Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Umleitung zu ww94.btosjs.info

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.08.2013, 14:47   #1
Wolke33
 
Umleitung zu ww94.btosjs.info - Standard

Umleitung zu ww94.btosjs.info



Hi,

Nachdem ich mir auf meinem Laptop gestern nen Virus eingefangen habe, hatte ich eh schon überlegt mal meinen anderen Rechner zu überprüfen, da habe ich auf einmal ne komische Umleitung zuhxxp://ww94.btosjs.info/ automatisch in mehreren Tabs meines Browsers(Chrome).

Hier die Logs:

MBAM

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Daniel :: DANIEL-PC [Administrator]

29.08.2013 15:15:59
mbam-log-2013-08-29 (15-15-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 273896
Laufzeit: 14 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 10
HKCR\CLSID\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1756ECE6-D070-1474-4B6D-4B26D0425F41} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DF243A0-01A4-263C-621D-A61A3C1C7DDB} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{655308F2-A559-BE38-E4CA-4D547FB44370} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bösartig: (c:\progra~2\browse~1\sprote~1.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 12
C:\Program Files (x86)\BrowseToSave\sprotector.dll (PUP.Optional.SProtect.A) -> Löschen bei Neustart.
C:\ProgramData\Browwsse2saVee\5130744f5ebac.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Breowsse2isavee\51497b2e732d7.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Breowsse2isavee\uninstall.exe (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Browwsse2saVee\uninstall.exe (PUP.Optional.SilentInstall.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\InstallMate\{30EAE41E-94D5-4E3D-ACD6-DCF7EB09C6E8}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\InstallMate\{30EAE41E-94D5-4E3D-ACD6-DCF7EB09C6E8}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniel\AppData\Local\Temp\is-ANH4U.tmp\dealio.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\DealioToolbar.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniel\Downloads\SoftonicDownloader_fuer_power-mp3-recorder(2).exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniel\Downloads\SoftonicDownloader_fuer_power-mp3-recorder.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniel\Downloads\SoftonicDownloader_fuer_power-sound-editor.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows 7 Ultimate x64
Ran by Daniel on 29.08.2013 at 15:32:31,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater 
Successfully deleted: [Service] application updater 



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dealio
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_audio-recorder-for-free_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-mp3-recorder(2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_power-sound-editor_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\softsafe"
Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Daniel\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\local\downtango"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\locallow\dealio"
Successfully deleted: [Folder] "C:\Users\Daniel\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\dealio toolbar"
Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\spigot"



~~~ FireFox

Successfully deleted: [File] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\searchplugins\conduit.xml
Failed to delete: [Folder] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\extensions\dealio@mybrowserbar.com
Successfully deleted: [Folder] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Successfully deleted the following from C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\prefs.js

user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2269050");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1324548390\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1323704474\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"3e5a4f275840b518b14c5ff3d7391b70\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1301832746\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d81252562c31be757300e4205a85371\"");
user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.IsEngineShown", true);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Daniel\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lq1ok6po.default\\conduitCommon\\modules\\3.8.1.0");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?fr=mcafee&p=");
user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
user_pref("CommunityToolbar.ToolbarsList2", "");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 02 2011 18:24:06 GMT+0200");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Apr 03 2011 19:43:57 GMT+0200");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Apr 03 2011 18:24:04 GMT+0200");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{98bdf956-ee8f-4dba-8245-6c48e9152c87}");
user_pref("CommunityToolbar.globalUserId", "c0193d71-16f3-43db-a352-78912b02d475");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Dec 22 2011 18:15:54 GMT+0100");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Dec 22 2011 18:16:02 GMT+0100");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Dec 22 2011 18:15:50 GMT+0100");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "0cfeca78-eae3-403d-884b-5123e2aad726");
user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Apr 02 2011 18:24:17 GMT+0200");
user_pref("ConduitEngine.CTID", "ConduitEngine");
user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Apr 02 2011 18:24:08 GMT+0200");
user_pref("ConduitEngine.FirstServerDate", "04/02/2011 19");
user_pref("ConduitEngine.FirstTime", true);
user_pref("ConduitEngine.FirstTimeFF3", true);
user_pref("ConduitEngine.HasUserGlobalKeys", true);
user_pref("ConduitEngine.Initialize", true);
user_pref("ConduitEngine.InitializeCommonPrefs", true);
user_pref("ConduitEngine.InstalledDate", "Sat Apr 02 2011 18:24:24 GMT+0200");
user_pref("ConduitEngine.IsMulticommunity", false);
user_pref("ConduitEngine.IsOpenThankYouPage", false);
user_pref("ConduitEngine.IsOpenUninstallPage", true);
user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Apr 03 2011 18:24:09 GMT+0200");
user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun Apr 03 2011 18:43:07 GMT+0200");
user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Apr 03 2011 18:43:07 GMT+0200");
user_pref("ConduitEngine.UserID", "UN56710006099256773");
user_pref("ConduitEngine.componentAlertEnabled", false);
user_pref("ConduitEngine.engineLocale", "de");
user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Apr 03 2011 18:24:09 GMT+0200");
user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Apr 03 2011 15:43:07 GMT+0200");
user_pref("ConduitEngine.initDone", true);
user_pref("ConduitEngine.isAppTrackingManagerOn", true);
user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\lq1ok6po.default\minidumps [24 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.08.2013 at 15:41:31,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Daniel (administrator) on 29-08-2013 15:43:45
Running from C:\Users\Daniel\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE
(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\NVVSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\MCSVCHOST\MCSVHOST.EXE
(McAfee, Inc.) C:\WINDOWS\SYSTEM32\MFEVTPS.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MCSHIELD.EXE
(McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MFEFIRE.EXE
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
() C:\USERS\DANIEL\LOCAL SETTINGS\APPS\F.LUX\FLUX.EXE
(TrueCrypt Foundation) C:\PROGRAM FILES\TRUECRYPT\TRUECRYPT.EXE
(Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE
(NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVTRAY.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCMGR.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCMGR.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCTRAY.EXE
(McAfee, Inc.) C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
(shbox.de) C:\PROGRAM FILES (X86)\FREEPDF_XP\FPASSIST.EXE
() C:\PROGRAM FILES (X86)\DIVX\DIVX UPDATE\DIVXUPDATE.EXE
(Oracle Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
(Dropbox, Inc.) C:\USERS\DANIEL\APPDATA\ROAMING\DROPBOX\BIN\DROPBOX.EXE
(Apple Inc.) C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE
(Spigot Inc) C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS64.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINC.EXE
(Apple Inc.) C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
(McAfee, Inc.) C:\PROGRAM FILES (X86)\MCAFEE ONLINE BACKUP\MOBKBACKUP.EXE
(McAfee, Inc.) C:\PROGRAM FILES (X86)\MCAFEE ONLINE BACKUP\MOBKBACKUP.EXE
(McAfee, Inc.) C:\PROGRAM FILES\MCAFEE\MAT\MCPVTRAY.EXE
(OpenOffice.org) C:\PROGRAM FILES (X86)\OPENOFFICE.ORG 3\PROGRAM\SCALC.EXE
(OpenOffice.org) C:\PROGRAM FILES (X86)\OPENOFFICE.ORG 3\PROGRAM\SOFFICE.EXE
(OpenOffice.org) C:\PROGRAM FILES (X86)\OPENOFFICE.ORG 3\PROGRAM\SOFFICE.BIN
(Microsoft Corporation) C:\WINDOWS\SPLWOW64.EXE
() C:\PROGRAM FILES (X86)\POKERSTRATEGY.COM\POKERSTRATEGY.COM EQUILAB - OMAHA\OMAHAEQUILAB.EXE
() C:\PROGRAM FILES\PPTODDSORACLE\PPT ODDS ORACLE.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
(PokerStars) C:\PROGRAM FILES (X86)\POKERSTARS\POKERSTARS.EXE
(Hold'em Manager) C:\PROGRAM FILES (X86)\RVG SOFTWARE\HOLDEM MANAGER\HOLDEMMANAGER.EXE
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(Hold'em Manager) C:\PROGRAM FILES (X86)\RVG SOFTWARE\HOLDEM MANAGER\HMIMPORT.EXE
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEINBINARY_BRP5_1.39_WINDOWS_INTELX86__BRP5-CUDA32-NV301.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\TASKMGR.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Microsoft Corporation) C:\PROGRAM FILES\WINDOWS DEFENDER\MPCMDRUN.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-02-12] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-02] (Google Inc.)
HKCU\...\Run: [F.lux] - C:\Users\Daniel\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-12-30] (TrueCrypt Foundation)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {8c4fcc91-7951-11df-ae5b-806e6f6e6963} - E:\Setup.exe
MountPoints2: {c1760b35-3519-11e0-ad2e-002268685223} - J:\setup.exe AUTORUN=1
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [boincmgr] - C:\Program Files (x86)\BOINC\boincmgr.exe [4862720 2010-07-01] (Space Sciences Laboratory)
HKLM-x32\...\Run: [boinctray] - C:\Program Files (x86)\BOINC\boinctray.exe [58112 2010-07-01] (Space Sciences Laboratory)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\web'n'walk Manager.lnk
ShortcutTarget: web'n'walk Manager.lnk -> C:\Program Files (x86)\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (No File)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BOINC Manager.lnk
ShortcutTarget: BOINC Manager.lnk -> C:\Program Files (x86)\BOINC\boincmgr.exe (Space Sciences Laboratory)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -  No File
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKCU - DefaultScope {5127137B-B71D-479F-9AE8-BAEB052E7037} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {355C7709-2685-407E-87C9-74E60F82A503} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms}
SearchScopes: HKCU - {5127137B-B71D-479F-9AE8-BAEB052E7037} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\7.4\dealioToolbarIE.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.groupon.de/deals/dresden|hxxp://de.pokerstrategy.com
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "http", "174.137.150.197"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: FoxyProxy Basic - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\foxyproxy@eric.h.jung
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\ich@maltegoetz.de
FF Extension: Breowsse2isavee - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\lwqaioa@avkwzs.edu
FF Extension: Browwsse2saVee - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\mhglg2ji5l@zvvl-vr.co.uk
FF Extension: Cooliris - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\piclens@cooliris.com
FF Extension: CookieSafe - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}
FF Extension: WOT - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: dealio - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\dealio@mybrowserbar.com
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: hxxp://www.groupon.de/deals/dresden
CHR RestoreOnStartup: ""
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (ProxTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (Adblock Plus) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0
CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0
CHR Extension: (ICE Quick Stream) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl\6.1_0
CHR Extension: (SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0
CHR Extension: (AT_ChuckAnderson) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (NotScripts) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-09-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-02-12] (Crawler.com)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [124416 2007-11-13] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [80896 2007-10-09] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10624 2007-03-30] (Option N.V.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [73096 2012-09-14] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-03-20] (Windows (R) Win 7 DDK provider)
U3 mfeavfk01; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 15:41 - 2013-08-29 15:41 - 00015446 _____ C:\Users\Daniel\Desktop\JRT.txt
2013-08-29 15:32 - 2013-08-29 15:32 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 15:22 - 2013-08-29 15:22 - 01579080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-08-29 15:22 - 2013-08-29 15:22 - 01023533 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2013-08-29 15:14 - 2013-08-29 15:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 15:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 15:12 - 2013-08-29 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-29 11:20 - 2013-08-29 12:20 - 00000119 ____H C:\Users\Daniel\Desktop\.~lock.Equity.ods#
2013-08-27 11:10 - 2013-08-27 12:12 - 00010437 _____ C:\Users\Daniel\Desktop\todoSchach.odt
2013-08-14 09:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 09:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 09:09 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 09:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 09:09 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 09:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 09:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 09:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 09:09 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 09:09 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 09:09 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 09:09 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 07:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 07:52 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 07:52 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 07:52 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 07:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 07:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 07:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 07:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 07:51 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 07:51 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 07:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 07:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 07:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 07:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 07:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 07:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 07:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 07:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 07:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 07:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 07:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 07:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 07:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 07:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 07:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 07:50 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 07:50 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-14 07:50 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-06 09:30 - 2013-08-06 09:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-06 09:30 - 2013-08-06 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== One Month Modified Files and Folders =======

2013-08-29 15:43 - 2013-08-29 15:43 - 00000000 ____D C:\FRST
2013-08-29 15:42 - 2011-02-02 19:52 - 00000000 ____D C:\ProgramData\BOINC
2013-08-29 15:41 - 2013-08-29 15:41 - 00015446 _____ C:\Users\Daniel\Desktop\JRT.txt
2013-08-29 15:37 - 2012-10-09 10:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 15:32 - 2013-08-29 15:32 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 15:31 - 2013-03-20 10:29 - 00000000 ____D C:\ProgramData\Breowsse2isavee
2013-08-29 15:31 - 2013-03-01 11:28 - 00000000 ____D C:\ProgramData\Browwsse2saVee
2013-08-29 15:24 - 2010-07-09 15:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-08-29 15:22 - 2013-08-29 15:22 - 01579080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-08-29 15:22 - 2013-08-29 15:22 - 01023533 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2013-08-29 15:14 - 2013-08-29 15:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 15:12 - 2013-08-29 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-29 14:54 - 2009-07-14 19:58 - 00664618 _____ C:\Windows\system32\perfh007.dat
2013-08-29 14:54 - 2009-07-14 19:58 - 00134786 _____ C:\Windows\system32\perfc007.dat
2013-08-29 14:54 - 2009-07-14 07:13 - 01527868 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 14:49 - 2010-06-16 16:19 - 01792699 _____ C:\Windows\WindowsUpdate.log
2013-08-29 14:45 - 2011-02-02 01:34 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA.job
2013-08-29 13:41 - 2010-06-16 17:40 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU
2013-08-29 12:20 - 2013-08-29 11:20 - 00000119 ____H C:\Users\Daniel\Desktop\.~lock.Equity.ods#
2013-08-29 12:20 - 2012-07-24 13:29 - 00027883 _____ C:\Users\Daniel\Desktop\Equity.ods
2013-08-29 12:20 - 2012-01-13 16:06 - 00313856 ___SH C:\Users\Daniel\Desktop\Thumbs.db
2013-08-29 10:50 - 2013-03-20 10:45 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-08-29 09:52 - 2009-07-14 06:51 - 00144155 _____ C:\Windows\setupact.log
2013-08-29 09:52 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 09:52 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 09:51 - 2012-11-29 13:24 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-08-29 09:51 - 2012-11-29 13:20 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-08-29 09:45 - 2010-06-16 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-29 09:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 22:20 - 2013-05-30 21:47 - 00017130 _____ C:\Users\Daniel\Desktop\Serien.ods
2013-08-28 10:35 - 2010-06-16 17:19 - 00000000 ____D C:\Users\postgres
2013-08-27 12:12 - 2013-08-27 11:10 - 00010437 _____ C:\Users\Daniel\Desktop\todoSchach.odt
2013-08-27 09:45 - 2011-02-02 01:34 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core.job
2013-08-26 10:43 - 2013-07-29 10:27 - 00021455 _____ C:\Users\Daniel\Desktop\PLO Secrets.odt
2013-08-23 09:19 - 2010-06-16 16:39 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-23 09:18 - 2010-06-16 16:46 - 00087368 _____ C:\Windows\PFRO.log
2013-08-21 14:38 - 2012-10-09 10:57 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 14:38 - 2012-10-09 10:57 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 14:38 - 2011-06-17 19:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-14 20:40 - 2010-06-17 23:56 - 00000000 ____D C:\ProgramData\Adobe
2013-08-14 20:39 - 2010-06-16 17:15 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe
2013-08-14 16:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 09:05 - 2013-07-26 01:33 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:03 - 2010-06-25 10:13 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-06 09:30 - 2013-08-06 09:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-06 09:30 - 2013-08-06 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-06 09:29 - 2010-06-17 23:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe

Files to move or delete:
====================
C:\Users\Daniel\AppData\Local\Temp\DivXSetup.exe
C:\Users\Daniel\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Daniel\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Daniel\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Daniel\AppData\Local\Temp\GUR79EF.exe
C:\Users\Daniel\AppData\Local\Temp\i4jdel0.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\pPokerSetup.exe
C:\Users\Daniel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Daniel\AppData\Local\Temp\sfextra.dll
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Daniel\AppData\Local\Temp\_is49DD.exe
C:\Users\Daniel\AppData\Local\Temp\_unps.exe
C:\Users\Daniel\AppData\Local\Temp\{BB1214EA-9771-4DED-BAAA-A8CBC792DDF5}\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\{AF98C74B-2493-4DE7-9181-00F07BD169C0}\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\{A89475E1-BB25-4A53-BEC0-BD9320A46058}\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\{852472F5-D569-42B3-9033-60C4AA5D3683}\ISSetup.dll
C:\Users\Daniel\AppData\Local\Temp\{852472F5-D569-42B3-9033-60C4AA5D3683}\_Setup.dll
C:\Users\Daniel\AppData\Local\Temp\{1027B3D7-2454-4773-B4A7-2825860547D9}\ISBEW64.exe
C:\Users\Daniel\AppData\Local\Temp\Temp1_Houdini_15a.zip\Houdini_15a_x64.exe
C:\Users\Daniel\AppData\Local\Temp\nsr8383.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nsq2DA6.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nso84E8.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nso84E8.tmp\UAC.dll
C:\Users\Daniel\AppData\Local\Temp\nslF039.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nsgDE6E.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\mcbrwsr2.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes_LD.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerStartup.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McUICnt.exe
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\SecurityScanner.dll
C:\Users\Daniel\AppData\Local\Temp\mProjector3175261488\mPlayer.3.1.1k.dll
C:\Users\Daniel\AppData\Local\Temp\McTemp\23206\InstProg.dll
C:\Users\Daniel\AppData\Local\Temp\McTemp\23206\Download_Files\oemmain\mcinsspt.exe
C:\Users\Daniel\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\i4jinst.dll
C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\jre\bin\awt.dll
C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\jre\bin\deploy.dll
C:\Users\Daniel\AppData\Local\Temp\E2E0.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\DA48.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\D77A.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\C7B2.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\C091.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
C:\Users\Daniel\AppData\Local\Temp\BB82.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\B5D7.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\A840.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\A219.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\9DA8.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\HP-DQEX5.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\utils\hpUrlLauncher.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpfime51.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinkcoi9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinksts9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinksts9311LM.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvpldrv04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvplres04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvplui04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unidrv.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unidrvui.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unires.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\drivers\scanner\x64\HPScanMiniDrv_DJ3050_J610.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpfime51.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinkcoi9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinksts9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinksts9311LM.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvpldrv04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvplres04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvplui04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unidrv.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unidrvui.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unires.dll
C:\Users\Daniel\AppData\Local\Temp\58E9.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\5744.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\3A23.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\20DD.dir\InstallFlashPlayer.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 11:07

==================== End Of Log ============================
         
Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013
Ran by Daniel at 2013-08-29 15:44:59
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMP WinOFF 5.0.1 (x32 Version: 5.0.1)
Any Audio Converter 3.0.7 (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
BOINC (x32 Version: 6.10.58)
Bonjour (Version: 3.0.0.10)
BrettspielWelt (x32)
BrowseToSave (Version: 1.0)
Camtasia Studio 7 (x32 Version: 7.0.1)
ChessBase 10 (x32 Version: 10)
ChessBase Reader (x32 Version: 2)
CLICK & LEARN DiDi 360° 3.1 (x32)
ConvertHelper 2.2 (x32)
Dealio Toolbar v7.4 (x32 Version: 7.4)
Deep Rybka 3 (x32 Version: 1.0)
Deep Rybka 4 (x32 Version: 12.18.0.0)
DivX-Setup (x32 Version: 2.6.1.22)
DownTango (x32 Version: 1.0.609)
Dropbox (HKCU Version: 2.0.22)
EV calculator (x32 Version: 1.0.0)
F.lux (HKCU)
Flopzilla (x32 Version: 1.0.0)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
Free Audio CD Burner version 1.4 (x32)
Free FLV Converter V 6.8.0 (x32 Version: 6.8.0.0)
Free Music Zilla (x32)
Free Sound Recorder 2010 v9.2.1 (x32)
Free YouTube to MP3 Converter version 3.10.14.1206 (x32)
FreePDF (Remove only) (x32)
Fritz 12 (x32 Version: 12.0.0)
Full Tilt Poker (x32 Version: 4.39.7.WIN.FullTilt.COM)
Full Tilt Poker.Eu (x32 Version: 4.59.8.WIN.FullTilt.EU)
Garmin Communicator Plugin (x32 Version: 4.0.4)
Garmin Communicator Plugin x64 (Version: 4.0.4)
GIMP 2.8.4 (Version: 2.8.4)
GlobeTrotter Connect (Version: 2.3.0.630)
Google Chrome (HKCU Version: 29.0.1547.62)
GPL Ghostscript (x32 Version: 9.05)
Holdem Manager (x32)
Houdini 3 Pro (x32 Version: 13.12.0.0)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Hilfe (x32 Version: 140.0.63.63)
iCloud (Version: 2.1.2.8)
Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 20 (x32 Version: 6.0.200)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Online Backup (Version: 1.16.4.0)
McAfee Online Backup (x32)
McAfee SecurityCenter (x32 Version: 11.6.435)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 11.0 (x86 de) (x32 Version: 11.0)
MP3-Tag-Editor 3.14.0 (x32 Version: 3.14.0)
No23 Recorder (x32 Version: 2.1.0.3)
Notepad++ (x32 Version: 6.1.2)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
OpenTTD 1.2.1 (x32 Version: 1.2.1)
Party EzCASH Registered (x32)
PartyPoker (x32 Version: 144)
PlayChess  (x32 Version: )
Pokerazor 1.38 (x32 Version: 1.38)
PokerEV (x32 Version: 0.80.75)
PokerStars (x32)
PokerStrategy.com Equilab - Omaha (x32 Version: 1.1.4.0)
PokerStrategy.com EquiLab (x32 Version: 1.1.0.193)
PokerStrategy.com Equilab (x32 Version: 1.1.0.195)
PokerStrategy.com Equilator (x32 Version: 1.8.1.0)
PokerTools Odds Oracle 2.2.1 (Version: 2.2.1)
PostgreSQL 8.4 (x32 Version: 8.4)
Power Mp3 Recorder(Mp3 Sound Recorder) 2.9 (x32)
Power Sound Editor Free (x32)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.74.80.86)
RedMon - Redirection Port Monitor
RuntimeLibsVC90 (x32 Version: 1.1.0)
Safari (x32 Version: 5.34.57.2)
Shared C Run-time for x64 (Version: 10.0.0)
Sid Meier's Civilization 4 Complete (x32 Version: 1.74)
Skype™ 6.6 (x32 Version: 6.6.106)
SpeedFan (remove only) (x32)
Spyware Terminator 2012 (x32 Version: 3.0.0.80)
TableNinja (x32 Version: 1.2.93)
TableNinjaFT (x32 Version: 1.1.34)
Titan Poker (HKCU)
TrueCrypt (x32 Version: 7.1)
TubeBox (x32 Version: 3.5.3)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VC_CRT_x64 (Version: 1.02.0000)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Winmail Opener 1.4 (x32 Version: 1.4)

==================== Restore Points  =========================

29-08-2013 10:45:21 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {15783BDE-0CF9-445C-8E46-212CF759AF67} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation)
Task: {2AAF8B07-9A60-4B3E-94A7-700FE02CCBB6} - System32\Tasks\{7DD017B2-A651-4B1E-B0AC-58136ABF81F9} => C:\Users\Daniel\Downloads\flux-setup(2).exe No File
Task: {527D68BE-266E-44DA-B472-4AA663FD13EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {548493F3-442E-4D93-BC27-057378BF41E3} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3367036293-2228256684-2732229916-1001 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {68836440-F993-416C-9C8F-807E0A5573C9} - System32\Tasks\{DAA914B1-40E0-41D1-88F7-6062F1111C4D} => c:\program files (x86)\mozilla firefox\firefox.exe [2012-03-13] (Mozilla Corporation)
Task: {85F07AB0-F908-4458-B8EA-CBBFC90BA625} - System32\Tasks\{599E2690-C1A0-4179-B2DA-F81619ADB65D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation)
Task: {B480937C-0D57-40AE-9839-6FDCA51C4D4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation)
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation)
Task: {E4F9EB4A-8456-4DD5-9793-0C0EED7A8426} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {EF770798-4C20-466B-B8B1-77C14F204DFD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FCF04B3D-2E3E-4FD8-9B11-1D0A7FE4C33E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Daniel\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Daniel\Desktop\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-06-13 18:58:43.519
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-13 17:45:14.482
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-06 18:51:05.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-06 18:37:57.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 12279.14 MB
Available physical RAM: 8337.52 MB
Total Pagefile: 24556.47 MB
Available Pagefile: 18076.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:342.02 GB) (Free:16.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:341.97 GB) (Free:6.61 GB) NTFS
Drive e: (Fritztrainer) (CDROM) (Total:1.07 GB) (Free:0 GB) UDF
Drive j: () (Fixed) (Total:931.51 GB) (Free:730.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: DD7D2BC8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=342 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=342 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 932 GB) (Disk ID: 007EFC3B)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 29.08.2013, 16:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Umleitung zu ww94.btosjs.info - Standard

Umleitung zu ww94.btosjs.info



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



2. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 29.08.2013, 17:20   #3
Wolke33
 
Umleitung zu ww94.btosjs.info - Standard

Umleitung zu ww94.btosjs.info



Hallo cosinus, danke für deine Hilfe. Hier die Logs:

AdwCleaner

Code:
ATTFilter
# AdwCleaner v3.001 - Report created 29/08/2013 at 17:52:16
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Daniel - DANIEL-PC
# Running from : C:\Users\Daniel\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Breowsse2isavee
Folder Deleted : C:\ProgramData\Browwsse2saVee
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Breowsse2isavee
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browwsse2saVee
Folder Deleted : C:\Program Files (x86)\Freemium
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Users\Daniel\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\Breowsse2isavee
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\Browwsse2saVee
Folder Deleted : C:\Users\Daniel\AppData\Roaming\Freemium
Folder Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Conduit
Folder Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\ConduitEngine
Folder Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\lwqaioa@avkwzs.edu
Folder Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\mhglg2ji5l@zvvl-vr.co.uk
File Deleted : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\dealio@mybrowserbar.com
File Deleted : C:\Users\Public\Desktop\DownTango.lnk
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Key Deleted : HKCU\Software\Dealio
Key Deleted : HKCU\Software\DownTango
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Dealio
Key Deleted : HKLM\Software\DownTango
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownTango

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v11.0 (de)

[ File : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\prefs.js ]

Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1324548390\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1323704474\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"3e5a4f275840b518b14c5ff3d7391b70\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1301832746\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d81252562c31be757300e4205a85371\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Daniel\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lq1ok6po.default\\conduitCommon\\modules\\3.8.1.0");

-\\ Google Chrome v

[ File : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7188 octets] - [29/08/2013 17:50:22]
AdwCleaner[S0].txt - [7141 octets] - [29/08/2013 17:52:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7201 octets] ##########
         
FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Daniel (administrator) on 29-08-2013 18:16:24
Running from C:\Users\Daniel\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\NVVSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE
(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\NVVSVC.EXE
(McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\MCSVCHOST\MCSVHOST.EXE
(McAfee, Inc.) C:\WINDOWS\SYSTEM32\MFEVTPS.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MCSHIELD.EXE
(McAfee, Inc.) C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE\MFEFIRE.EXE
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PROGRAM FILES (X86)\POSTGRESQL\8.4\BIN\POSTGRES.EXE
(Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
() C:\USERS\DANIEL\LOCAL SETTINGS\APPS\F.LUX\FLUX.EXE
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Skype Technologies S.A.) C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCMGR.EXE
(Dropbox, Inc.) C:\USERS\DANIEL\APPDATA\ROAMING\DROPBOX\BIN\DROPBOX.EXE
(NVIDIA Corporation) C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVTRAY.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCMGR.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINCTRAY.EXE
(McAfee, Inc.) C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
(shbox.de) C:\PROGRAM FILES (X86)\FREEPDF_XP\FPASSIST.EXE
() C:\PROGRAM FILES (X86)\DIVX\DIVX UPDATE\DIVXUPDATE.EXE
(Oracle Corporation) C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
(Apple Inc.) C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE
(Space Sciences Laboratory) C:\PROGRAM FILES (X86)\BOINC\BOINC.EXE
(Apple Inc.) C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEIN_S6CASA_1.05_WINDOWS_INTELX86__SSE2.EXE
() C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEINBINARY_BRP5_1.39_WINDOWS_INTELX86__BRP5-CUDA32-NV301.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(McAfee, Inc.) C:\PROGRAM FILES (X86)\MCAFEE ONLINE BACKUP\MOBKBACKUP.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(McAfee, Inc.) C:\PROGRAM FILES (X86)\MCAFEE ONLINE BACKUP\MOBKBACKUP.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(Google Inc.) C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE
(McAfee, Inc.) C:\PROGRAM FILES\MCAFEE\MAT\MCPVTRAY.EXE
(McAfee, Inc.) C:\PROGRA~2\MCAFEE\SITEAD~1\SAUI.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-02-12] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKCU\...\Run: [Google Update] - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-02] (Google Inc.)
HKCU\...\Run: [F.lux] - C:\Users\Daniel\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-12-30] (TrueCrypt Foundation)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {8c4fcc91-7951-11df-ae5b-806e6f6e6963} - E:\Setup.exe
MountPoints2: {c1760b35-3519-11e0-ad2e-002268685223} - J:\setup.exe AUTORUN=1
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [boincmgr] - C:\Program Files (x86)\BOINC\boincmgr.exe [4862720 2010-07-01] (Space Sciences Laboratory)
HKLM-x32\...\Run: [boinctray] - C:\Program Files (x86)\BOINC\boinctray.exe [58112 2010-07-01] (Space Sciences Laboratory)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\web'n'walk Manager.lnk
ShortcutTarget: web'n'walk Manager.lnk -> C:\Program Files (x86)\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (No File)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BOINC Manager.lnk
ShortcutTarget: BOINC Manager.lnk -> C:\Program Files (x86)\BOINC\boincmgr.exe (Space Sciences Laboratory)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKCU - {355C7709-2685-407E-87C9-74E60F82A503} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms}
SearchScopes: HKCU - {5127137B-B71D-479F-9AE8-BAEB052E7037} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://www.groupon.de/deals/dresden|hxxp://de.pokerstrategy.com
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "http", "174.137.150.197"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: FoxyProxy Basic - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\foxyproxy@eric.h.jung
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\ich@maltegoetz.de
FF Extension: Cooliris - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\piclens@cooliris.com
FF Extension: CookieSafe - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}
FF Extension: WOT - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: hxxp://www.groupon.de/deals/dresden
CHR RestoreOnStartup: ""
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (ProxTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0
CHR Extension: (Adblock Plus) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0
CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0
CHR Extension: (ICE Quick Stream) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl\6.1_0
CHR Extension: (SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0
CHR Extension: (AT_ChuckAnderson) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (NotScripts) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-09-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-02-12] (Crawler.com)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [124416 2007-11-13] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [80896 2007-10-09] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10624 2007-03-30] (Option N.V.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [73096 2012-09-14] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-03-20] (Windows (R) Win 7 DDK provider)
U3 mfeavfk01; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 18:12 - 2013-08-29 18:12 - 00007281 _____ C:\Users\Daniel\Desktop\AdwCleaner[S0].txt
2013-08-29 17:49 - 2013-08-29 17:53 - 00000000 ____D C:\AdwCleaner
2013-08-29 17:45 - 2013-08-29 17:46 - 00994642 _____ C:\Users\Daniel\Desktop\adwcleaner.exe
2013-08-29 15:43 - 2013-08-29 15:43 - 00000000 ____D C:\FRST
2013-08-29 15:41 - 2013-08-29 15:41 - 00015446 _____ C:\Users\Daniel\Desktop\JRT.txt
2013-08-29 15:32 - 2013-08-29 15:32 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 15:22 - 2013-08-29 15:22 - 01579080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-08-29 15:22 - 2013-08-29 15:22 - 01023533 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2013-08-29 15:14 - 2013-08-29 15:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 15:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 15:12 - 2013-08-29 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-27 11:10 - 2013-08-27 12:12 - 00010437 _____ C:\Users\Daniel\Desktop\todoSchach.odt
2013-08-14 09:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 09:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 09:09 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 09:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 09:09 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 09:09 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 09:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 09:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 09:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 09:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 09:09 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 09:09 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 09:09 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 09:09 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 07:52 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 07:52 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 07:52 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 07:52 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 07:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 07:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 07:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 07:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 07:51 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 07:51 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 07:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 07:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 07:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 07:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 07:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 07:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 07:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 07:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 07:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 07:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 07:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 07:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 07:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 07:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 07:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 07:50 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 07:50 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-14 07:50 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-06 09:30 - 2013-08-06 09:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-06 09:30 - 2013-08-06 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== One Month Modified Files and Folders =======

2013-08-29 18:16 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 18:16 - 2009-07-14 06:45 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 18:13 - 2010-06-16 16:19 - 01804461 _____ C:\Windows\WindowsUpdate.log
2013-08-29 18:12 - 2013-08-29 18:12 - 00007281 _____ C:\Users\Daniel\Desktop\AdwCleaner[S0].txt
2013-08-29 18:10 - 2012-11-29 13:20 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2013-08-29 18:10 - 2011-02-02 19:52 - 00000000 ____D C:\ProgramData\BOINC
2013-08-29 18:10 - 2010-07-09 15:01 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-08-29 18:09 - 2012-11-29 13:24 - 00000000 ___RD C:\Users\Daniel\Dropbox
2013-08-29 18:09 - 2010-06-16 16:27 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-29 18:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 18:09 - 2009-07-14 06:51 - 00144211 _____ C:\Windows\setupact.log
2013-08-29 18:08 - 2013-03-01 11:28 - 00000000 ____D C:\Program Files (x86)\BrowseToSave
2013-08-29 18:08 - 2010-06-16 16:46 - 00090298 _____ C:\Windows\PFRO.log
2013-08-29 17:53 - 2013-08-29 17:49 - 00000000 ____D C:\AdwCleaner
2013-08-29 17:49 - 2013-04-23 16:05 - 01808367 _____ C:\blitzerr.txt
2013-08-29 17:46 - 2013-08-29 17:45 - 00994642 _____ C:\Users\Daniel\Desktop\adwcleaner.exe
2013-08-29 17:45 - 2011-02-02 01:34 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA.job
2013-08-29 17:37 - 2012-10-09 10:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 15:43 - 2013-08-29 15:43 - 00000000 ____D C:\FRST
2013-08-29 15:41 - 2013-08-29 15:41 - 00015446 _____ C:\Users\Daniel\Desktop\JRT.txt
2013-08-29 15:32 - 2013-08-29 15:32 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 15:22 - 2013-08-29 15:22 - 01579080 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2013-08-29 15:22 - 2013-08-29 15:22 - 01023533 _____ (Thisisu) C:\Users\Daniel\Desktop\JRT.exe
2013-08-29 15:14 - 2013-08-29 15:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 15:13 - 2013-08-29 15:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 15:12 - 2013-08-29 15:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-29 14:54 - 2009-07-14 19:58 - 00664618 _____ C:\Windows\system32\perfh007.dat
2013-08-29 14:54 - 2009-07-14 19:58 - 00134786 _____ C:\Windows\system32\perfc007.dat
2013-08-29 14:54 - 2009-07-14 07:13 - 01527868 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 13:41 - 2010-06-16 17:40 - 00000000 ____D C:\Users\Daniel\AppData\Local\PokerStars.EU
2013-08-29 12:20 - 2012-07-24 13:29 - 00027883 _____ C:\Users\Daniel\Desktop\Equity.ods
2013-08-29 12:20 - 2012-01-13 16:06 - 00313856 ___SH C:\Users\Daniel\Desktop\Thumbs.db
2013-08-29 10:50 - 2013-03-20 10:45 - 00000000 ____D C:\ProgramData\Spyware Terminator
2013-08-28 22:20 - 2013-05-30 21:47 - 00017130 _____ C:\Users\Daniel\Desktop\Serien.ods
2013-08-28 10:35 - 2010-06-16 17:19 - 00000000 ____D C:\Users\postgres
2013-08-27 12:12 - 2013-08-27 11:10 - 00010437 _____ C:\Users\Daniel\Desktop\todoSchach.odt
2013-08-27 09:45 - 2011-02-02 01:34 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core.job
2013-08-26 10:43 - 2013-07-29 10:27 - 00021455 _____ C:\Users\Daniel\Desktop\PLO Secrets.odt
2013-08-23 09:19 - 2010-06-16 16:39 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-08-21 14:38 - 2012-10-09 10:57 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 14:38 - 2012-10-09 10:57 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 14:38 - 2011-06-17 19:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-14 20:40 - 2010-06-17 23:56 - 00000000 ____D C:\ProgramData\Adobe
2013-08-14 20:39 - 2010-06-16 17:15 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe
2013-08-14 16:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 09:05 - 2013-07-26 01:33 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:03 - 2010-06-25 10:13 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-06 09:30 - 2013-08-06 09:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-06 09:30 - 2013-08-06 09:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-06 09:29 - 2010-06-17 23:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\Adobe

Files to move or delete:
====================
C:\Users\Daniel\AppData\Local\Temp\DivXSetup.exe
C:\Users\Daniel\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Daniel\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Daniel\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Daniel\AppData\Local\Temp\GUR79EF.exe
C:\Users\Daniel\AppData\Local\Temp\i4jdel0.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\pPokerSetup.exe
C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe
C:\Users\Daniel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Daniel\AppData\Local\Temp\sfextra.dll
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Daniel\AppData\Local\Temp\_is49DD.exe
C:\Users\Daniel\AppData\Local\Temp\_unps.exe
C:\Users\Daniel\AppData\Local\Temp\{BB1214EA-9771-4DED-BAAA-A8CBC792DDF5}\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\{AF98C74B-2493-4DE7-9181-00F07BD169C0}\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\{A89475E1-BB25-4A53-BEC0-BD9320A46058}\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\{852472F5-D569-42B3-9033-60C4AA5D3683}\ISSetup.dll
C:\Users\Daniel\AppData\Local\Temp\{852472F5-D569-42B3-9033-60C4AA5D3683}\_Setup.dll
C:\Users\Daniel\AppData\Local\Temp\{1027B3D7-2454-4773-B4A7-2825860547D9}\ISBEW64.exe
C:\Users\Daniel\AppData\Local\Temp\Temp1_Houdini_15a.zip\Houdini_15a_x64.exe
C:\Users\Daniel\AppData\Local\Temp\nsr8383.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nsq2DA6.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nso84E8.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nso84E8.tmp\UAC.dll
C:\Users\Daniel\AppData\Local\Temp\nslF039.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\nsgDE6E.tmp\DropboxNSISTools.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\mcbrwsr2.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes_LD.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McInstallerStartup.dll
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\McUICnt.exe
C:\Users\Daniel\AppData\Local\Temp\MSS\3.0.318.3\SecurityScanner.dll
C:\Users\Daniel\AppData\Local\Temp\mProjector3175261488\mPlayer.3.1.1k.dll
C:\Users\Daniel\AppData\Local\Temp\McTemp\23206\InstProg.dll
C:\Users\Daniel\AppData\Local\Temp\McTemp\23206\Download_Files\oemmain\mcinsspt.exe
C:\Users\Daniel\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\i4jinst.dll
C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\jre\bin\awt.dll
C:\Users\Daniel\AppData\Local\Temp\e4j1631.tmp_dir1359547273\jre\bin\deploy.dll
C:\Users\Daniel\AppData\Local\Temp\E2E0.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\DA48.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\D77A.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\C7B2.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\C091.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
C:\Users\Daniel\AppData\Local\Temp\BB82.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\B5D7.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\A840.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\A219.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\9DA8.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\HP-DQEX5.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\Setup.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\utils\hpUrlLauncher.exe
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpfime51.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinkcoi9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinksts9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpinksts9311LM.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvpldrv04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvplres04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\hpvplui04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unidrv.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unidrvui.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\i386\unires.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\drivers\scanner\x64\HPScanMiniDrv_DJ3050_J610.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpfime51.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinkcoi9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinksts9311.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpinksts9311LM.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvpldrv04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvplres04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\hpvplui04.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unidrv.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unidrvui.dll
C:\Users\Daniel\AppData\Local\Temp\7zS00AB\amd64\unires.dll
C:\Users\Daniel\AppData\Local\Temp\58E9.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\5744.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\3A23.dir\InstallFlashPlayer.exe
C:\Users\Daniel\AppData\Local\Temp\20DD.dir\InstallFlashPlayer.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 11:07

==================== End Of Log ============================
         
--- --- ---


Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013
Ran by Daniel at 2013-08-29 18:17:25
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AMP WinOFF 5.0.1 (x32 Version: 5.0.1)
Any Audio Converter 3.0.7 (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
BOINC (x32 Version: 6.10.58)
Bonjour (Version: 3.0.0.10)
BrettspielWelt (x32)
BrowseToSave (Version: 1.0)
Camtasia Studio 7 (x32 Version: 7.0.1)
ChessBase 10 (x32 Version: 10)
ChessBase Reader (x32 Version: 2)
CLICK & LEARN DiDi 360° 3.1 (x32)
ConvertHelper 2.2 (x32)
Dealio Toolbar v7.4 (x32 Version: 7.4)
Deep Rybka 3 (x32 Version: 1.0)
Deep Rybka 4 (x32 Version: 12.18.0.0)
DivX-Setup (x32 Version: 2.6.1.22)
Dropbox (HKCU Version: 2.0.22)
EV calculator (x32 Version: 1.0.0)
F.lux (HKCU)
Flopzilla (x32 Version: 1.0.0)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
Free Audio CD Burner version 1.4 (x32)
Free FLV Converter V 6.8.0 (x32 Version: 6.8.0.0)
Free Music Zilla (x32)
Free Sound Recorder 2010 v9.2.1 (x32)
Free YouTube to MP3 Converter version 3.10.14.1206 (x32)
FreePDF (Remove only) (x32)
Fritz 12 (x32 Version: 12.0.0)
Full Tilt Poker (x32 Version: 4.39.7.WIN.FullTilt.COM)
Full Tilt Poker.Eu (x32 Version: 4.59.8.WIN.FullTilt.EU)
Garmin Communicator Plugin (x32 Version: 4.0.4)
Garmin Communicator Plugin x64 (Version: 4.0.4)
GIMP 2.8.4 (Version: 2.8.4)
GlobeTrotter Connect (Version: 2.3.0.630)
Google Chrome (HKCU Version: 29.0.1547.62)
GPL Ghostscript (x32 Version: 9.05)
Holdem Manager (x32)
Houdini 3 Pro (x32 Version: 13.12.0.0)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Hilfe (x32 Version: 140.0.63.63)
iCloud (Version: 2.1.2.8)
Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 20 (x32 Version: 6.0.200)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Online Backup (Version: 1.16.4.0)
McAfee Online Backup (x32)
McAfee SecurityCenter (x32 Version: 11.6.435)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 11.0 (x86 de) (x32 Version: 11.0)
MP3-Tag-Editor 3.14.0 (x32 Version: 3.14.0)
No23 Recorder (x32 Version: 2.1.0.3)
Notepad++ (x32 Version: 6.1.2)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
OpenTTD 1.2.1 (x32 Version: 1.2.1)
Party EzCASH Registered (x32)
PartyPoker (x32 Version: 144)
PlayChess  (x32 Version: )
Pokerazor 1.38 (x32 Version: 1.38)
PokerEV (x32 Version: 0.80.75)
PokerStars (x32)
PokerStrategy.com Equilab - Omaha (x32 Version: 1.1.4.0)
PokerStrategy.com EquiLab (x32 Version: 1.1.0.193)
PokerStrategy.com Equilab (x32 Version: 1.1.0.195)
PokerStrategy.com Equilator (x32 Version: 1.8.1.0)
PokerTools Odds Oracle 2.2.1 (Version: 2.2.1)
PostgreSQL 8.4 (x32 Version: 8.4)
Power Mp3 Recorder(Mp3 Sound Recorder) 2.9 (x32)
Power Sound Editor Free (x32)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.74.80.86)
RedMon - Redirection Port Monitor
RuntimeLibsVC90 (x32 Version: 1.1.0)
Safari (x32 Version: 5.34.57.2)
Shared C Run-time for x64 (Version: 10.0.0)
Sid Meier's Civilization 4 Complete (x32 Version: 1.74)
Skype™ 6.6 (x32 Version: 6.6.106)
SpeedFan (remove only) (x32)
Spyware Terminator 2012 (x32 Version: 3.0.0.80)
TableNinja (x32 Version: 1.2.93)
TableNinjaFT (x32 Version: 1.1.34)
Titan Poker (HKCU)
TrueCrypt (x32 Version: 7.1)
TubeBox (x32 Version: 3.5.3)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VC_CRT_x64 (Version: 1.02.0000)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Winmail Opener 1.4 (x32 Version: 1.4)

==================== Restore Points  =========================

29-08-2013 10:45:21 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {15783BDE-0CF9-445C-8E46-212CF759AF67} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation)
Task: {2AAF8B07-9A60-4B3E-94A7-700FE02CCBB6} - System32\Tasks\{7DD017B2-A651-4B1E-B0AC-58136ABF81F9} => C:\Users\Daniel\Downloads\flux-setup(2).exe No File
Task: {3CA8DB52-C89F-4B2C-810E-C6AB7E34B96E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {527D68BE-266E-44DA-B472-4AA663FD13EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {548493F3-442E-4D93-BC27-057378BF41E3} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3367036293-2228256684-2732229916-1001 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {68836440-F993-416C-9C8F-807E0A5573C9} - System32\Tasks\{DAA914B1-40E0-41D1-88F7-6062F1111C4D} => c:\program files (x86)\mozilla firefox\firefox.exe [2012-03-13] (Mozilla Corporation)
Task: {85F07AB0-F908-4458-B8EA-CBBFC90BA625} - System32\Tasks\{599E2690-C1A0-4179-B2DA-F81619ADB65D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation)
Task: {B480937C-0D57-40AE-9839-6FDCA51C4D4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation)
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation)
Task: {E4F9EB4A-8456-4DD5-9793-0C0EED7A8426} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-02] (Google Inc.)
Task: {EF770798-4C20-466B-B8B1-77C14F204DFD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001Core.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3367036293-2228256684-2732229916-1001UA.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Daniel\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Daniel\Desktop\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/29/2013 06:11:41 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7196812f-6be7-4bdb-9b69-063a4497d79a}

Error: (08/29/2013 06:09:19 PM) (Source: PostgreSQL) (User: )
Description: 2013-08-29 18:09:19 CESTFATAL:  the database system is starting up


System errors:
=============
Error: (08/29/2013 06:11:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/29/2013 06:11:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (08/29/2013 06:11:41 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7196812f-6be7-4bdb-9b69-063a4497d79a}

Error: (08/29/2013 06:09:19 PM) (Source: PostgreSQL)(User: )
Description: 2013-08-29 18:09:19 CESTFATAL:  the database system is starting up


CodeIntegrity Errors:
===================================
  Date: 2012-06-13 18:58:43.519
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-13 17:45:14.482
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-06 18:51:05.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-06-06 18:37:57.173
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 12279.14 MB
Available physical RAM: 8151.65 MB
Total Pagefile: 24556.47 MB
Available Pagefile: 20037.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:342.02 GB) (Free:16.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:341.97 GB) (Free:6.61 GB) NTFS
Drive e: (Fritztrainer) (CDROM) (Total:1.07 GB) (Free:0 GB) UDF
Drive j: () (Fixed) (Total:931.51 GB) (Free:730.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: DD7D2BC8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=342 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=342 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 932 GB) (Disk ID: 007EFC3B)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 29.08.2013, 19:29   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Umleitung zu ww94.btosjs.info - Standard

Umleitung zu ww94.btosjs.info



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.08.2013, 22:28   #5
Wolke33
 
Umleitung zu ww94.btosjs.info - Standard

Umleitung zu ww94.btosjs.info



MBAM sagt das

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.30.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Daniel :: DANIEL-PC [Administrator]

30.08.2013 10:11:02
mbam-log-2013-08-30 (10-11-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 273414
Laufzeit: 4 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET habe 2 mal laufen lassen und beide male kam er nach langer Zeit (>3h und >6h) bei 30% nicht mehr weiter, gefunden hat er bis dahin das:

Code:
ATTFilter
C:\AdwCleaner\Quarantine\C\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\lwqaioa@avkwzs.edu\content\bg.js.vir	Win32/Adware.MultiPlug.H application
C:\AdwCleaner\Quarantine\C\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lq1ok6po.default\Extensions\mhglg2ji5l@zvvl-vr.co.uk\content\bg.js.vir	Win32/Adware.MultiPlug.H application
         


Alt 01.09.2013, 15:44   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Umleitung zu ww94.btosjs.info - Standard

Umleitung zu ww94.btosjs.info



Das sind nur Funde in der Q vom adwCleaner

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
--> Umleitung zu ww94.btosjs.info

Alt 02.09.2013, 12:29   #7
Wolke33
 
Umleitung zu ww94.btosjs.info - Standard

Umleitung zu ww94.btosjs.info



Läuft wieder ohne Probleme.

Ein großes Dankeschön für deine Hilfe.

Alt 02.09.2013, 12:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Umleitung zu ww94.btosjs.info - Standard

Umleitung zu ww94.btosjs.info



Dann wären wir durch!


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Umleitung zu ww94.btosjs.info
adblock, adobe, appdatalow, converter, explorer, farbar, farbar recovery scan tool, flash player, helper, install.exe, phishing, pup.dealio.tb, pup.offerbundler.st, pup.optional.multiplug.a, pup.optional.silentinstall.a, pup.optional.sprotect.a, pup.optional.tarma.a, registry, rundll, services.exe, siteadvisor, svchost.exe, win32/adware.multiplug.h, winlogon.exe



Ähnliche Themen: Umleitung zu ww94.btosjs.info


  1. WIN 7: Werbepopups in Internetbrowsern, Umleitung auf bzw. Aufploppen von anderen Seiten "ADS by Info/realdeal"
    Log-Analyse und Auswertung - 01.05.2015 (17)
  2. hxxp://ww94.btosjs.info wird immer nach irgend einer aufgerufenen website geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (1)
  3. Umleitung auf URL123.info
    Alles rund um Mac OSX & Linux - 26.02.2012 (12)
  4. Google-Umleitung zu Url123.info
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (1)
  5. Umleitung 85.255...
    Plagegeister aller Art und deren Bekämpfung - 20.02.2009 (6)
  6. Umleitung
    Log-Analyse und Auswertung - 05.02.2009 (1)
  7. SRYS.INFO - Wtf??
    Mülltonne - 16.03.2008 (0)
  8. URL Umleitung
    Plagegeister aller Art und deren Bekämpfung - 22.01.2007 (1)
  9. Umleitung im IE
    Log-Analyse und Auswertung - 30.09.2006 (27)
  10. Umleitung
    Plagegeister aller Art und deren Bekämpfung - 26.06.2006 (30)
  11. info
    Mülltonne - 06.03.2005 (1)
  12. Re: Thank you! - Info
    Plagegeister aller Art und deren Bekämpfung - 06.11.2004 (1)
  13. info: mandrake 9.1 rc1
    Alles rund um Mac OSX & Linux - 25.02.2003 (19)
  14. info: red hat / mdk
    Alles rund um Mac OSX & Linux - 26.08.2002 (1)
  15. info: KDE 3.03
    Alles rund um Mac OSX & Linux - 22.08.2002 (4)

Zum Thema Umleitung zu ww94.btosjs.info - Hi, Nachdem ich mir auf meinem Laptop gestern nen Virus eingefangen habe, hatte ich eh schon überlegt mal meinen anderen Rechner zu überprüfen, da habe ich auf einmal ne komische - Umleitung zu ww94.btosjs.info...
Archiv
Du betrachtest: Umleitung zu ww94.btosjs.info auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.