
2013-06-29 15:05 - 2012-05-13 22:03 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 05:10 - 2012-03-18 01:35 - 00008192 _____ C:\Users\CHRIST~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-24 17:58 - 2013-06-24 17:59 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-24 17:58 - 2012-07-02 15:44 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-24 17:58 - 2012-03-18 15:01 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-24 17:58 - 2012-03-18 15:01 - 00000000 ____D C:\Program Files\Java
2013-06-24 15:41 - 2012-03-17 23:40 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\VirtualStore
2013-06-24 06:10 - 2012-03-18 13:14 - 00000000 ____D C:\ProgramData\Nero
2013-06-24 06:10 - 2012-03-18 12:29 - 00000000 ____D C:\Program Files\Common Files\Ahead
2013-06-24 00:37 - 2006-11-02 12:24 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-23 20:50 - 2012-09-13 20:04 - 00000000 ____D C:\Filme
2013-06-22 12:41 - 2013-06-22 12:41 - 00000000 ____D C:\_OTL
2013-06-21 15:42 - 2012-10-25 09:56 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-06-21 15:35 - 2013-06-21 15:28 - 00000000 ____D C:\JRT
2013-06-21 15:28 - 2013-06-21 15:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 20:04 - 2013-06-20 19:42 - 00000000 ____D C:\Qoobox
2013-06-20 20:04 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-06-20 20:01 - 2013-06-20 19:41 - 00000000 ____D C:\Windows\erdnt
2013-06-20 19:59 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-06-20 00:13 - 2012-10-07 11:16 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Paint.NET
2013-06-19 23:33 - 2012-10-25 20:52 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\CrashDumps
2013-06-19 21:21 - 2013-06-19 21:21 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-06-19 21:20 - 2013-06-19 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 20:56 - 2012-10-19 22:22 - 00000000 ____D C:\Windows\system32\Drivers\NST
2013-06-19 20:56 - 2012-03-18 11:46 - 00000000 ____D C:\Windows\system32\Drivers\NAV
2013-06-19 20:47 - 2012-04-05 20:27 - 00000000 ____D C:\ProgramData\Western Digital
2013-06-19 19:01 - 2013-06-19 19:01 - 00000823 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-19 04:21 - 2012-03-18 11:46 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-06-19 04:21 - 2012-03-18 11:46 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-06-16 09:34 - 2013-06-16 09:34 - 00000386 _____ C:\Users\Christian\Desktop\Filme.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-16 05:42

==================== End Of Log ============================
         
--- --- ---

--- --- ---


den scan mit security check, hat garnicht gestartet.

Alt 16.07.2013, 10:57   #10
schrauber
/// the machine
/// TB-Ausbilder
 

IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



Ignorier SecurityCheck. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.07.2013, 12:54   #11
zombie8580
 
IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



ja, die werbefenster öffnen sich immernoch.

Alt 16.07.2013, 13:35   #12
schrauber
/// the machine
/// TB-Ausbilder
 

IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



In welchem Browser?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.07.2013, 13:40   #13
zombie8580
 
IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



im IE. Wenn ich den computer 1-2 stunden stehen lasse, habe ich 10 bis 15 fenster offen.

Alt 16.07.2013, 13:44   #14
schrauber
/// the machine
/// TB-Ausbilder
 

IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.



Setze folgendermassen den Internet Explorer zurück:
  • Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
  • Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
  • Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.
(Hier findest du die bebilderte Anleitung.)


Neues FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.07.2013, 13:53   #15
zombie8580
 
IE öffnet ständig Werbefenster. - Standard

IE öffnet ständig Werbefenster.




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-07-2013 02
Ran by Christian (administrator) on 16-07-2013 14:48:29
Running from C:\Users\Christian\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
() C:\Program Files\tutoriales100_es_19\tutoriales100_es_19.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] - "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [tutoriales100_es_19] - "C:\Program Files\tutoriales100_es_19\tutoriales100_es_19.exe" [3962216 2013-05-31] ()
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2012-03-17] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKU\Default\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [ScrSav] -  [x]
HKU\Default User\...\Run: [ProductReg] - C:\Program Files\Acer\WR_PopUp\ProductReg.exe [ 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [ScrSav] -  [x]
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Googlebar.url ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0312&m=aspire_6930g
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: movie2kdownloader - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [ffox@bandoo.com] C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com
FF Extension: Bandoo for Firefox - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\IPSFFPlgn\

========================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1342024 2012-12-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87992 2012-09-07] (Nero AG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [703008 2009-04-15] (Acer Incorporated)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S4 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [61184 2009-04-11] (NewTech Infosystems, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)
S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
S4 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 A310; C:\Windows\System32\DRIVERS\AVerA310USB.sys [26496 2007-08-19] (AVerMedia TECHNOLOGIES, Inc.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-20] (AVG Technologies)
R3 BDASwCap; C:\Windows\System32\drivers\AVerA310Cap.sys [42496 2007-08-19] (AVerMedia TECHNOLOGIES, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-04-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-10] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130713.001\IDSvix86.sys [386720 2012-10-19] (Symantec Corporation)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130715.033\NAVENG.SYS [93272 2013-06-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\VirusDefs\20130715.033\NAVEX15.SYS [1611992 2013-06-20] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAV\1404000.028\SYMTDIV.SYS [352344 2013-04-25] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-09-22] (TuneUp Software)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 k57nd60x; system32\DRIVERS\k57nd60x.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 srservice; 
S3 SYMFW; \SystemRoot\System32\Drivers\NAV\1008030.006\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NAV\1008030.006\SYMNDISV.SYS [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
U2 wuaserv; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-16 09:51 - 2013-07-16 09:54 - 01218590 _____ (Farbar) C:\Users\Christian\Desktop\FRST.exe
2013-07-16 05:34 - 2013-07-16 05:34 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\eorezo
2013-07-16 05:12 - 2013-07-16 05:13 - 00891022 _____ C:\Users\Christian\Desktop\SecurityCheck.exe
2013-07-15 21:38 - 2013-07-15 21:38 - 02347384 _____ (ESET) C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
2013-07-15 15:10 - 2013-07-15 15:10 - 00006449 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:02 - 2013-07-16 09:59 - 00000000 ____D C:\Users\Christian\Desktop\erledigt
2013-07-15 13:54 - 2013-07-15 13:54 - 00000000 ____D C:\FRST
2013-07-15 12:21 - 2013-07-15 12:22 - 05088557 _____ (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2013-07-13 07:11 - 2013-07-13 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-07-12 22:36 - 2013-07-15 19:27 - 00000000 ____D C:\Users\Christian\Desktop\Neuer Ordner
2013-07-12 21:21 - 2013-07-12 21:21 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\tutoriales100_es_19
2013-07-12 21:04 - 2013-07-12 21:17 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\NPE
2013-07-12 11:55 - 2013-07-12 11:55 - 00000000 ____D C:\Users\Christian\Documents\default
2013-07-12 11:49 - 2013-07-12 11:49 - 00001080 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Ashampoo
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\ashampoo
2013-07-12 11:48 - 2013-07-12 11:49 - 00000000 ____D C:\ProgramData\Ashampoo
2013-07-12 11:48 - 2013-07-12 11:48 - 00000000 ____D C:\Program Files\Ashampoo
2013-07-11 17:36 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 17:36 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 17:36 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 17:36 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 17:36 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 17:36 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 17:36 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 17:36 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 17:36 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 17:36 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-11 17:36 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 17:36 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 17:36 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 17:36 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 17:36 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 17:36 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 15:21 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 15:21 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 15:21 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 15:21 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 15:21 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 15:21 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 15:21 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 15:21 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 15:21 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 15:21 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-07 10:12 - 2013-07-07 10:12 - 00000000 ____D C:\Users\Christian\Documents\Add-in Express
2013-07-06 20:44 - 2013-07-12 20:49 - 00000000 ____D C:\Users\Christian\Desktop\Spanisch
2013-07-06 20:35 - 2013-07-12 11:09 - 00000000 ____D C:\Users\Christian\AppData\Roaming\uTorrent
2013-07-06 20:31 - 2013-07-07 10:06 - 00000000 ____D C:\Program Files\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-07-06 20:31 - 2011-02-17 14:37 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\mfc70.dll
2013-07-06 20:31 - 2011-02-17 14:37 - 00487424 _____ (Microsoft Corporation) C:\Windows\system32\msvcp70.dll
2013-07-06 20:31 - 2010-05-11 14:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2013-07-06 20:31 - 2010-05-11 14:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2013-07-06 20:27 - 2013-07-07 10:10 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-07-06 20:26 - 2013-07-06 20:26 - 00000000 ____D C:\Program Files\tutoriales100_es_19
2013-07-03 02:07 - 2013-07-03 02:07 - 00002096 _____ C:\{BD098FC9-031D-451B-A78F-51E95D042C36}
2013-07-02 21:13 - 2013-07-06 18:50 - 00025088 _____ C:\Users\Christian\Desktop\2013-07 GASTOS DE VIAJE CON FÓRMULA.xls
2013-07-02 06:38 - 2013-07-02 06:38 - 00110592 _____ C:\Users\Christian\Desktop\Control Poleas.xls
2013-06-24 17:59 - 2013-06-24 17:58 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-22 12:41 - 2013-06-22 12:41 - 00000000 ____D C:\_OTL
2013-06-21 15:42 - 2013-07-15 15:10 - 00000230 _____ C:\Windows\DeleteOnReboot.bat
2013-06-21 15:28 - 2013-06-21 15:35 - 00000000 ____D C:\JRT
2013-06-21 15:28 - 2013-06-21 15:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 19:42 - 2013-06-20 20:04 - 00000000 ____D C:\Qoobox
2013-06-20 19:42 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-06-20 19:42 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-06-20 19:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-06-20 19:42 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-06-20 19:41 - 2013-06-20 20:01 - 00000000 ____D C:\Windows\erdnt
2013-06-20 19:02 - 2013-07-12 23:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-20 00:27 - 2013-07-12 23:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-19 21:21 - 2013-06-19 21:21 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-06-19 21:20 - 2013-06-19 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 19:01 - 2013-06-19 19:01 - 00000823 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-16 09:34 - 2013-06-16 09:34 - 00000386 _____ C:\Users\Christian\Desktop\Filme.lnk

==================== One Month Modified Files and Folders =======

2013-07-16 14:24 - 2012-04-02 16:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 13:57 - 2012-10-25 09:45 - 00000000 ____D C:\ProgramData\MFAData
2013-07-16 13:32 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 13:32 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 10:34 - 2012-03-17 23:26 - 01946599 _____ C:\Windows\WindowsUpdate.log
2013-07-16 09:59 - 2013-07-15 15:02 - 00000000 ____D C:\Users\Christian\Desktop\erledigt
2013-07-16 09:59 - 2012-03-17 23:38 - 00000000 ___RD C:\Users\Christian\Desktop
2013-07-16 09:54 - 2013-07-16 09:51 - 01218590 _____ (Farbar) C:\Users\Christian\Desktop\FRST.exe
2013-07-16 05:34 - 2013-07-16 05:34 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\eorezo
2013-07-16 05:32 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-16 05:31 - 2012-12-03 14:38 - 00032404 _____ C:\Windows\PFRO.log
2013-07-16 05:30 - 2006-11-02 15:01 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-16 05:13 - 2013-07-16 05:12 - 00891022 _____ C:\Users\Christian\Desktop\SecurityCheck.exe
2013-07-15 22:01 - 2012-03-18 13:14 - 00000000 ____D C:\Users\Christian\AppData\Roaming\UseNeXT
2013-07-15 21:38 - 2013-07-15 21:38 - 02347384 _____ (ESET) C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe
2013-07-15 19:27 - 2013-07-12 22:36 - 00000000 ____D C:\Users\Christian\Desktop\Neuer Ordner
2013-07-15 15:10 - 2013-07-15 15:10 - 00006449 _____ C:\AdwCleaner[S2].txt
2013-07-15 15:10 - 2013-06-21 15:42 - 00000230 _____ C:\Windows\DeleteOnReboot.bat
2013-07-15 13:54 - 2013-07-15 13:54 - 00000000 ____D C:\FRST
2013-07-15 13:39 - 2012-03-18 00:31 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Adobe
2013-07-15 13:09 - 2012-04-02 16:41 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-15 13:09 - 2012-03-18 19:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-15 12:22 - 2013-07-15 12:21 - 05088557 _____ (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2013-07-15 00:44 - 2006-11-02 12:33 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-13 07:13 - 2013-07-13 07:11 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 06:35 - 2012-03-18 01:19 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2013-07-12 23:07 - 2013-06-20 19:02 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-12 23:01 - 2013-06-20 00:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 21:30 - 2013-04-30 09:04 - 00000000 ____D C:\Users\Christian\Desktop\jMovieManager V1.12
2013-07-12 21:21 - 2013-07-12 21:21 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\tutoriales100_es_19
2013-07-12 21:17 - 2013-07-12 21:04 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\NPE
2013-07-12 21:05 - 2012-03-18 11:45 - 00000000 ____D C:\ProgramData\Norton
2013-07-12 20:49 - 2013-07-06 20:44 - 00000000 ____D C:\Users\Christian\Desktop\Spanisch
2013-07-12 12:28 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-12 11:55 - 2013-07-12 11:55 - 00000000 ____D C:\Users\Christian\Documents\default
2013-07-12 11:49 - 2013-07-12 11:49 - 00001080 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Ashampoo
2013-07-12 11:49 - 2013-07-12 11:49 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\ashampoo
2013-07-12 11:49 - 2013-07-12 11:48 - 00000000 ____D C:\ProgramData\Ashampoo
2013-07-12 11:48 - 2013-07-12 11:48 - 00000000 ____D C:\Program Files\Ashampoo
2013-07-12 11:09 - 2013-07-06 20:35 - 00000000 ____D C:\Users\Christian\AppData\Roaming\uTorrent
2013-07-11 18:16 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 17:56 - 2006-11-02 14:47 - 00296800 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 17:54 - 2012-03-18 13:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 17:51 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-11 17:37 - 2009-03-12 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 17:29 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-07 10:12 - 2013-07-07 10:12 - 00000000 ____D C:\Users\Christian\Documents\Add-in Express
2013-07-07 10:10 - 2013-07-06 20:27 - 00000862 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-07-07 10:06 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\AVS4YOU
2013-07-06 20:34 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Users\Christian\AppData\Roaming\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-07-06 20:31 - 2013-07-06 20:31 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-07-06 20:26 - 2013-07-06 20:26 - 00000000 ____D C:\Program Files\tutoriales100_es_19
2013-07-06 20:25 - 2012-03-17 23:38 - 00001356 _____ C:\Users\CHRIST~1\AppData\Local\d3d9caps.dat
2013-07-06 18:50 - 2013-07-02 21:13 - 00025088 _____ C:\Users\Christian\Desktop\2013-07 GASTOS DE VIAJE CON FÓRMULA.xls
2013-07-06 07:26 - 2012-05-13 22:03 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype
2013-07-03 02:07 - 2013-07-03 02:07 - 00002096 _____ C:\{BD098FC9-031D-451B-A78F-51E95D042C36}
2013-07-02 06:38 - 2013-07-02 06:38 - 00110592 _____ C:\Users\Christian\Desktop\Control Poleas.xls
2013-07-01 22:06 - 2012-12-24 10:46 - 00000000 ____D C:\Program Files\XMedia Recode
2013-07-01 20:13 - 2013-05-01 22:59 - 00000000 ____D C:\Users\Christian\Desktop\Facebook
2013-06-29 15:05 - 2013-01-28 18:43 - 00000000 ___RD C:\Program Files\Skype
2013-06-29 15:05 - 2012-05-13 22:03 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 05:10 - 2012-03-18 01:35 - 00008192 _____ C:\Users\CHRIST~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-24 17:58 - 2013-06-24 17:59 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-24 17:58 - 2013-06-24 17:58 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-24 17:58 - 2012-07-02 15:44 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-24 17:58 - 2012-03-18 15:01 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-24 17:58 - 2012-03-18 15:01 - 00000000 ____D C:\Program Files\Java
2013-06-24 15:41 - 2012-03-17 23:40 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\VirtualStore
2013-06-24 06:10 - 2012-03-18 13:14 - 00000000 ____D C:\ProgramData\Nero
2013-06-24 06:10 - 2012-03-18 12:29 - 00000000 ____D C:\Program Files\Common Files\Ahead
2013-06-24 00:37 - 2006-11-02 12:24 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-23 20:50 - 2012-09-13 20:04 - 00000000 ____D C:\Filme
2013-06-22 12:41 - 2013-06-22 12:41 - 00000000 ____D C:\_OTL
2013-06-21 15:42 - 2012-10-25 09:56 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-06-21 15:35 - 2013-06-21 15:28 - 00000000 ____D C:\JRT
2013-06-21 15:28 - 2013-06-21 15:28 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 20:04 - 2013-06-20 19:42 - 00000000 ____D C:\Qoobox
2013-06-20 20:04 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-06-20 20:01 - 2013-06-20 19:41 - 00000000 ____D C:\Windows\erdnt
2013-06-20 19:59 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-06-20 00:13 - 2012-10-07 11:16 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\Paint.NET
2013-06-19 23:33 - 2012-10-25 20:52 - 00000000 ____D C:\Users\CHRIST~1\AppData\Local\CrashDumps
2013-06-19 21:21 - 2013-06-19 21:21 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-06-19 21:20 - 2013-06-19 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-19 20:56 - 2012-10-19 22:22 - 00000000 ____D C:\Windows\system32\Drivers\NST
2013-06-19 20:56 - 2012-03-18 11:46 - 00000000 ____D C:\Windows\system32\Drivers\NAV
2013-06-19 20:47 - 2012-04-05 20:27 - 00000000 ____D C:\ProgramData\Western Digital
2013-06-19 19:01 - 2013-06-19 19:01 - 00000823 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-06-19 04:21 - 2012-03-18 11:46 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-06-19 04:21 - 2012-03-18 11:46 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-06-16 09:34 - 2013-06-16 09:34 - 00000386 _____ C:\Users\Christian\Desktop\Filme.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-16 05:42

==================== End Of Log ============================
         
--- --- ---

Antwort

Themen zu IE öffnet ständig Werbefenster.
blockiert, gefunde, hilft, laufe, laufen, norton, seite, seiten, tagen, werbefenster, öffnet, öffnet sich ständig



Ähnliche Themen: IE öffnet ständig Werbefenster.


  1. Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen.
    Log-Analyse und Auswertung - 13.11.2014 (11)
  2. Firefox öffnet einfach so ständig Werbefenster, Internet langsamer
    Plagegeister aller Art und deren Bekämpfung - 14.01.2014 (24)
  3. Internet Explorer öffnet ständig Werbefenster
    Log-Analyse und Auswertung - 23.10.2012 (16)
  4. Firefox öffnet ständig Werbefenster beim Start
    Log-Analyse und Auswertung - 29.08.2010 (8)
  5. Mozilla: ständig nervende Werbefenster
    Log-Analyse und Auswertung - 10.02.2010 (1)
  6. Firefox öffnet ständig Werbefenster!
    Plagegeister aller Art und deren Bekämpfung - 03.07.2009 (22)
  7. HiJackThis Log-File "hilfe" IE öffnet ständig Werbefenster?!
    Log-Analyse und Auswertung - 01.04.2009 (5)
  8. Firefox öffnet ständig neue Werbefenster
    Log-Analyse und Auswertung - 18.12.2008 (2)
  9. Explorer öffnet ständig Werbefenster
    Mülltonne - 04.12.2008 (0)
  10. Werbefenster öffnen ständig! Trojaner !
    Mülltonne - 01.12.2008 (0)
  11. Hilfe Firefox öffnet ständig neue Werbefenster
    Log-Analyse und Auswertung - 10.10.2008 (9)
  12. Ständig Nervige Werbefenster im Firefox
    Log-Analyse und Auswertung - 10.06.2008 (26)
  13. IE öffnet ständig neue Werbefenster
    Log-Analyse und Auswertung - 26.03.2008 (8)
  14. Internet Explorer öffnet ständig Werbefenster!
    Log-Analyse und Auswertung - 30.11.2007 (1)
  15. Ständig Werbefenster im Mozilla
    Log-Analyse und Auswertung - 23.06.2006 (27)
  16. Internetbrowser öffnet ständig neue Werbefenster - bin am verzweifeln!! --> HELP ME
    Log-Analyse und Auswertung - 18.04.2006 (28)
  17. Ständig Werbefenster
    Log-Analyse und Auswertung - 10.11.2004 (7)

Zum Thema IE öffnet ständig Werbefenster. - Hallo, seit zwei tagen öffnet sich ständig der IE mit werbungen. hab die seiten schon blockiert, aber es hilft nichts. hab auch schon mein norton und avg-antivirus laufen lassen. haben - IE öffnet ständig Werbefenster....
Archiv
Du betrachtest: IE öffnet ständig Werbefenster. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.