Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Daily Deal Werbung im Browser (FireFox)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.11.2013, 23:51   #1
dr-jane
 
Windows 7: Daily Deal Werbung im Browser (FireFox) - Standard

Windows 7: Daily Deal Werbung im Browser (FireFox)



EDIT: An alles habe ich gedacht und dann kann ich mir nichtmal den Namen der Werbung merken. Ich meinte natürlich den Deal Finder, nicht Daily Deal!


Liebe Leute,

gleich vorweg, ich kann zwar Anweisungen befolgen, habe aber keineswegs gute PC-Kenntnisse - mit anderen Worten: seid bitte nachsichtig, wenn ich nicht gleich sofort verstehe, was ihr meint :/
Ich nutzte den PC gemeinsam mit meinem ehemaligen Mitbewohner, der sich ein wenig mehr auskannte als ich, dieser hat den PC auch einmal neu aufgesetzt, meine damalige Original-Windows Version ist nun futsch. So viel dazu...

Nun zu meinem Problem:
Das einzige Symptom, das sich bemerkbar gemacht hat, ist eine lästige Deal Finder Werbung, die sich zeigt, wenn ich mit der Maus über diverse Produkte im Internet fahre und somit die eigentlichen Links verdeckt. Ansonsten läuft der PC eigentlich einwandfrei, evt. erkannte ich als Laie keine sonstigen Anzeichen.

Meine Schritte bevor ich auf dieses Forum gestoßen bin:
1. AdwCleaner laufen lassen.
Logfile:
Code:
ATTFilter
# AdwCleaner v3.013 - Bericht erstellt am 30/11/2013 um 21:59:52
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : dr-jane - BOBBY
# Gestartet von : C:\Users\dr-jane\Downloads\adwcleaner313.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Windows\System32\Tasks\Object Browser-chromeinstaller
Datei Gefunden : C:\Windows\System32\Tasks\Object Browser-codedownloader
Datei Gefunden : C:\Windows\System32\Tasks\Object Browser-enabler
Datei Gefunden : C:\Windows\System32\Tasks\Object Browser-firefoxinstaller
Datei Gefunden : C:\Windows\System32\Tasks\Object Browser-updater
Datei Gefunden : C:\Windows\Tasks\Object Browser-chromeinstaller.job
Datei Gefunden : C:\Windows\Tasks\Object Browser-codedownloader.job
Datei Gefunden : C:\Windows\Tasks\Object Browser-enabler.job
Datei Gefunden : C:\Windows\Tasks\Object Browser-firefoxinstaller.job
Datei Gefunden : C:\Windows\Tasks\Object Browser-updater.job
Ordner Gefunden : C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan
Ordner Gefunden : C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
Ordner Gefunden C:\Program Files (x86)\Object Browser
Ordner Gefunden C:\Program Files (x86)\RegClean Pro
Ordner Gefunden C:\Users\dr-jane\AppData\Roaming\Systweak

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Object Browser
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311281150}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0032850.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0032850.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0032850.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0032850.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355285550}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344284450}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311281150}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser
Schlüssel Gefunden : HKLM\Software\Object Browser
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311281150}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355285550}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b37312a-5c5b-479a-813e-fe8e021e5672}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0b902e66-07ad-422c-a0c9-a612f80267db}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77ce4a60-403c-4bc6-a495-a85b39fa7749}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bf9470cd-7a0f-48b8-8da4-65b9b01c0141}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eea26d9e-4fdb-4042-94b9-b2bde641de6f}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\prefs.js ]

Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.InstallationThankYouPage", false);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.InstallationTime", 1382888819);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.active", true);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.addressbar", "NA");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.addressbarenhanced", "");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncdb_dbWasSet", true);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncdb_dbWasSet_FF25_FIX", true);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncinternaldb_dbWasSet", true);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncinternaldb_dbWasSet_FF25_FIX", true);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.backgroundver", 1);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.certdomaininstaller", "");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.changeprevious", false);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.Affiliate_settings.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.Affiliate_settings.value", "%22%7B%5C%22initUrl%5C%22%3A%5C%22hxxp%3A//api.jollywallet.com/[...]
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.InstallationTime.value", "1382888819");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.geo.expiration", "Tue Dec 03 2013 19:07:40 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.geo.value", "%22AT%22");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.jw_token.value", "%229f4387e8-7894-8e5b-4d6e-621811d209f5%22");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.key_list_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.key_list_id.value", "%2220120802-000%22");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.uc.expiration", "Wed Dec 11 2013 20:59:59 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.uc.value", "%22%5C%22AT%5C%22%22");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.description", "Browser enhancer");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.domain", "");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.enablesearch", false);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.homepage", "");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.iframe", false);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22F6BE02BB683B4828ABDCA710D2463[...]
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000046%22%2C%22sub_id%22%3A%220%2[...]
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22F6BE02BB683B4828ABDC[...]
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_appVer.value", "114");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_lastVersion.value", "1");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_meta.value", "%7B%7D");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_nextCheck.expiration", "Sun Dec 01 2013 01:35:43 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_nextCheck.value", "true");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_queue.value", "%7B%7D");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb._country_code_.value", "%22AT%22");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22F6BE02BB[...]
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.lastDailyReport", "1385836543025");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.lastUpdate", "1385836542499");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.manifesturl", "");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.name", "Object Browser");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.newtab", "");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.opensearch", "");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/32850/plugins/093/ff/plugins.json");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.pluginsversion", 81);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.publisher", "Object Browser");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.searchstatus", 0);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.setnewtab", false);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.thankyou", "");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.updateinterval", 360);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.ver", 114);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.apps", "32850");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.bic", "141fa98ca9d416bcef0d7be89663e31a");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.cid", 32850);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.firstrun", false);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.hadappinstalled", true);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.installationdate", 1382888819);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.modetype", "production");
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.reportInstall", true);
Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.statsDailyCounter", 23);
Zeile gefunden : user_pref("extensions.crossrider.bic", "141fa98ca9d416bcef0d7be89663e31a");

-\\ Google Chrome v31.0.1650.57

[ Datei : C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20643 octets] - [30/11/2013 21:59:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20704 octets] ##########
         
2. WinZip Malware Protector laufen lassen. Dieser hat folgendes gefunden (Logfile ist eine .xml Datei und als .txt Datei vollkommen unbrauchbar, darum hier das Ergebnis):
Sieben Infektionen im Systembereich "Dateisystem/Ordner.
1, Restricted Settings - Security Disabler (Details: Internet Explorer gesperrt)
2, autorun - Worm (Details: c:\users\dr-jane\downloads\treiber\windows loader.exe
3, optional - Potential Unwanted Application (Details:
c:\program files (x86)\object browser\object browser-buttonutil.exe
c:\program files (x86)\object browser\object browser-buttonutil64.exe
c:\program files (x86)\object browser\object browser-codedownloader.exe
c:\program files (x86)\object browser\object browser-updater.exe)
4, wpakill - Hacker Tool (Details: c:\users\dr-jane\downloads\treiber\remove wat v.2.2.6\removewat.exe)

Die restlichen 3 werden mir nicht angezeigt

Was soll ich denn damit nun machen? Das Fenster habe ich offen gelassen, weil ich mich nicht traue auf "Bereinigen" zu klicken, falls das etwas wichtiges ist! Ich warte mal auf eure Anweisungen. Im schlimmsten Fall muss ich es eben zu machen und in ein paar Tagen nochmal laufen lassen, wenn ich dann schon eine Antwort habe.



Die ersten Schritte hier im Forum:
Bei GMER hatte ich Probleme den Avira auszuschalten, ich hoffe, dass dies kein allzu großes Problem darstellt, ansonsten waren alle Programme geschlossen und die Internetverbindung getrennt.

Defrogger Logfile:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:27 on 30/11/2013 (dr-jane)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         
FRST Llogfile


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013
Ran by dr-jane (administrator) on BOBBY on 30-11-2013 22:30:56
Running from C:\Users\dr-jane\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
() C:\Users\dr-jane\Downloads\adwcleaner313.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
() C:\Users\dr-jane\Desktop\Defogger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Onboard] - C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
MountPoints2: {13003731-132d-11e3-a50f-6cf049062de4} - E:\RunGame.exe
MountPoints2: {2d35021d-787f-11e2-bb47-6cf049062de4} - F:\Autorun.exe
MountPoints2: {e0669d39-5296-11e3-9540-6cf049062de4} - "G:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x85D625C0880CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
BHO: Object Browser - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll (Object Browser)
BHO-x32: Object Browser - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho.dll (Object Browser)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Object Browser - C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
FF Extension: adblockpopups - C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Object Browser) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.84_0
CHR Extension: (Norton Identity Protection) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-24] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-02-16] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130919.001\IDSvia64.sys [520280 2013-08-16] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130920.002\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130920.002\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-30 22:30 - 2013-11-30 22:31 - 00017472 _____ C:\Users\dr-jane\Desktop\FRST.txt
2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST
2013-11-30 22:28 - 2013-11-30 22:28 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\FRST64.exe
2013-11-30 22:27 - 2013-11-30 22:27 - 00000544 _____ C:\Users\dr-jane\Desktop\defogger_disable.log
2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable
2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe
2013-11-30 22:23 - 2013-11-30 22:23 - 00003385 _____ C:\Users\dr-jane\Documents\log.xml
2013-11-30 22:12 - 2013-11-30 22:13 - 87227720 _____ (AVAST Software) C:\Users\dr-jane\Downloads\avast_free_antivirus_setup.exe
2013-11-30 22:04 - 2013-11-30 22:04 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\dr-jane\Downloads\wzmp_8.exe
2013-11-30 22:04 - 2013-11-30 22:04 - 00003116 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2013-11-30 22:04 - 2013-11-30 22:04 - 00001189 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2013-11-30 22:04 - 2013-03-15 17:10 - 00020480 _____ C:\Windows\system32\wsusnative64.exe
2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt
2013-11-30 21:59 - 2013-11-30 22:00 - 00000000 ____D C:\AdwCleaner
2013-11-30 21:59 - 2013-11-30 21:59 - 01091882 _____ C:\Users\dr-jane\Downloads\adwcleaner313.exe
2013-11-30 19:32 - 2013-11-30 19:32 - 105152277 _____ C:\Windows\SysWOW64\챆G
2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY
2013-11-21 20:28 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-21 20:28 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-21 19:20 - 2013-11-21 20:28 - 00000410 __RSH C:\ProgramData\ntuser.pol
2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake
2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle
2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital
2013-11-21 15:09 - 2013-11-30 19:28 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-11-21 15:09 - 2013-11-21 15:12 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security
2013-11-21 15:09 - 2013-11-21 15:12 - 00000000 ____D C:\Users\dr-jane\Desktop\Media
2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games
2013-11-21 15:08 - 2013-11-21 15:09 - 00015868 _____ C:\Windows\DPINST.LOG
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Western Digital
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-11-21 15:07 - 2013-11-21 15:10 - 00000000 ____D C:\ProgramData\Western Digital
2013-11-21 00:58 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 16:21 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 16:21 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 16:21 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 16:21 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 16:21 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 16:21 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 16:21 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 16:21 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 16:21 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 16:21 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 16:15 - 2013-11-13 16:17 - 00000302 _____ C:\Windows\SIERRA.INI
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2013-11-13 16:15 - 1998-01-23 12:20 - 00305664 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-11-13 13:17 - 2013-11-13 13:17 - 00000000 ____D C:\ProgramData\McAfee
2013-11-13 13:15 - 2013-11-13 13:20 - 00000000 ____D C:\ProgramData\Adobe
2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-13 13:13 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 13:13 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 13:13 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 13:13 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 13:13 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 13:13 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 13:13 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 13:13 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 13:13 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 13:13 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 13:13 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 13:13 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 13:13 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 13:13 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 13:13 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 13:13 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 13:13 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 13:13 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 13:13 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 13:13 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 13:13 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 13:13 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 13:13 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 13:13 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-11 19:23 - 2010-07-22 17:13 - 00054848 _____ (FSPro Labs) C:\Windows\system32\Drivers\FSPFltd.sys
2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat
2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive
2013-11-07 20:31 - 2013-11-07 20:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-11-30 22:31 - 2013-11-30 22:30 - 00017472 _____ C:\Users\dr-jane\Desktop\FRST.txt
2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST

2013-11-30 22:28 - 2013-11-30 22:28 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\FRST64.exe
2013-11-30 22:28 - 2013-06-18 16:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-30 22:28 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-30 22:28 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-30 22:27 - 2013-11-30 22:27 - 00000544 _____ C:\Users\dr-jane\Desktop\defogger_disable.log
2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable
2013-11-30 22:27 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane
2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe
2013-11-30 22:23 - 2013-11-30 22:23 - 00003385 _____ C:\Users\dr-jane\Documents\log.xml
2013-11-30 22:13 - 2013-11-30 22:12 - 87227720 _____ (AVAST Software) C:\Users\dr-jane\Downloads\avast_free_antivirus_setup.exe
2013-11-30 22:04 - 2013-11-30 22:04 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\dr-jane\Downloads\wzmp_8.exe
2013-11-30 22:04 - 2013-11-30 22:04 - 00003116 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2013-11-30 22:04 - 2013-11-30 22:04 - 00001189 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt
2013-11-30 22:00 - 2013-11-30 21:59 - 00000000 ____D C:\AdwCleaner
2013-11-30 22:00 - 2013-02-16 23:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-30 21:59 - 2013-11-30 21:59 - 01091882 _____ C:\Users\dr-jane\Downloads\adwcleaner313.exe
2013-11-30 20:56 - 2013-02-16 21:50 - 02003469 _____ C:\Windows\WindowsUpdate.log
2013-11-30 19:36 - 2013-09-16 14:23 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1309304-91E3-4870-B2E5-39AFB00E9104}
2013-11-30 19:32 - 2013-11-30 19:32 - 105152277 _____ C:\Windows\SysWOW64\챆G
2013-11-30 19:28 - 2013-11-21 15:09 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-11-30 19:28 - 2013-10-27 16:45 - 00001932 _____ C:\Windows\Tasks\Object Browser-chromeinstaller.job
2013-11-30 19:28 - 2013-10-27 16:45 - 00001856 _____ C:\Windows\Tasks\Object Browser-firefoxinstaller.job
2013-11-30 19:28 - 2013-10-27 16:45 - 00001316 _____ C:\Windows\Tasks\Object Browser-updater.job
2013-11-30 19:28 - 2013-10-27 16:45 - 00001218 _____ C:\Windows\Tasks\Object Browser-codedownloader.job
2013-11-30 19:28 - 2013-10-27 16:45 - 00001118 _____ C:\Windows\Tasks\Object Browser-enabler.job
2013-11-30 19:28 - 2013-02-16 23:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-30 19:27 - 2013-02-17 16:11 - 00025414 _____ C:\Windows\setupact.log
2013-11-30 19:27 - 2013-02-16 22:21 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-30 19:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-27 20:59 - 2013-10-27 15:46 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\vlc
2013-11-25 19:48 - 2013-02-16 22:32 - 00000000 ____D C:\Users\dr-jane\Downloads\Treiber
2013-11-24 14:36 - 2013-02-17 16:10 - 00027008 _____ C:\Windows\PFRO.log
2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY
2013-11-21 20:28 - 2013-11-21 19:20 - 00000410 __RSH C:\ProgramData\ntuser.pol
2013-11-21 19:54 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-21 19:36 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-11-21 19:36 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-11-21 19:36 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-21 19:20 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-21 19:17 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake
2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle
2013-11-21 15:12 - 2013-11-21 15:09 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security
2013-11-21 15:12 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Media
2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital
2013-11-21 15:10 - 2013-11-21 15:07 - 00000000 ____D C:\ProgramData\Western Digital
2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games
2013-11-21 15:09 - 2013-11-21 15:08 - 00015868 _____ C:\Windows\DPINST.LOG
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Western Digital
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-11-21 11:21 - 2013-02-16 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 01:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-15 16:47 - 2013-07-24 15:49 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Adobe
2013-11-15 16:30 - 2013-06-18 16:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-15 16:30 - 2013-02-17 16:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 16:30 - 2013-02-17 16:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-13 16:27 - 2013-06-24 16:21 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-11-13 16:20 - 2013-08-15 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 16:19 - 2013-02-21 17:12 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 16:17 - 2013-11-13 16:15 - 00000302 _____ C:\Windows\SIERRA.INI
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2013-11-13 13:20 - 2013-11-13 13:15 - 00000000 ____D C:\ProgramData\Adobe
2013-11-13 13:18 - 2013-02-17 01:19 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Adobe
2013-11-13 13:17 - 2013-11-13 13:17 - 00000000 ____D C:\ProgramData\McAfee
2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-09 15:44 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane\AppData\Local\VirtualStore
2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat
2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive
2013-11-09 15:38 - 2013-02-16 21:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-08 21:51 - 2013-02-16 23:26 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Mozilla
2013-11-08 17:04 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Apple Computer
2013-11-08 17:02 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Apple Computer
2013-11-07 20:31 - 2013-11-07 20:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-11-07 20:31 - 2013-02-16 23:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod

Some content of TEMP:
====================
C:\Users\dr-jane\AppData\Local\Temp\AutoRun.exe
C:\Users\dr-jane\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\dr-jane\AppData\Local\Temp\cabex.dll
C:\Users\dr-jane\AppData\Local\Temp\DivXSetup.exe
C:\Users\dr-jane\AppData\Local\Temp\eauninstall.exe
C:\Users\dr-jane\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\dr-jane\AppData\Local\Temp\FreemakeVideoConverter_4.1.0.0.exe
C:\Users\dr-jane\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\dr-jane\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\dr-jane\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\dr-jane\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\dr-jane\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\dr-jane\AppData\Local\Temp\msvcr71.dll
C:\Users\dr-jane\AppData\Local\Temp\NoUAC.exe
C:\Users\dr-jane\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\dr-jane\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\dr-jane\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\dr-jane\AppData\Local\Temp\nvStInst.exe
C:\Users\dr-jane\AppData\Local\Temp\Quarantine.exe
C:\Users\dr-jane\AppData\Local\Temp\Setup.exe
C:\Users\dr-jane\AppData\Local\Temp\SIntf16.dll
C:\Users\dr-jane\AppData\Local\Temp\SIntf32.dll
C:\Users\dr-jane\AppData\Local\Temp\SIntfNT.dll
C:\Users\dr-jane\AppData\Local\Temp\Total Club Manager 2004_uninst.exe
C:\Users\dr-jane\AppData\Local\Temp\unelevate.exe
C:\Users\dr-jane\AppData\Local\Temp\unicows.dll
C:\Users\dr-jane\AppData\Local\Temp\UninstallEADM.dll
C:\Users\dr-jane\AppData\Local\Temp\VARemove.exe
C:\Users\dr-jane\AppData\Local\Temp\yta_bu12_setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 20:10

==================== End Of Log ============================
         
--- --- ---


FRST Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2013
Ran by dr-jane at 2013-11-30 22:31:52
Running from C:\Users\dr-jane\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Age of Mythology (x32)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.27)
DAEMON Tools Lite (x32 Version: 4.40.2.0131)
Diablo III (x32)
Die Sims™ 3 (x32 Version: 1.55.4)
Die Sims™ 3 Einfach tierisch (x32 Version: 10.0.96)
Die Sims™ 3 Jahreszeiten (x32 Version: 16.0.136)
Die Sims™ 3 Late Night (x32 Version: 6.0.81)
Die Sims™ 3 Lebensfreude (x32 Version: 8.0.152)
Die Sims™ 3 Supernatural (x32 Version: 15.0.135)
Die Sims™ 3 Wildes Studentenleben (x32 Version: 18.0.126)
DivX-Setup (x32 Version: 2.6.1.84)
Freemake Video Converter Version 4.1.0 (x32 Version: 4.1.0)
GeForce Experience NvStream Client Components (Version: 1.6.28)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (x32 Version: 31.0.1650.57)
Google Update Helper (x32 Version: 1.3.21.165)
iCloud (Version: 3.0.2.163)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML4 Parser (x32 Version: 1.0.0)
Norton Internet Security (x32 Version: 20.4.0.40)
Norton Security Scan (x32 Version: 3.7.2.10)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.7 (Version: 1.7)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 9.3.16 (Version: 9.3.16)
NVIDIA Update Components (Version: 9.3.16)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
Object Browser (x32 Version: 1.29.153.2)
Origin (x32 Version: 9.1.13.85)
Pharao (x32)
PlayMemories Home (x32 Version: 7.0.03.04240)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011)
RollerCoaster Tycoon 2 (x32)
SHIELD Streaming (Version: 1.6.34)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.1.0 (x32 Version: 2.1.0)
WD Drive Utilities (x32 Version: 1.0.6.3)
WD Security (x32 Version: 1.0.6.3)
WD SmartWare (Version: 2.2.0.8)
WinRAR
WinZip Malware Protector (x32 Version: 2.1.1000.10798)

==================== Restore Points  =========================

21-11-2013 22:14:28 Geplanter Prüfpunkt
30-11-2013 19:17:04 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {010EA60D-E159-429C-BF22-320936EF8AA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16] (Google Inc.)
Task: {24A06C5D-0046-42C1-9FAF-3F81E879F390} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {2A6D9220-9995-48EC-8613-ABE2D5EA7621} - System32\Tasks\Norton Security Scan for dr-jane => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.2.10\Nss.exe [2012-11-02] (Symantec Corporation)
Task: {31AEA872-6AB2-469B-B4EC-C49ABC816FF9} - System32\Tasks\{AA074299-058B-4DCF-87BE-B7562C55ED1C} => C:\Users\dr-jane\Downloads\Total Club Manager 2004\tcm2004.exe
Task: {3719F324-E2B1-44F9-8141-634DCF3EBDD2} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-BOBBY => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {6019A6D8-0EE8-4175-B06E-B8DA2DD9FE25} - System32\Tasks\Object Browser-chromeinstaller => C:\Program Files (x86)\Object Browser\Object Browser-chromeinstaller.exe [2013-10-27] (Object Browser)
Task: {7EEE794C-701B-4D97-8EF6-4F1CD1CA6C7C} - System32\Tasks\Object Browser-codedownloader => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe [2013-10-27] (Object Browser)
Task: {8CACCE6C-1FA8-4E64-A64B-BFF703758349} - System32\Tasks\Object Browser-firefoxinstaller => C:\Program Files (x86)\Object Browser\Object Browser-firefoxinstaller.exe [2013-10-27] (Object Browser)
Task: {A8548233-738C-4CE8-848D-E999C330808A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A9A530DE-D03A-423C-BC00-53527C1B0637} - System32\Tasks\Object Browser-enabler => C:\Program Files (x86)\Object Browser\Object Browser-enabler.exe [2013-10-27] (Object Browser)
Task: {AAF4CA17-EA18-4F3E-A7EC-6F1B67517B83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {B11CF94B-8C65-476B-8903-F25A301BD3B1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {B4F3FFB8-9D2A-467B-9DBD-125A203E692B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16] (Google Inc.)
Task: {CAA0EBAF-EB43-4639-9884-D2AE82EFF67C} - System32\Tasks\Object Browser-updater => C:\Program Files (x86)\Object Browser\Object Browser-updater.exe [2013-10-27] (Object Browser)
Task: {CD29BC8B-49F4-468D-9FF3-FFA0B3305627} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {D1D10854-E68B-4979-9D41-E17888AC3567} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-15] (Adobe Systems Incorporated)
Task: {F49C4EF5-2E13-42C0-92AA-03C498C937FF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for dr-jane.job => C:\PROGRA~2\NORTON~3\Engine\372~1.10\Nss.exe
Task: C:\Windows\Tasks\Object Browser-chromeinstaller.job => C:\Program Files (x86)\Object Browser\Object Browser-chromeinstaller.exe
Task: C:\Windows\Tasks\Object Browser-codedownloader.job => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe
Task: C:\Windows\Tasks\Object Browser-enabler.job => C:\Program Files (x86)\Object Browser\Object Browser-enabler.exe
Task: C:\Windows\Tasks\Object Browser-firefoxinstaller.job => C:\Program Files (x86)\Object Browser\Object Browser-firefoxinstaller.exe
Task: C:\Windows\Tasks\Object Browser-updater.job => C:\Program Files (x86)\Object Browser\Object Browser-updater.exe

==================== Loaded Modules (whitelisted) =============

2013-02-16 23:15 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-02-16 23:28 - 2013-02-16 23:27 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-18 19:02 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-11-18 22:55 - 2013-11-18 22:55 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-15 16:30 - 2013-11-15 16:30 - 16237448 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
2013-11-30 22:04 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2013-11-30 22:04 - 2013-07-15 16:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2013-11-30 22:04 - 2013-02-28 16:53 - 00168448 _____ () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:7D2C66B1

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2013 07:40:17 PM) (Source: Application Hang) (User: )
Description: Programm FreemakeVC.exe, Version 4.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 798

Startzeit: 01ceedfa4606e614

Endzeit: 62

Anwendungspfad: C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe

Berichts-ID:

Error: (11/30/2013 07:28:02 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcStartServiceCtrlDispatcher failed [1063]

Error: (11/24/2013 07:00:06 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (11/18/2013 10:41:48 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (11/13/2013 11:34:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.0.5046, Zeitstempel: 0x526b1e27
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.0.5046, Zeitstempel: 0x526b1d27
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001157e7
ID des fehlerhaften Prozesses: 0xf40
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (11/13/2013 04:35:35 PM) (Source: Application Hang) (User: )
Description: Programm Pharaoh.exe, Version 1.2.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11ac

Startzeit: 01cee084f5dcebcc

Endzeit: 25732

Anwendungspfad: C:\SIERRA\Pharao\Pharaoh.exe

Berichts-ID:

Error: (11/13/2013 04:18:36 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Falscher Parameter.
.

Error: (11/13/2013 04:18:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Falscher Parameter.
.

Error: (11/11/2013 08:57:26 PM) (Source: Application Hang) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e04

Startzeit: 01cedf17c718c3f4

Endzeit: 60000

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 50099770-4b0b-11e3-89fe-6cf049062de4

Error: (11/11/2013 08:54:40 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: de0

Startzeit: 01cedeea810eec3f

Endzeit: 25188

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: f323b6b7-4b0a-11e3-89fe-6cf049062de4


System errors:
=============
Error: (11/25/2013 05:54:57 PM) (Source: DCOM) (User: )
Description: 1053sdrsvc{687E55CA-6621-4C41-B9F1-C0EDDC94BB05}

Error: (11/25/2013 05:54:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Sicherung" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/25/2013 05:54:57 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Sicherung erreicht.

Error: (11/21/2013 07:20:19 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden.

Error: (11/21/2013 07:20:18 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden.

Error: (11/21/2013 07:20:17 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden.

Error: (11/21/2013 07:13:24 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden.

Error: (11/21/2013 07:13:24 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden.

Error: (11/21/2013 07:13:23 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden.

Error: (11/21/2013 07:13:23 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR9 gefunden.


Microsoft Office Sessions:
=========================
Error: (11/30/2013 07:40:17 PM) (Source: Application Hang)(User: )
Description: FreemakeVC.exe4.1.0.079801ceedfa4606e61462C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe

Error: (11/30/2013 07:28:02 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcStartServiceCtrlDispatcher failed [1063]

Error: (11/24/2013 07:00:06 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (11/18/2013 10:41:48 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (11/13/2013 11:34:44 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.0.5046526b1e27xul.dll25.0.0.5046526b1d27c0000005001157e7f4001cee0b87974c98cC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllca8276f1-4cb3-11e3-8215-6cf049062de4

Error: (11/13/2013 04:35:35 PM) (Source: Application Hang)(User: )
Description: Pharaoh.exe1.2.0.011ac01cee084f5dcebcc25732C:\SIERRA\Pharao\Pharaoh.exe

Error: (11/13/2013 04:18:36 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Falscher Parameter.

Error: (11/13/2013 04:18:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Falscher Parameter.

Error: (11/11/2013 08:57:26 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7601.17567e0401cedf17c718c3f460000C:\Windows\explorer.exe50099770-4b0b-11e3-89fe-6cf049062de4

Error: (11/11/2013 08:54:40 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567de001cedeea810eec3f25188C:\Windows\Explorer.EXEf323b6b7-4b0a-11e3-89fe-6cf049062de4


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8123.49 MB
Available physical RAM: 5347.01 MB
Total Pagefile: 16245.16 MB
Available Pagefile: 13282.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:60.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 241C6624)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
GMER Logfile:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-30 23:05:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 Hitachi_HDT721050SLA360 rev.ST3OA3AA 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\dr-jane\AppData\Local\Temp\fxldqpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528  fffff80002dbb000 46 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575  fffff80002dbb02f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- EOF - GMER 2.1 ----
         
Vielen Dank im Voraus für eure Hilfe und liebe Grüße, ich hoffe ich habe alles richtig gemacht!

Geändert von dr-jane (01.12.2013 um 00:51 Uhr)

Alt 01.12.2013, 08:16   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Daily Deal Werbung im Browser (FireFox) - Standard

Windows 7: Daily Deal Werbung im Browser (FireFox)



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 01.12.2013, 11:36   #3
dr-jane
 
Windows 7: Daily Deal Werbung im Browser (FireFox) - Standard

Windows 7: Daily Deal Werbung im Browser (FireFox)



Hallo,

schon mal danke für die schnelle Antwort!

Hier die Logfiles, um die du mich gebeten hast:

Malwarebytes Anti-Malware

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.01.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
dr-jane :: BOBBY [Administrator]

Schutz: Aktiviert

01.12.2013 11:44:51
mbam-log-2013-12-01 (11-44-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 253058
Laufzeit: 3 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 12
HKCR\CLSID\{11111111-1111-1111-1111-110311281150} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440344284450} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550355285550} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0032850.BHO.1 (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311281150} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311281150} (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0032850.BHO (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0032850.Sandbox (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0032850.Sandbox.1 (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Object Browser (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Program Files (x86)\Object Browser (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\dr-jane\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\dr-jane\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\dr-jane\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 32
C:\Program Files (x86)\Object Browser\Object Browser-bho.dll (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\dr-jane\AppData\Local\Temp\FreemakeVideoConverter_4.1.0.0.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\dr-jane\AppData\Local\Temp\Stub\1684304427\cr.exe (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\background.html (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\32850.crx (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\32850.xpi (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Installer.log (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-bg.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-buttonutil.dll (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-buttonutil.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-buttonutil64.dll (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-buttonutil64.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-chromeinstaller.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-enabler.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-firefoxinstaller.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-helper.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser-updater.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Object Browser.ico (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\Uninstall.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Object Browser\utils.exe (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Object Browser-chromeinstaller.job (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Object Browser-codedownloader.job (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Object Browser-enabler.job (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Object Browser-firefoxinstaller.job (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Object Browser-updater.job (PUP.Optional.ObjectBrowser.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\dr-jane\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\dr-jane\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\dr-jane\AppData\Local\Temp\ct3297265\ism.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\dr-jane\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\dr-jane\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

AdwCleaner

Code:
ATTFilter
# AdwCleaner v3.013 - Bericht erstellt am 01/12/2013 um 11:58:17
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : dr-jane - BOBBY
# Gestartet von : C:\Users\dr-jane\Desktop\adwcleaner313.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
Ordner Gelöscht : C:\Users\dr-jane\AppData\Roaming\Systweak
Datei Gelöscht : C:\END

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "141fa98ca9d416bcef0d7be89663e31a");

-\\ Google Chrome v31.0.1650.57

[ Datei : C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20881 octets] - [30/11/2013 21:59:52]
AdwCleaner[R1].txt - [2214 octets] - [01/12/2013 11:57:12]
AdwCleaner[S0].txt - [1957 octets] - [01/12/2013 11:58:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2017 octets] ##########
         

JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Saskia on 01.12.2013 at 12:07:38,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Saskia\AppData\Roaming\mozilla\firefox\profiles\1d91dsu2.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
Emptied folder: C:\Users\Saskia\AppData\Roaming\mozilla\firefox\profiles\1d91dsu2.default\minidumps [25 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.12.2013 at 12:16:01,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013
Ran by dr-jane (administrator) on BOBBY on 01-12-2013 12:18:29
Running from C:\Users\dr-jane\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Onboard] - C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
MountPoints2: {13003731-132d-11e3-a50f-6cf049062de4} - E:\RunGame.exe
MountPoints2: {2d35021d-787f-11e2-bb47-6cf049062de4} - F:\Autorun.exe
MountPoints2: {e0669d39-5296-11e3-9540-6cf049062de4} - "G:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x85D625C0880CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
BHO: Object Browser - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
FF Extension: adblockpopups - C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Object Browser) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.84_0
CHR Extension: (Norton Identity Protection) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-30] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-30] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-02-16] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130919.001\IDSvia64.sys [520280 2013-08-16] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130920.002\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130920.002\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-01 12:18 - 2013-12-01 12:18 - 00018376 _____ C:\Users\dr-jane\Desktop\FRST.txt
2013-12-01 12:16 - 2013-12-01 12:16 - 00000950 _____ C:\Users\dr-jane\Desktop\JRT.txt
2013-12-01 12:07 - 2013-12-01 12:07 - 00000000 ____D C:\Windows\ERUNT
2013-12-01 12:05 - 2013-12-01 12:05 - 01034531 _____ (Thisisu) C:\Users\dr-jane\Desktop\JRT.exe
2013-12-01 12:02 - 2013-12-01 12:02 - 00002114 _____ C:\Users\dr-jane\Desktop\AdwCleaner[S0].txt
2013-12-01 11:41 - 2013-12-01 11:41 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Malwarebytes
2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 11:41 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 11:40 - 2013-12-01 11:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\dr-jane\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-30 23:59 - 2013-11-30 23:59 - 00016546 _____ C:\Users\dr-jane\Desktop\Logs.rar
2013-11-30 23:23 - 2013-11-30 23:23 - 00000212 _____ C:\Users\dr-jane\Documents\avast.txt
2013-11-30 23:09 - 2013-12-01 11:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-30 23:09 - 2013-11-30 23:18 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2013-11-30 23:09 - 2013-11-30 23:09 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-30 23:09 - 2013-11-30 23:09 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\AVAST Software
2013-11-30 23:09 - 2013-11-30 23:08 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-30 23:09 - 2013-11-30 23:08 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-30 23:09 - 2013-11-30 23:08 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-30 23:09 - 2013-11-30 23:08 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-30 23:09 - 2013-11-30 23:08 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-30 23:08 - 2013-11-30 23:08 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-30 23:08 - 2013-11-30 23:08 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-30 23:08 - 2013-11-30 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-30 23:08 - 2013-11-30 23:08 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-30 23:08 - 2013-11-30 23:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-30 23:07 - 2013-11-30 23:07 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-30 22:54 - 2013-11-30 22:54 - 00377856 _____ C:\Users\dr-jane\Desktop\gmer_2.1.19163.exe
2013-11-30 22:33 - 2013-11-30 22:33 - 00020388 _____ C:\Users\dr-jane\Documents\Addition.txt
2013-11-30 22:32 - 2013-11-30 22:48 - 00042732 _____ C:\Users\dr-jane\Documents\FRST.txt
2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST
2013-11-30 22:28 - 2013-11-30 22:28 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\FRST64.exe
2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable
2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe
2013-11-30 22:23 - 2013-12-01 00:29 - 00005709 _____ C:\Users\dr-jane\Documents\log.xml
2013-11-30 22:12 - 2013-11-30 22:13 - 87227720 _____ (AVAST Software) C:\Users\dr-jane\Downloads\avast_free_antivirus_setup.exe
2013-11-30 22:04 - 2013-12-01 12:01 - 00003116 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2013-11-30 22:04 - 2013-11-30 22:04 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\dr-jane\Downloads\wzmp_8.exe
2013-11-30 22:04 - 2013-11-30 22:04 - 00001189 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2013-11-30 22:04 - 2013-03-15 17:10 - 00020480 _____ C:\Windows\system32\wsusnative64.exe
2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt
2013-11-30 21:59 - 2013-12-01 11:58 - 00000000 ____D C:\AdwCleaner
2013-11-30 21:59 - 2013-11-30 21:59 - 01091882 _____ C:\Users\dr-jane\Desktop\adwcleaner313.exe
2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY
2013-11-21 20:28 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-21 20:28 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-21 19:20 - 2013-11-21 20:28 - 00000410 __RSH C:\ProgramData\ntuser.pol
2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake
2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle
2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital
2013-11-21 15:09 - 2013-12-01 12:00 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-11-21 15:09 - 2013-11-21 15:12 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security
2013-11-21 15:09 - 2013-11-21 15:12 - 00000000 ____D C:\Users\dr-jane\Desktop\Media
2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games
2013-11-21 15:08 - 2013-11-21 15:09 - 00015868 _____ C:\Windows\DPINST.LOG
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Western Digital
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-11-21 15:07 - 2013-11-21 15:10 - 00000000 ____D C:\ProgramData\Western Digital
2013-11-21 00:58 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 16:21 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 16:21 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 16:21 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 16:21 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 16:21 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 16:21 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 16:21 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 16:21 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 16:21 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 16:21 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 16:15 - 2013-11-13 16:17 - 00000302 _____ C:\Windows\SIERRA.INI
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2013-11-13 16:15 - 1998-01-23 12:20 - 00305664 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-11-13 13:17 - 2013-11-13 13:17 - 00000000 ____D C:\ProgramData\McAfee
2013-11-13 13:15 - 2013-11-13 13:20 - 00000000 ____D C:\ProgramData\Adobe
2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-13 13:13 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 13:13 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 13:13 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 13:13 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 13:13 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 13:13 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 13:13 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 13:13 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 13:13 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 13:13 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 13:13 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 13:13 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 13:13 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 13:13 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 13:13 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 13:13 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 13:13 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 13:13 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 13:13 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 13:13 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 13:13 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 13:13 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 13:13 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 13:13 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-11 19:23 - 2010-07-22 17:13 - 00054848 _____ (FSPro Labs) C:\Windows\system32\Drivers\FSPFltd.sys
2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat
2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive
2013-11-07 20:31 - 2013-11-07 20:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-12-01 12:18 - 2013-12-01 12:18 - 00018376 _____ C:\Users\dr-jane\Desktop\FRST.txt
2013-12-01 12:16 - 2013-12-01 12:16 - 00000950 _____ C:\Users\dr-jane\Desktop\JRT.txt
2013-12-01 12:07 - 2013-12-01 12:07 - 00000000 ____D C:\Windows\ERUNT
2013-12-01 12:05 - 2013-12-01 12:05 - 01034531 _____ (Thisisu) C:\Users\dr-jane\Desktop\JRT.exe
2013-12-01 12:02 - 2013-12-01 12:02 - 00002114 _____ C:\Users\dr-jane\Desktop\AdwCleaner[S0].txt
2013-12-01 12:01 - 2013-11-30 22:04 - 00003116 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2013-12-01 12:00 - 2013-11-21 15:09 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-12-01 12:00 - 2013-02-17 16:11 - 00026086 _____ C:\Windows\setupact.log
2013-12-01 12:00 - 2013-02-16 23:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 12:00 - 2013-02-16 23:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 11:59 - 2013-02-16 22:21 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-01 11:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 11:58 - 2013-11-30 21:59 - 00000000 ____D C:\AdwCleaner
2013-12-01 11:58 - 2013-02-16 21:50 - 02082279 _____ C:\Windows\WindowsUpdate.log
2013-12-01 11:58 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 11:58 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 11:53 - 2013-02-17 16:10 - 00037374 _____ C:\Windows\PFRO.log
2013-12-01 11:41 - 2013-12-01 11:41 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Malwarebytes
2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 11:40 - 2013-12-01 11:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\dr-jane\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-01 11:32 - 2013-11-30 23:09 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-01 03:28 - 2013-06-18 16:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 00:29 - 2013-11-30 22:23 - 00005709 _____ C:\Users\dr-jane\Documents\log.xml
2013-11-30 23:59 - 2013-11-30 23:59 - 00016546 _____ C:\Users\dr-jane\Desktop\Logs.rar
2013-11-30 23:23 - 2013-11-30 23:23 - 00000212 _____ C:\Users\dr-jane\Documents\avast.txt
2013-11-30 23:18 - 2013-11-30 23:09 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2013-11-30 23:09 - 2013-11-30 23:09 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-30 23:09 - 2013-11-30 23:09 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\AVAST Software
2013-11-30 23:08 - 2013-11-30 23:09 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-30 23:08 - 2013-11-30 23:09 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-30 23:08 - 2013-11-30 23:09 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-30 23:08 - 2013-11-30 23:09 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-30 23:08 - 2013-11-30 23:09 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-30 23:08 - 2013-11-30 23:08 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-30 23:08 - 2013-11-30 23:08 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-30 23:08 - 2013-11-30 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-30 23:08 - 2013-11-30 23:08 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-30 23:08 - 2013-11-30 23:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-30 23:07 - 2013-11-30 23:07 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-30 22:54 - 2013-11-30 22:54 - 00377856 _____ C:\Users\dr-jane\Desktop\gmer_2.1.19163.exe
2013-11-30 22:48 - 2013-11-30 22:32 - 00042732 _____ C:\Users\dr-jane\Documents\FRST.txt
2013-11-30 22:33 - 2013-11-30 22:33 - 00020388 _____ C:\Users\dr-jane\Documents\Addition.txt
2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST
2013-11-30 22:28 - 2013-11-30 22:28 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\FRST64.exe
2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable
2013-11-30 22:27 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane
2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe
2013-11-30 22:04 - 2013-11-30 22:04 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\dr-jane\Downloads\wzmp_8.exe
2013-11-30 22:04 - 2013-11-30 22:04 - 00001189 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2013-11-30 22:04 - 2013-11-30 22:04 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt
2013-11-30 21:59 - 2013-11-30 21:59 - 01091882 _____ C:\Users\dr-jane\Desktop\adwcleaner313.exe
2013-11-30 19:36 - 2013-09-16 14:23 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1309304-91E3-4870-B2E5-39AFB00E9104}
2013-11-27 20:59 - 2013-10-27 15:46 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\vlc
2013-11-25 19:48 - 2013-02-16 22:32 - 00000000 ____D C:\Users\dr-jane\Downloads\Treiber
2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY
2013-11-21 20:28 - 2013-11-21 19:20 - 00000410 __RSH C:\ProgramData\ntuser.pol
2013-11-21 19:54 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-21 19:36 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-11-21 19:36 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-11-21 19:36 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-21 19:20 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-21 19:17 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake
2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle
2013-11-21 15:12 - 2013-11-21 15:09 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security
2013-11-21 15:12 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Media
2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital
2013-11-21 15:10 - 2013-11-21 15:07 - 00000000 ____D C:\ProgramData\Western Digital
2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games
2013-11-21 15:09 - 2013-11-21 15:08 - 00015868 _____ C:\Windows\DPINST.LOG
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Western Digital
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-11-21 15:08 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-11-21 11:21 - 2013-02-16 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 01:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-15 16:47 - 2013-07-24 15:49 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Adobe
2013-11-15 16:30 - 2013-06-18 16:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-15 16:30 - 2013-02-17 16:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 16:30 - 2013-02-17 16:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-13 16:27 - 2013-06-24 16:21 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-11-13 16:20 - 2013-08-15 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 16:19 - 2013-02-21 17:12 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 16:17 - 2013-11-13 16:15 - 00000302 _____ C:\Windows\SIERRA.INI
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2013-11-13 13:20 - 2013-11-13 13:15 - 00000000 ____D C:\ProgramData\Adobe
2013-11-13 13:18 - 2013-02-17 01:19 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Adobe
2013-11-13 13:17 - 2013-11-13 13:17 - 00000000 ____D C:\ProgramData\McAfee
2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-09 15:44 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane\AppData\Local\VirtualStore
2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat
2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive
2013-11-09 15:38 - 2013-02-16 21:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-08 21:51 - 2013-02-16 23:26 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Mozilla
2013-11-08 17:04 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Apple Computer
2013-11-08 17:02 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Apple Computer
2013-11-07 20:31 - 2013-11-07 20:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-11-07 20:31 - 2013-02-16 23:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod

Some content of TEMP:
====================
C:\Users\dr-jane\AppData\Local\Temp\AutoRun.exe
C:\Users\dr-jane\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\dr-jane\AppData\Local\Temp\cabex.dll
C:\Users\dr-jane\AppData\Local\Temp\DivXSetup.exe
C:\Users\dr-jane\AppData\Local\Temp\eauninstall.exe
C:\Users\dr-jane\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\dr-jane\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\dr-jane\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\dr-jane\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\dr-jane\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\dr-jane\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\dr-jane\AppData\Local\Temp\msvcr71.dll
C:\Users\dr-jane\AppData\Local\Temp\NoUAC.exe
C:\Users\dr-jane\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\dr-jane\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\dr-jane\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\dr-jane\AppData\Local\Temp\nvStInst.exe
C:\Users\dr-jane\AppData\Local\Temp\Quarantine.exe
C:\Users\dr-jane\AppData\Local\Temp\Setup.exe
C:\Users\dr-jane\AppData\Local\Temp\SIntf16.dll
C:\Users\dr-jane\AppData\Local\Temp\SIntf32.dll
C:\Users\dr-jane\AppData\Local\Temp\SIntfNT.dll
C:\Users\dr-jane\AppData\Local\Temp\Total Club Manager 2004_uninst.exe
C:\Users\dr-jane\AppData\Local\Temp\unelevate.exe
C:\Users\dr-jane\AppData\Local\Temp\unicows.dll
C:\Users\dr-jane\AppData\Local\Temp\UninstallEADM.dll
C:\Users\dr-jane\AppData\Local\Temp\VARemove.exe
C:\Users\dr-jane\AppData\Local\Temp\yta_bu12_setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 20:10

==================== End Of Log ==========================
         
--- --- ---

--- --- ---



Ich habe gerade eben Amazon.de besucht und exakt die gleiche Suche eingegeben, als ich diese Deal Finder Werbung gesehen habe. Diesmal wurde mir nichts angezeigt. Kann es sein, dass das bereits vom PC geputzt wurde? Wenn ja, dann seid ihr hier meine absoluten Helden!
Dann würde mich aber sehr interessieren, woran das denn nun lag und ob ich etwas falsch gemacht habe, das ich nächstes Mal vermeiden kann? Wo im System lag/liegt die Infektion? Wäre sehr nett, wenn du mir das vielleicht ganz kurz erklären könntest.

Liebe Grüße!
__________________

Alt 02.12.2013, 09:19   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Daily Deal Werbung im Browser (FireFox) - Standard

Windows 7: Daily Deal Werbung im Browser (FireFox)



Die gröbste Adware ist schon runter


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.12.2013, 21:18   #5
dr-jane
 
Windows 7: Daily Deal Werbung im Browser (FireFox) - Standard

Windows 7: Daily Deal Werbung im Browser (FireFox)



Hi,

hier die Logs:

ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=01e49f3c1568b247a81b2e2af18182d3
# engine=16105
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-02 08:59:26
# local_time=2013-12-02 09:59:26 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 88 9350 136680462 0 0
# compatibility_mode=5893 16776574 100 94 167450 137647816 0 0
# scanned=200028
# found=0
# cleaned=0
# scan_time=8367
         
Security Check
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.152  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1) 
 Google Chrome 30.0.1599.101  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013
Ran by dr-jane (administrator) on BOBBY on 02-12-2013 22:09:53
Running from C:\Users\dr-jane\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM\...\RunOnce: [122_1633511484122] - "C:\Users\dr-jane\AppData\Local\LOGMEI~1\LMIR0001.tmp_r.bat" [279 2013-12-02] ()
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
MountPoints2: {13003731-132d-11e3-a50f-6cf049062de4} - E:\RunGame.exe
MountPoints2: {2d35021d-787f-11e2-bb47-6cf049062de4} - F:\Autorun.exe
MountPoints2: {e0669d39-5296-11e3-9540-6cf049062de4} - "G:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-11-02] (Western Digital Technologies, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x85D625C0880CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: adblockpopups - C:\Users\dr-jane\AppData\Roaming\Mozilla\Firefox\Profiles\1d91dsu2.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Object Browser) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.84_0
CHR Extension: (Google Wallet) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\dr-jane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-11-02] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-02-16] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-30] (Symantec Corporation)
U3 EraserUtilDrv11312; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [137648 2013-11-30] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-11-28] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131202.002\ENG64.SYS [126040 2013-11-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131202.002\EX64.SYS [2099288 2013-11-30] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 22:07 - 2013-12-02 22:07 - 00000789 _____ C:\Users\dr-jane\Desktop\checkup.txt
2013-12-02 22:01 - 2013-12-02 22:01 - 00000709 _____ C:\Users\dr-jane\Desktop\eset.txt
2013-12-02 17:51 - 2013-12-02 17:51 - 00000000 ____D C:\Windows\LastGood
2013-12-02 17:50 - 2013-10-30 18:03 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-02 17:50 - 2013-10-30 18:02 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-02 16:45 - 2013-12-02 16:45 - 00001482 _____ C:\Users\dr-jane\AppData\Local\recently-used.xbel
2013-12-02 16:40 - 2013-12-02 16:40 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\frst64.exe
2013-12-02 16:29 - 2013-12-02 16:42 - 00000000 ____D C:\Users\dr-jane\AppData\Local\LogMeIn Rescue Applet
2013-12-02 16:12 - 2013-12-02 16:12 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-12-02 16:09 - 2013-12-02 16:09 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-12-02 16:09 - 2013-12-02 16:09 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-12-02 16:09 - 2013-12-02 16:09 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-02 16:09 - 2013-12-02 16:09 - 00002391 _____ C:\Users\Public\Desktop\Norton 360.lnk
2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-12-01 18:00 - 2013-12-02 16:08 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-01 17:45 - 2013-12-02 17:52 - 00000000 ____D C:\Users\dr-jane\AppData\Local\NVIDIA Corporation
2013-12-01 17:12 - 2013-12-02 17:51 - 00001606 _____ C:\Windows\setupact.log
2013-12-01 17:12 - 2013-12-02 16:08 - 02184284 _____ C:\Windows\PFRO.log
2013-12-01 17:12 - 2013-12-01 17:12 - 00000000 _____ C:\Windows\setuperr.log
2013-12-01 17:00 - 2013-12-02 16:09 - 00000000 ____D C:\ProgramData\Norton
2013-12-01 16:58 - 2013-12-01 16:58 - 00003608 _____ C:\Users\dr-jane\Documents\cc_20131201_165827.reg
2013-12-01 16:53 - 2013-12-01 16:53 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-01 16:20 - 2013-12-01 16:20 - 00005584 _____ C:\Users\dr-jane\Documents\cc_20131201_162049.reg
2013-12-01 16:19 - 2013-12-01 16:19 - 00055218 _____ C:\Users\dr-jane\Documents\cc_20131201_161915.reg
2013-12-01 13:59 - 2013-12-01 13:59 - 00000000 ____D C:\ProgramData\PCSettings
2013-12-01 12:59 - 2013-12-01 15:36 - 00000000 ____D C:\avast! sandbox
2013-12-01 12:52 - 2013-12-01 12:52 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2013-12-01 12:31 - 2013-12-01 12:31 - 00000000 ____D C:\Program Files\Western Digital
2013-12-01 12:29 - 2013-12-01 12:29 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-01 12:18 - 2013-12-02 22:09 - 00015966 _____ C:\Users\dr-jane\Desktop\FRST.txt
2013-12-01 12:16 - 2013-12-01 12:16 - 00000950 _____ C:\Users\dr-jane\Desktop\JRT.txt
2013-12-01 12:07 - 2013-12-01 12:07 - 00000000 ____D C:\Windows\ERUNT
2013-12-01 12:05 - 2013-12-01 12:05 - 01034531 _____ (Thisisu) C:\Users\dr-jane\Desktop\JRT.exe
2013-12-01 12:02 - 2013-12-01 12:02 - 00002114 _____ C:\Users\dr-jane\Desktop\AdwCleaner[S0].txt
2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Malwarebytes
2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 11:40 - 2013-12-01 11:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\dr-jane\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-30 23:59 - 2013-11-30 23:59 - 00016546 _____ C:\Users\dr-jane\Desktop\Logs.rar
2013-11-30 23:23 - 2013-11-30 23:23 - 00000212 _____ C:\Users\dr-jane\Documents\avast.txt
2013-11-30 23:09 - 2013-11-30 23:09 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\AVAST Software
2013-11-30 23:08 - 2013-12-01 18:01 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-30 22:54 - 2013-11-30 22:54 - 00377856 _____ C:\Users\dr-jane\Desktop\gmer_2.1.19163.exe
2013-11-30 22:33 - 2013-11-30 22:33 - 00020388 _____ C:\Users\dr-jane\Documents\Addition.txt
2013-11-30 22:32 - 2013-11-30 22:48 - 00042732 _____ C:\Users\dr-jane\Documents\FRST.txt
2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST
2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable
2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe
2013-11-30 22:23 - 2013-12-01 00:29 - 00005709 _____ C:\Users\dr-jane\Documents\log.xml
2013-11-30 22:04 - 2013-12-01 16:53 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing
2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt
2013-11-30 21:59 - 2013-12-01 11:58 - 00000000 ____D C:\AdwCleaner
2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY
2013-11-21 20:28 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-21 20:28 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-21 19:20 - 2013-11-21 20:28 - 00000410 __RSH C:\ProgramData\ntuser.pol
2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake
2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle
2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital
2013-11-21 15:09 - 2013-12-02 16:42 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security
2013-11-21 15:09 - 2013-12-02 16:33 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-11-21 15:09 - 2013-12-01 18:22 - 00000000 ____D C:\Users\dr-jane\Desktop\Media
2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games
2013-11-21 15:08 - 2013-12-01 12:31 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-11-21 15:08 - 2013-12-01 12:31 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-11-21 15:07 - 2013-12-01 12:31 - 00000000 ____D C:\ProgramData\Western Digital
2013-11-21 00:58 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-21 00:58 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 16:21 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 16:21 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 16:21 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 16:21 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 16:21 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 16:21 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 16:21 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 16:21 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 16:21 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 16:21 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 16:21 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 16:21 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 16:15 - 2013-11-13 16:17 - 00000302 _____ C:\Windows\SIERRA.INI
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2013-11-13 16:15 - 1998-01-23 12:20 - 00305664 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-11-13 13:15 - 2013-11-13 13:20 - 00000000 ____D C:\ProgramData\Adobe
2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-13 13:13 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 13:13 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 13:13 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 13:13 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 13:13 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 13:13 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 13:13 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 13:13 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 13:13 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 13:13 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 13:13 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 13:13 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 13:13 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 13:13 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 13:13 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 13:13 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 13:13 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 13:13 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 13:13 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 13:13 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 13:13 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 13:13 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 13:13 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 13:13 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-11 19:23 - 2010-07-22 17:13 - 00054848 _____ (FSPro Labs) C:\Windows\system32\Drivers\FSPFltd.sys
2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat
2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive
2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 20:29 - 2013-11-07 20:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-12-02 22:10 - 2013-12-01 12:18 - 00015966 _____ C:\Users\dr-jane\Desktop\FRST.txt
2013-12-02 22:07 - 2013-12-02 22:07 - 00000789 _____ C:\Users\dr-jane\Desktop\checkup.txt
2013-12-02 22:03 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 22:03 - 2009-07-14 05:45 - 00023312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 22:01 - 2013-12-02 22:01 - 00000709 _____ C:\Users\dr-jane\Desktop\eset.txt
2013-12-02 22:00 - 2013-02-16 23:34 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 21:28 - 2013-06-18 16:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-02 21:13 - 2013-02-16 21:50 - 01292172 _____ C:\Windows\WindowsUpdate.log
2013-12-02 19:11 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-12-02 19:11 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-12-02 19:11 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 17:54 - 2013-07-01 20:32 - 00000000 ____D C:\Users\dr-jane\AppData\Local\NVIDIA
2013-12-02 17:52 - 2013-12-01 17:45 - 00000000 ____D C:\Users\dr-jane\AppData\Local\NVIDIA Corporation
2013-12-02 17:52 - 2013-02-16 22:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-02 17:52 - 2013-02-16 22:21 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-02 17:51 - 2013-12-02 17:51 - 00000000 ____D C:\Windows\LastGood
2013-12-02 17:51 - 2013-12-01 17:12 - 00001606 _____ C:\Windows\setupact.log
2013-12-02 17:51 - 2013-02-16 22:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-02 17:51 - 2013-02-16 22:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-02 16:45 - 2013-12-02 16:45 - 00001482 _____ C:\Users\dr-jane\AppData\Local\recently-used.xbel
2013-12-02 16:45 - 2013-06-18 17:04 - 00000000 ____D C:\Users\dr-jane\.gimp-2.8
2013-12-02 16:42 - 2013-12-02 16:29 - 00000000 ____D C:\Users\dr-jane\AppData\Local\LogMeIn Rescue Applet
2013-12-02 16:42 - 2013-11-21 15:09 - 00000000 ___RD C:\Users\dr-jane\Desktop\Security
2013-12-02 16:40 - 2013-12-02 16:40 - 01959070 _____ (Farbar) C:\Users\dr-jane\Desktop\frst64.exe
2013-12-02 16:36 - 2013-02-17 00:04 - 00000000 ____D C:\Users\dr-jane\Documents\Symantec
2013-12-02 16:33 - 2013-11-21 15:09 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2013-12-02 16:33 - 2013-02-16 23:34 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 16:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 16:12 - 2013-12-02 16:12 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2013-12-02 16:09 - 2013-12-02 16:09 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-12-02 16:09 - 2013-12-02 16:09 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-12-02 16:09 - 2013-12-02 16:09 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-02 16:09 - 2013-12-02 16:09 - 00002391 _____ C:\Users\Public\Desktop\Norton 360.lnk
2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-12-02 16:09 - 2013-12-02 16:09 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-12-02 16:09 - 2013-12-01 17:00 - 00000000 ____D C:\ProgramData\Norton
2013-12-02 16:08 - 2013-12-01 18:00 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-02 16:08 - 2013-12-01 17:12 - 02184284 _____ C:\Windows\PFRO.log
2013-12-02 16:02 - 2013-09-16 14:23 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1309304-91E3-4870-B2E5-39AFB00E9104}
2013-12-01 19:06 - 2013-10-27 15:46 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\vlc
2013-12-01 18:22 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Media
2013-12-01 18:01 - 2013-11-30 23:08 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-01 17:43 - 2013-02-17 00:00 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-12-01 17:30 - 2013-02-17 00:00 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-12-01 17:12 - 2013-12-01 17:12 - 00000000 _____ C:\Windows\setuperr.log
2013-12-01 17:03 - 2013-02-16 22:32 - 00000000 ____D C:\Users\dr-jane\Downloads\Treiber
2013-12-01 16:58 - 2013-12-01 16:58 - 00003608 _____ C:\Users\dr-jane\Documents\cc_20131201_165827.reg
2013-12-01 16:53 - 2013-12-01 16:53 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-01 16:53 - 2013-11-30 22:04 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Nico Mak Computing
2013-12-01 16:21 - 2013-02-28 22:23 - 00000000 ____D C:\Users\dr-jane\AppData\Local\CrashDumps
2013-12-01 16:21 - 2013-02-16 23:11 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\DAEMON Tools Lite
2013-12-01 16:21 - 2013-02-16 21:42 - 00000000 ____D C:\Windows\Panther
2013-12-01 16:20 - 2013-12-01 16:20 - 00005584 _____ C:\Users\dr-jane\Documents\cc_20131201_162049.reg
2013-12-01 16:19 - 2013-12-01 16:19 - 00055218 _____ C:\Users\dr-jane\Documents\cc_20131201_161915.reg
2013-12-01 15:36 - 2013-12-01 12:59 - 00000000 ____D C:\avast! sandbox
2013-12-01 13:59 - 2013-12-01 13:59 - 00000000 ____D C:\ProgramData\PCSettings
2013-12-01 12:52 - 2013-12-01 12:52 - 00447888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2013-12-01 12:51 - 2013-06-18 16:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-01 12:51 - 2013-02-17 16:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-01 12:51 - 2013-02-17 16:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-01 12:31 - 2013-12-01 12:31 - 00000000 ____D C:\Program Files\Western Digital
2013-12-01 12:31 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-12-01 12:31 - 2013-11-21 15:08 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-12-01 12:31 - 2013-11-21 15:07 - 00000000 ____D C:\ProgramData\Western Digital
2013-12-01 12:29 - 2013-12-01 12:29 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-01 12:16 - 2013-12-01 12:16 - 00000950 _____ C:\Users\dr-jane\Desktop\JRT.txt
2013-12-01 12:07 - 2013-12-01 12:07 - 00000000 ____D C:\Windows\ERUNT
2013-12-01 12:05 - 2013-12-01 12:05 - 01034531 _____ (Thisisu) C:\Users\dr-jane\Desktop\JRT.exe
2013-12-01 12:02 - 2013-12-01 12:02 - 00002114 _____ C:\Users\dr-jane\Desktop\AdwCleaner[S0].txt
2013-12-01 11:58 - 2013-11-30 21:59 - 00000000 ____D C:\AdwCleaner
2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Malwarebytes
2013-12-01 11:41 - 2013-12-01 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 11:40 - 2013-12-01 11:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\dr-jane\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-01 00:29 - 2013-11-30 22:23 - 00005709 _____ C:\Users\dr-jane\Documents\log.xml
2013-11-30 23:59 - 2013-11-30 23:59 - 00016546 _____ C:\Users\dr-jane\Desktop\Logs.rar
2013-11-30 23:23 - 2013-11-30 23:23 - 00000212 _____ C:\Users\dr-jane\Documents\avast.txt
2013-11-30 23:09 - 2013-11-30 23:09 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\AVAST Software
2013-11-30 22:54 - 2013-11-30 22:54 - 00377856 _____ C:\Users\dr-jane\Desktop\gmer_2.1.19163.exe
2013-11-30 22:48 - 2013-11-30 22:32 - 00042732 _____ C:\Users\dr-jane\Documents\FRST.txt
2013-11-30 22:33 - 2013-11-30 22:33 - 00020388 _____ C:\Users\dr-jane\Documents\Addition.txt
2013-11-30 22:30 - 2013-11-30 22:30 - 00000000 ____D C:\FRST
2013-11-30 22:27 - 2013-11-30 22:27 - 00000168 _____ C:\Users\dr-jane\defogger_reenable
2013-11-30 22:27 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane
2013-11-30 22:26 - 2013-11-30 22:26 - 00050477 _____ C:\Users\dr-jane\Desktop\Defogger.exe
2013-11-30 22:03 - 2013-11-30 22:03 - 00020881 _____ C:\Users\dr-jane\Documents\AdwCleaner[R0].txt
2013-11-29 17:56 - 2013-10-29 20:25 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-29 17:56 - 2013-10-29 20:25 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-21 20:28 - 2013-11-21 20:28 - 00000020 ___SH C:\Users\Mcx1-BOBBY\ntuser.ini
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Vorlagen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Startmenü
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Netzwerkumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Lokale Einstellungen
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Eigene Dateien
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Druckumgebung
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Musik
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Documents\Eigene Bilder
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Verlauf
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\AppData\Local\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 _SHDL C:\Users\Mcx1-BOBBY\Anwendungsdaten
2013-11-21 20:28 - 2013-11-21 20:28 - 00000000 ____D C:\Users\Mcx1-BOBBY
2013-11-21 20:28 - 2013-11-21 19:20 - 00000410 __RSH C:\ProgramData\ntuser.pol
2013-11-21 19:54 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-21 19:20 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-21 19:17 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-21 16:18 - 2013-11-21 16:18 - 00000000 ____D C:\Users\dr-jane\Documents\Freemake
2013-11-21 16:16 - 2013-11-21 16:16 - 00000000 ____D C:\Users\dr-jane\Documents\Kindle
2013-11-21 15:11 - 2013-11-21 15:11 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western_Digital_Technolog
2013-11-21 15:10 - 2013-11-21 15:10 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Western Digital
2013-11-21 15:09 - 2013-11-21 15:09 - 00000000 ____D C:\Users\dr-jane\Desktop\Games
2013-11-21 11:21 - 2013-02-16 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 22:55 - 2013-11-18 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 01:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-15 16:47 - 2013-07-24 15:49 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Adobe
2013-11-13 16:27 - 2013-06-24 16:21 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-11-13 16:20 - 2013-08-15 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 16:19 - 2013-02-21 17:12 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 16:17 - 2013-11-13 16:15 - 00000302 _____ C:\Windows\SIERRA.INI
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\SIERRA
2013-11-13 16:15 - 2013-11-13 16:15 - 00000000 ____D C:\Program Files (x86)\Sierra On-Line
2013-11-13 13:20 - 2013-11-13 13:15 - 00000000 ____D C:\ProgramData\Adobe
2013-11-13 13:18 - 2013-02-17 01:19 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Adobe
2013-11-13 13:15 - 2013-11-13 13:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-09 15:44 - 2013-02-16 21:52 - 00000000 ____D C:\Users\dr-jane\AppData\Local\VirtualStore
2013-11-09 15:39 - 2013-11-09 15:39 - 00000000 _____ C:\Windows\PowerReg.dat
2013-11-09 15:38 - 2013-11-09 15:38 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive
2013-11-09 15:38 - 2013-02-16 21:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-08 21:51 - 2013-02-16 23:26 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Mozilla
2013-11-08 17:04 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Roaming\Apple Computer
2013-11-08 17:02 - 2013-02-16 23:54 - 00000000 ____D C:\Users\dr-jane\AppData\Local\Apple Computer
2013-11-07 20:31 - 2013-02-16 23:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 20:30 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 20:29 - 2013-11-07 20:29 - 00000000 ____D C:\Program Files\iPod

Some content of TEMP:
====================
C:\Users\dr-jane\AppData\Local\Temp\Quarantine.exe
C:\Users\dr-jane\AppData\Local\Temp\vlc-2.1.1-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 20:10

==================== End Of Log ============================
         
--- --- ---

--- --- ---



So, es gibt eigentlich kein Problem mehr Dafür herzlichsten Dank!!!

Kann ich beim Defrogger jetzt eigentlich wieder auf Enable klicken? Kann man anhand der Logfiles irgendetwas über den restlichen Sicherheitszustandes meines PCs sagen, gibt es etwas das ich verbessern kann?

Ansonsten bin ich wunschlos glücklich! Danke!


Ich hoffe es passt auch von Seiten der Logfiles alles!


Alt 03.12.2013, 11:29   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Daily Deal Werbung im Browser (FireFox) - Standard

Windows 7: Daily Deal Werbung im Browser (FireFox)



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
--> Windows 7: Daily Deal Werbung im Browser (FireFox)

Alt 04.12.2013, 13:22   #7
dr-jane
 
Windows 7: Daily Deal Werbung im Browser (FireFox) - Standard

Windows 7: Daily Deal Werbung im Browser (FireFox)



Vielen herzlichen Dank!

Ich werde deine Ratschläge berücksichtigen und hoffe, dass ich auch in Zukunft von gefährlicher Software verschont bleibe

Du kannst den Thread aus den Abos löschen. Mein einziges Problem ist dzt. nur, dass Secunia ewig im Ladebildschirm verweilt und nicht weiter macht. Ansonsten ist alles erledigt.

Danke, danke, danke!

Alt 05.12.2013, 08:36   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Daily Deal Werbung im Browser (FireFox) - Standard

Windows 7: Daily Deal Werbung im Browser (FireFox)



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Daily Deal Werbung im Browser (FireFox)
antivir, appdatalow, avira, bonjour, error, failed, flash player, logfile, mozilla, preferences, pup.optional.conduit.a, pup.optional.crossrider, pup.optional.crossrider.a, pup.optional.objectbrowser.a, pup.optional.opencandy, regclean, registrierungsdatenbank, registry, software, super, svchost.exe, werbung, windows, winzip malware protector



Ähnliche Themen: Windows 7: Daily Deal Werbung im Browser (FireFox)


  1. Windows 7 Firefox & Chrome Browser permanent Werbung, Links nicht anklickbar....
    Plagegeister aller Art und deren Bekämpfung - 09.09.2015 (3)
  2. Windows 7 (64 Bit), Werbung im Browser
    Log-Analyse und Auswertung - 21.02.2015 (16)
  3. Windows 7: Browser voller Werbung/ Links werden zu Werbung weitergeleitet
    Log-Analyse und Auswertung - 17.12.2014 (31)
  4. Rechner vollig langsam ,Browser Firefox öffnet ständig Werbung
    Plagegeister aller Art und deren Bekämpfung - 30.10.2014 (11)
  5. Unerwünschte Werbung mit neuen Tab im browser (Firefox und explorer)
    Log-Analyse und Auswertung - 03.10.2014 (11)
  6. Lästige Werbung im Browser nach Update von Firefox
    Plagegeister aller Art und deren Bekämpfung - 19.04.2014 (15)
  7. Windows XP: Browser verursacht Werbung
    Log-Analyse und Auswertung - 05.04.2014 (77)
  8. Windows7: Browser Firefox öffnet selbsttätig Werbetabs, leitet Links um auf Werbung
    Log-Analyse und Auswertung - 06.03.2014 (32)
  9. Deal Finder Firefox stört beim surfen wie löschen?
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (17)
  10. Im Firefox unter Windows 7, 64bit bekomme ich plötzlich Werbung im Browser (Links und rechts flackernde Anzeigen, pp. und Popups.
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (51)
  11. Problem mit Firefox - Deal Finder & rot unterstrichene Wörter
    Plagegeister aller Art und deren Bekämpfung - 01.11.2013 (9)
  12. 2x | WIN 8! Problem mit falscher FLashplayer-Aktualisierung, Werbung/Deal-Fenster
    Mülltonne - 22.10.2013 (1)
  13. Windows 7: Im Firefox Browser mit Werbung überschüttet
    Log-Analyse und Auswertung - 22.10.2013 (15)
  14. superfish Deal Finder Malware im Firefox Broser
    Log-Analyse und Auswertung - 20.09.2012 (1)
  15. Windows Daily Adviser entfernen
    Anleitungen, FAQs & Links - 01.05.2012 (2)
  16. Werbung im Firefox Browser
    Log-Analyse und Auswertung - 16.03.2009 (2)
  17. FireFox Öffnet neuen browser mit werbung
    Mülltonne - 07.10.2008 (0)

Zum Thema Windows 7: Daily Deal Werbung im Browser (FireFox) - EDIT: An alles habe ich gedacht und dann kann ich mir nichtmal den Namen der Werbung merken. Ich meinte natürlich den Deal Finder, nicht Daily Deal! Liebe Leute, gleich vorweg, - Windows 7: Daily Deal Werbung im Browser (FireFox)...
Archiv
Du betrachtest: Windows 7: Daily Deal Werbung im Browser (FireFox) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.