Im Firefox ständig Werbemeldungen oder Hinweise zu Performance oder Spyware

Nerv · 28.12.2013, 21:22

Hallo,
ähnlich, wie im Beitrag "Windows 7, blinkende Werbung z.B. Windows Fehler, Spyware oder Pornoseiten Windows 7, blinkende Werbung z.B. Windows Fehler, Spyware oder Pornoseiten
" von Loriniel habe ich unter Windows 8 und nur im Firefox ständig igendwelche Seiten mit Hinweisen usw.
Telweise erscheint ein Flugsimulator, dann auch mal der Hinweis, dass mein System inperformant ist und heute kam: "In ihrem System wurde Spyware entdeckt. Die Spyware ist die Ursache dafür, dass ihr Computer langsam läuft" und dann ein Button mit "Spyware entfernen".
Den Firefox habe ich bereits einmal deinstalliert und erneut installiert, Avira und McAffee AnitiVirus Plus haben nichts gefunden.
Leider habe ich einen Fehler beim Aufruf des FRST gemacht und musste diesen erneut starten,
die Additions.txt wurde danach nicht mehr erstellt. Diese hatte ich zuvor aber gelöscht :-(
Hier meine Log Files:

Vielen Dank im Voraus

schrauber · 29.12.2013, 10:38

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Nerv · 30.12.2013, 12:55

Hallo Schrauber,
Sorry, habe ich übersehen.
Hier das Logfile zum Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:56 on 28/12/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Nun das zum FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2013 01
Ran by ***** (administrator) on *****-PC on 28-12-2013 16:03:07
Running from C:\Users\*****\Downloads\Nerv
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Atheros) C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2013-01-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2013-01-11] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258592 2012-11-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [SSync] - C:\Users\*****\AppData\Roaming\SSync\SSync.exe [36864 2013-04-09] ()
HKCU\...\Run: [DataMgr] - C:\Users\*****\AppData\Roaming\DataMgr\DataMgr.exe [168824 2013-10-09] (HTTO Group, Ltd.)
HKCU\...\Run: [SCheck] - C:\Users\*****\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKCU\...\Run: [Snoozer] - C:\Users\*****\AppData\Roaming\Snz\Snz.exe [1209624 2013-12-24] ()
HKCU\...\Run: [Intermediate] - C:\Users\*****\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-09] ()
HKCU\...\Run: [OMESupervisor] - C:\Users\*****\AppData\Local\omesuperv.exe [2239256 2013-12-24] ()
MountPoints2: {de045346-5be5-11e2-9148-806e6f6e6963} - "E:\zdata\cobi.exe" 
HKU\HE.*****-PC\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1972917508&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1972917508&q={searchTerms}
SearchScopes: HKLM-x32 - {081230F8-EA50-42A9-983C-D22ABC2EED3B} URL = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms}
SearchScopes: HKCU - DefaultScope {19B94843-D3F4-4B04-B5A0-F864EC83FB03} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE550&p={SearchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=1972917508&q={searchTerms}
SearchScopes: HKCU - {081230F8-EA50-42A9-983C-D22ABC2EED3B} URL = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms}
SearchScopes: HKCU - {19B94843-D3F4-4B04-B5A0-F864EC83FB03} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE550&p={SearchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll (Google Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default
FF DefaultSearchEngine: Sichere Suche
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: hxxp://wisersearch.com/?channel=de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A111DE550&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\*****\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (Bebo Media Ltd)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default\searchplugins\ChatZumSearch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FRITZ!Box AddOn - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default\Extensions\fb_add_on@avm.de
FF Extension: OfferMosquito - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default\Extensions\om@offermosquito.com.xpi
FF Extension: QuickStores-Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome: 
=======
CHR HomePage: hxxp://wisersearch.com/?channel=de
CHR RestoreOnStartup: "hxxp://wisersearch.com/?channel=de"
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: hxxp://de.search.yahoo.com/search?fr=mcafee&type=A211DE550&p={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SiteAdvisor) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_0
CHR Extension: (OfferMosquito) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\1.2_0
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Simple New Tab) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe [81536 2012-08-24] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-21] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 idsvc; 
U3 kwtdypog; \??\C:\Users\*****\AppData\Local\Temp\kwtdypog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-28 15:55 - 2013-12-28 15:55 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-12-28 15:46 - 2013-12-28 15:46 - 00006854 _____ C:\Users\*****\Desktop\gmer1.txt
2013-12-28 15:25 - 2013-12-28 15:25 - 00010884 _____ C:\Users\*****\Desktop\gmer.txt
2013-12-28 15:01 - 2013-12-28 15:01 - 00000000 ____D C:\FRST
2013-12-28 14:54 - 2013-12-28 14:54 - 01272360 _____ (iMesh Inc) C:\Users\*****\Downloads\iMeshSetup-r1487-w-bc.exe
2013-12-28 14:51 - 2013-12-28 16:03 - 00000000 ____D C:\Users\*****\Downloads\Nerv
2013-12-28 13:31 - 2013-12-28 13:31 - 00003116 _____ C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2013-12-28 13:30 - 2013-12-28 13:30 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\*****\Downloads\wzmp_8.exe
2013-12-28 13:30 - 2013-12-28 13:30 - 00001211 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Users\*****\AppData\Roaming\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2013-12-28 13:30 - 2013-03-15 17:10 - 00020480 _____ C:\WINDOWS\system32\wsusnative64.exe
2013-12-28 10:49 - 2013-12-28 10:49 - 00001169 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-28 10:46 - 2013-12-28 10:46 - 00283096 _____ (Mozilla) C:\Users\*****\Downloads\Firefox Setup Stub 26.0.exe
2013-12-28 10:45 - 2013-12-28 10:45 - 00755792 _____ C:\Users\*****\Downloads\Firefox_Setup.exe
2013-12-28 10:45 - 2013-12-28 10:45 - 00001169 _____ C:\Users\*****\Desktop\Continue Firefox Installation.lnk
2013-12-28 10:44 - 2013-12-28 10:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\Snz
2013-12-28 10:44 - 2013-12-28 10:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\SCheck
2013-12-24 19:51 - 2013-12-24 19:51 - 02239256 _____ C:\Users\*****\AppData\Local\omesuperv.exe
2013-12-18 21:04 - 2013-12-25 16:30 - 00002403 _____ C:\WINDOWS\setupact.log
2013-12-18 21:04 - 2013-12-18 21:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-14 20:36 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-14 20:36 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-14 20:36 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-14 20:36 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-14 20:36 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-14 20:36 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-14 20:36 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-14 20:36 - 2013-11-08 06:23 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-12-14 20:36 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-14 20:36 - 2013-11-08 05:42 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2013-12-14 20:36 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-14 20:36 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-14 20:36 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-14 20:36 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-14 20:36 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-14 20:36 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-14 20:36 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-14 20:36 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-14 20:36 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-14 20:36 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-14 20:36 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-14 20:36 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-14 20:36 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-14 20:36 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-14 20:36 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-14 20:36 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-14 20:36 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-14 20:36 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-14 20:36 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-14 20:36 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-14 20:36 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-14 20:36 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-14 20:36 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-14 20:36 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-14 20:36 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-14 20:36 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-14 20:36 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-14 20:36 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-14 20:36 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-14 20:36 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-14 20:36 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-14 20:36 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-14 20:36 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-14 20:36 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-14 20:35 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 20:35 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 20:35 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-14 20:35 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-14 20:35 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-12 12:01 - 2013-12-12 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 11:52 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-11 11:52 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-11 11:52 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-11 11:52 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-11 11:52 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-11 11:52 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-11 11:52 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-11 11:35 - 2013-12-28 11:38 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-11 09:59 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-11 09:59 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-11 09:59 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-11 09:59 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-11 09:59 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-11 09:59 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-11 09:59 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-11 09:59 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-11 09:59 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-11 09:59 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-11 09:59 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-11 09:59 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-11 09:59 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-11 09:59 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-11 09:59 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-11 09:59 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-11 09:59 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-11 09:59 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-11 09:59 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-11 09:59 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-11 09:59 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-11 09:58 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-11 09:56 - 2013-12-11 10:07 - 00000000 ____D C:\Users\*****\Downloads\stinger
2013-12-11 09:53 - 2013-12-11 09:54 - 00000112 ___RH C:\Users\*****\Downloads\Stinger.opt
2013-12-11 09:53 - 2013-12-11 09:54 - 00000000 ____D C:\Program Files (x86)\stinger
2013-12-11 09:53 - 2013-12-11 09:53 - 10237984 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32_6.1.0.690.exe
2013-12-10 10:43 - 2013-12-28 10:47 - 00001866 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-12-10 10:42 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2013-12-10 10:41 - 2013-12-10 10:41 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-12-10 10:40 - 2013-12-18 20:41 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-10 10:40 - 2013-12-10 10:42 - 00000000 ____D C:\Program Files\McAfee
2013-12-10 10:40 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files\McAfee.com
2013-12-10 10:21 - 2013-12-11 14:51 - 00000000 ____D C:\Program Files\stinger
2013-12-10 10:20 - 2013-12-11 09:55 - 00000000 ____D C:\ProgramData\McAfee
2013-12-10 10:20 - 2013-12-10 10:42 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-10 10:20 - 2013-11-04 16:46 - 00182752 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2013-12-10 10:19 - 2013-12-10 10:19 - 05132336 _____ (McAfee, Inc.) C:\Users\*****\Downloads\McAfeeSetup.exe
2013-12-09 21:49 - 2013-12-18 20:39 - 00005822 _____ C:\WINDOWS\PFRO.log
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 21:29 - 2013-12-09 21:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-09 21:29 - 2013-12-09 21:29 - 00000000 ____D C:\Users\*****\Downloads\ComputerBild
2013-12-08 13:22 - 2013-12-08 13:25 - 00000000 ____D C:\Users\HE.*****-PC\eBooks neu
2013-12-08 12:49 - 2013-12-08 13:25 - 00000000 ____D C:\Users\HE.*****-PC\EBooks
2013-12-07 08:29 - 2013-12-07 08:29 - 00000000 ____D C:\Users\Gast\AppData\Local\Macromedia
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-12-07 08:22 - 2013-12-07 08:22 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-12-07 08:21 - 2013-12-07 08:21 - 00001456 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2013-12-07 08:20 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast
2013-12-07 08:20 - 2013-12-07 08:20 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-12-07 08:20 - 2013-11-21 18:10 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-07 08:20 - 2013-11-21 18:10 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-12-07 08:20 - 2013-11-21 18:10 - 00000000 ____D C:\Users\Gast\AppData\Local\Microsoft Help
2013-12-07 08:20 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-07 08:20 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-07 08:20 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-28 10:43 - 2013-11-28 10:43 - 00000000 ____D C:\WINDOWS\PCHEALTH
2013-11-28 10:13 - 2013-11-28 10:13 - 00000000 ___RD C:\WINDOWS\BrowserChoice

==================== One Month Modified Files and Folders =======

2013-12-28 16:03 - 2013-12-28 14:51 - 00000000 ____D C:\Users\*****\Downloads\Nerv
2013-12-28 16:02 - 2013-01-11 15:55 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-28 16:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-28 15:55 - 2013-12-28 15:55 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-12-28 15:55 - 2013-11-21 18:02 - 00000000 ____D C:\Users\*****
2013-12-28 15:46 - 2013-12-28 15:46 - 00006854 _____ C:\Users\*****\Desktop\gmer1.txt
2013-12-28 15:38 - 2013-01-11 13:57 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4179510247-2226308497-1868162751-1000
2013-12-28 15:37 - 2013-01-11 15:49 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-28 15:25 - 2013-12-28 15:25 - 00010884 _____ C:\Users\*****\Desktop\gmer.txt
2013-12-28 15:01 - 2013-12-28 15:01 - 00000000 ____D C:\FRST
2013-12-28 14:54 - 2013-12-28 14:54 - 01272360 _____ (iMesh Inc) C:\Users\*****\Downloads\iMeshSetup-r1487-w-bc.exe
2013-12-28 14:11 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-28 14:11 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-28 14:11 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-28 13:31 - 2013-12-28 13:31 - 00003116 _____ C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2013-12-28 13:30 - 2013-12-28 13:30 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\*****\Downloads\wzmp_8.exe
2013-12-28 13:30 - 2013-12-28 13:30 - 00001211 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Users\*****\AppData\Roaming\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2013-12-28 12:59 - 2013-11-21 18:24 - 01422820 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-28 12:58 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-28 11:38 - 2013-12-11 11:35 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-28 11:38 - 2013-01-11 15:49 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-28 10:49 - 2013-12-28 10:49 - 00001169 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-28 10:49 - 2013-11-18 19:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 10:48 - 2013-01-11 15:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 10:47 - 2013-12-10 10:43 - 00001866 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-12-28 10:46 - 2013-12-28 10:46 - 00283096 _____ (Mozilla) C:\Users\*****\Downloads\Firefox Setup Stub 26.0.exe
2013-12-28 10:45 - 2013-12-28 10:45 - 00755792 _____ C:\Users\*****\Downloads\Firefox_Setup.exe
2013-12-28 10:45 - 2013-12-28 10:45 - 00001169 _____ C:\Users\*****\Desktop\Continue Firefox Installation.lnk
2013-12-28 10:44 - 2013-12-28 10:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\Snz
2013-12-28 10:44 - 2013-12-28 10:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\SCheck
2013-12-28 10:44 - 2013-10-21 14:22 - 00000000 ____D C:\Users\*****\AppData\Roaming\Intermediate
2013-12-28 10:44 - 2013-10-21 14:22 - 00000000 ____D C:\Users\*****\AppData\Local\ext_offermosquito
2013-12-28 10:43 - 2013-11-21 18:58 - 00000000 __RDO C:\Users\*****\SkyDrive
2013-12-28 10:30 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-26 20:05 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-12-25 17:07 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-25 16:30 - 2013-12-18 21:04 - 00002403 _____ C:\WINDOWS\setupact.log
2013-12-24 19:51 - 2013-12-24 19:51 - 02239256 _____ C:\Users\*****\AppData\Local\omesuperv.exe
2013-12-18 22:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-18 21:04 - 2013-12-18 21:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-18 20:41 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-18 20:39 - 2013-12-09 21:49 - 00005822 _____ C:\WINDOWS\PFRO.log
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-18 20:37 - 2013-08-18 19:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-18 20:35 - 2013-01-11 15:52 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-18 12:48 - 2013-03-15 15:08 - 00000000 ____D C:\Users\*****\Documents\Outlook-Dateien
2013-12-18 12:47 - 2013-09-18 16:13 - 00000000 ____D C:\Users\*****\AppData\Local\5FC6D25F-9263-4513-B851-6C78564AF3B1.aplzod
2013-12-12 15:50 - 2013-12-12 12:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 11:54 - 2013-01-20 15:05 - 00000000 ____D C:\Users\*****\AppData\Local\Apple
2013-12-12 11:39 - 2013-03-15 14:37 - 00000000 ____D C:\Users\*****\AppData\Roaming\Dropbox
2013-12-12 09:53 - 2013-03-15 14:40 - 00000000 ___RD C:\Users\*****\Dropbox
2013-12-12 09:33 - 2013-08-22 15:44 - 00477448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-11 14:54 - 2013-01-11 16:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 14:51 - 2013-12-10 10:21 - 00000000 ____D C:\Program Files\stinger
2013-12-11 11:35 - 2013-01-11 15:49 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2013-12-11 11:35 - 2013-01-11 15:48 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 10:07 - 2013-12-11 09:56 - 00000000 ____D C:\Users\*****\Downloads\stinger
2013-12-11 10:02 - 2013-01-11 15:55 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-11 09:55 - 2013-12-10 10:20 - 00000000 ____D C:\ProgramData\McAfee
2013-12-11 09:54 - 2013-12-11 09:53 - 00000112 ___RH C:\Users\*****\Downloads\Stinger.opt
2013-12-11 09:54 - 2013-12-11 09:53 - 00000000 ____D C:\Program Files (x86)\stinger
2013-12-11 09:53 - 2013-12-11 09:53 - 10237984 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32_6.1.0.690.exe
2013-12-10 11:32 - 2013-01-11 15:49 - 00004094 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-10 11:32 - 2013-01-11 15:49 - 00003858 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-10 10:42 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files\McAfee
2013-12-10 10:42 - 2013-12-10 10:20 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-10 10:41 - 2013-12-10 10:41 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-12-10 10:41 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-12-10 10:40 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files\McAfee.com
2013-12-10 10:19 - 2013-12-10 10:19 - 05132336 _____ (McAfee, Inc.) C:\Users\*****\Downloads\McAfeeSetup.exe
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 21:29 - 2013-12-09 21:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-09 21:29 - 2013-12-09 21:29 - 00000000 ____D C:\Users\*****\Downloads\ComputerBild
2013-12-09 20:33 - 2013-11-21 17:52 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-09 20:31 - 2013-02-05 20:20 - 00000000 ____D C:\Users\*****\Sicherung Registry ccleaner
2013-12-08 13:25 - 2013-12-08 13:22 - 00000000 ____D C:\Users\HE.*****-PC\eBooks neu
2013-12-08 13:25 - 2013-12-08 12:49 - 00000000 ____D C:\Users\HE.*****-PC\EBooks
2013-12-08 13:22 - 2013-11-21 18:02 - 00000000 ____D C:\Users\HE.*****-PC
2013-12-08 13:04 - 2013-10-29 21:53 - 00000000 ____D C:\WINDOWS\tmp
2013-12-08 13:03 - 2013-10-29 21:53 - 00001021 _____ C:\Users\Public\Desktop\Kobo.lnk
2013-12-08 13:02 - 2013-10-29 21:52 - 00000000 ____D C:\Program Files (x86)\Kobo
2013-12-07 08:29 - 2013-12-07 08:29 - 00000000 ____D C:\Users\Gast\AppData\Local\Macromedia
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-12-07 08:22 - 2013-12-07 08:22 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-12-07 08:21 - 2013-12-07 08:21 - 00001456 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2013-12-07 08:21 - 2013-12-07 08:20 - 00000000 ____D C:\Users\Gast
2013-12-07 08:20 - 2013-12-07 08:20 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-02 10:14 - 2013-01-11 17:31 - 00003546 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2013-11-28 10:55 - 2013-01-11 13:51 - 00000000 ____D C:\Users\*****\AppData\Local\Packages
2013-11-28 10:55 - 2009-07-14 03:34 - 00000478 _____ C:\WINDOWS\win.ini
2013-11-28 10:43 - 2013-11-28 10:43 - 00000000 ____D C:\WINDOWS\PCHEALTH
2013-11-28 10:13 - 2013-11-28 10:13 - 00000000 ___RD C:\WINDOWS\BrowserChoice

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-28 13:16

==================== End Of Log ============================

--- --- ---

und das GMER.txt

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-28 16:50:04
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002e WDC_WD5000BEVT-00A0RT0 rev.01.01A01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\*****\AppData\Local\Temp\kwtdypog.sys


---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\System32\spoolsv.exe[1392] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                        00007ffe6778169a 4 bytes [78, 67, FE, 7F]
.text   C:\WINDOWS\System32\spoolsv.exe[1392] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                        00007ffe677816a2 4 bytes [78, 67, FE, 7F]
.text   C:\WINDOWS\System32\spoolsv.exe[1392] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                           00007ffe6778181a 4 bytes [78, 67, FE, 7F]
.text   C:\WINDOWS\System32\spoolsv.exe[1392] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                           00007ffe67781832 4 bytes [78, 67, FE, 7F]
.text   C:\WINDOWS\system32\mfevtps.exe[1848] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                                        00007ffe6778169a 4 bytes [78, 67, FE, 7F]
.text   C:\WINDOWS\system32\mfevtps.exe[1848] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                                        00007ffe677816a2 4 bytes [78, 67, FE, 7F]
.text   C:\WINDOWS\system32\mfevtps.exe[1848] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                           00007ffe6778181a 4 bytes [78, 67, FE, 7F]
.text   C:\WINDOWS\system32\mfevtps.exe[1848] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                           00007ffe67781832 4 bytes [78, 67, FE, 7F]
.text   C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                        00007ffe6778169a 4 bytes [78, 67, FE, 7F]
.text   C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                        00007ffe677816a2 4 bytes [78, 67, FE, 7F]
.text   C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                           00007ffe6778181a 4 bytes [78, 67, FE, 7F]
.text   C:\WINDOWS\system32\svchost.exe[1292] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                           00007ffe67781832 4 bytes [78, 67, FE, 7F]
.text   C:\Windows\System32\igfxpers.exe[3920] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                       00007ffe6778169a 4 bytes [78, 67, FE, 7F]
.text   C:\Windows\System32\igfxpers.exe[3920] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                       00007ffe677816a2 4 bytes [78, 67, FE, 7F]
.text   C:\Windows\System32\igfxpers.exe[3920] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                          00007ffe6778181a 4 bytes [78, 67, FE, 7F]
.text   C:\Windows\System32\igfxpers.exe[3920] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                          00007ffe67781832 4 bytes [78, 67, FE, 7F]
.text   C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506              00007ffe6778169a 4 bytes [78, 67, FE, 7F]
.text   C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514              00007ffe677816a2 4 bytes [78, 67, FE, 7F]
.text   C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                 00007ffe6778181a 4 bytes [78, 67, FE, 7F]
.text   C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[3120] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                 00007ffe67781832 4 bytes [78, 67, FE, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [672:692]                                                                                             fffff9600093f4d0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime                                                                   0x5A 0xC3 0xFB 0x6E ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime                                                               0xDA 0x73 0x84 0xF5 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime                                                                      0xA7 0x4B 0x05 0x6F ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime                                                                  0xF9 0x95 0xF8 0x7F ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE                                                               16
Reg     HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AUO45EC1_01_07DA_47^7F1EDA572E71CAA9088BEB0BD302DAD1@Timestamp  0x74 0x18 0xB9 0x1B ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                    800
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                   -1283862753
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                    f1b9efd0-e9c6-43d9-9a63-e9e88b4
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId                                                                2
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName                                                                         \BaseNamedObjects\WDI_{709fcc30-5190-48a3-bf43-231187099517}
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTATH_A2DP\Parameters@SrcHandle-Low                                                          29626272
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTATH_A2DP\Parameters@SnkHandle-Low                                                          29622752
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTATH_RCP\Parameters@Tg-Low                                                                  29616752
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e006e6178f58                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e006e6178f58@a806006f3cbc                                            0x7D 0x91 0x4B 0x63 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext                                        0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@Bluetooth_UniqueID                                   {00000000-0000-0000-0000-000000000000}#A806006F3CBC_00000000
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@ConnectionCount                                      0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\mfencbdc@DefaultTTL                                                                          97715616
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                     ?Sa?, ?Dez ?28 ?13, 03:43:53??????#???????#???????????????#????
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                     1750
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                    172
Reg     HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                              18
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                                  0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                              0x64 0x62 0x03 0x00 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesRemovedChanges                                            70
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count                      53
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Blocked                    27
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count                      53
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter                                  440
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime                            0x73 0xFD 0x37 0x52 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime                       0x73 0xFD 0x37 0x52 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter                                    98
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime                              0x73 0xFD 0x37 0x52 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter                                   449
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime                             0x73 0xFD 0x37 0x52 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest                              0x88 0x33 0x0A 0x05 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations                                               19
Reg     HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime                                           0xB4 0x5F 0xCC 0x9E ...

---- EOF - GMER 2.1 ----

Wie bereits beschrieben, fehlt mit das Additions.txt. Ist hoffentlich kein Problem.
VG

schrauber · 31.12.2013, 08:11

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Nerv · 01.01.2014, 19:53

Hallo,
ein frohes neues Jahr 2014!
Hier erst schon mal die Logdatei von Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.01.03

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
s**** :: s****-PC [Administrator]

01.01.2014 13:00:35
mbam-log-2014-01-01 (13-00-35).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 284362
Laufzeit: 26 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\s****\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (PUP.Optional.OfferMosquito.A) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1} (PUP.Optional.OfferMosquito.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{2C0830EC-8559-5E15-9DC7-5BB830020064} (PUP.Optional.OfferMosquito.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{B83C16AE-3C3D-5362-85D6-D19F9FB51262} (PUP.Optional.OfferMosquito.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1} (PUP.Optional.OfferMosquito.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|OMESupervisor (PUP.Optional.OfferMosquito.A) -> Daten: C:\Users\s****\AppData\Local\omesuperv.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\$Recycle.Bin\S-1-5-21-4179510247-2226308497-1868162751-1000\$RQRV6ES.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\s****\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\s****\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (PUP.Optional.OfferMosquito.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\s****\AppData\Local\omesuperv.exe (PUP.Optional.OfferMosquito.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\s****\Downloads\Firefox_Setup.exe (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\s****\Downloads\iMeshSetup-r1487-w-bc.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

..und nun AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.016 - Bericht erstellt am 01/01/2014 um 14:50:05
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 8.1 Pro  (64 bits)
# Benutzername : s*** - s***-PC
# Gestartet von : C:\Users\s***\Downloads\Nerv\RunAntivir\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files (x86)\FreeRIP3
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar
Ordner Gelöscht : C:\Users\s***\AppData\Local\ext_offermosquito
Ordner Gelöscht : C:\Users\s***\AppData\Local\Systweak
Ordner Gelöscht : C:\Users\s***\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\s***\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\s***\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\s***\AppData\Roaming\QuickStoresToolbar
Ordner Gelöscht : C:\Users\s***\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\s***\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\s***\AppData\Roaming\SSync
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gelöscht : C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Datei Gelöscht : C:\Users\s***\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default\Extensions\om@offermosquito.com.xpi
Datei Gelöscht : C:\Users\s***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\s***\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\s***\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default\searchplugins\search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskBarDis
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16384

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\s***\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://wisersearch.com/search.php?channel=de&q=");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://wisersearch.com/?channel=de");
Zeile gelöscht : user_pref("id_chatzum_softonic.firstlaunch", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.guid", "%7BAAED3762-C560-30C5-4418-ACF63E4C9C17%7D");
Zeile gelöscht : user_pref("id_chatzum_softonic.hiddenvisual", 0);
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar1", "%15%11");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar10", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar2", "%12%1A%14%11%1A%12%14%16%13%1B");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar3", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar4", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar5", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar6", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar7", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar8", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.SVar9", "%13");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var1", "62");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var10", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var2", "1972917508");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var3", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var4", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var5", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var6", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var7", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var8", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic.variables.Var9", "0");
Zeile gelöscht : user_pref("id_chatzum_softonic_installed_version", "1.0.20");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://wisersearch.com/search.php?channel=de&q=");
Zeile gelöscht : user_pref("om.config", "{\"active\":true,\"name\":\"october2013\",\"id\":35,\"dispId\":\"CH-35\",\"aboutLink\":\"\",\"trackingGeneral\":false,\"xhrDomains\":[\"become\",\"shopzilla\",\"twenga\",\"bizr[...]
Zeile gelöscht : user_pref("simplenewtab.url", "hxxp://wisersearch.com/?channel=de_nt");

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\46d0t4sm.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9448 octets] - [01/01/2014 13:59:05]
AdwCleaner[S0].txt - [8857 octets] - [01/01/2014 14:50:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8917 octets] ##########

und das JRT Log:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 8.1 Pro x64
Ran by s**** on 01.01.2014 at 15:05:15,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\s****\AppData\Roaming\mozilla\firefox\profiles\c26y7k8a.default\minidumps [22 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.01.2014 at 15:14:47,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und zum Schluss noch ein frisches FRST Logfile

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by s*** (administrator) on s***-PC on 01-01-2014 15:26:24
Running from C:\Users\s***\Downloads\Nerv
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Atheros) C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\pcaui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2013-01-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2013-01-11] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258592 2012-11-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
MountPoints2: {de045346-5be5-11e2-9148-806e6f6e6963} - "E:\zdata\cobi.exe" 
HKU\h***.s***-PC\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\s***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {19B94843-D3F4-4B04-B5A0-F864EC83FB03} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE550&p={SearchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll (Google Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\s***\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default
FF DefaultSearchEngine: Search
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Search
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\s***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF SearchPlugin: C:\Users\s***\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default\searchplugins\ChatZumSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FRITZ!Box AddOn - C:\Users\s***\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default\Extensions\fb_add_on@avm.de
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome: 
=======
CHR HomePage: hxxp://wisersearch.com/?channel=de
CHR RestoreOnStartup: "hxxp://wisersearch.com/?channel=de", "hxxp://www.google.com"
CHR DefaultSearchKeyword: search
CHR DefaultSearchProvider: Search
CHR DefaultSearchURL: hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SiteAdvisor) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_0
CHR Extension: (Google Wallet) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Simple New Tab) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe [81536 2012-08-24] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-21] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 idsvc; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 15:14 - 2014-01-01 15:14 - 00001064 _____ C:\Users\s***\Desktop\JRT.txt
2014-01-01 15:05 - 2014-01-01 15:05 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-01 13:58 - 2014-01-01 14:50 - 00000000 ____D C:\AdwCleaner
2014-01-01 12:55 - 2014-01-01 12:55 - 00001131 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-01 12:55 - 2014-01-01 12:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-01 12:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-28 16:18 - 2013-12-28 16:18 - 581205596 _____ C:\WINDOWS\MEMORY.DMP
2013-12-28 16:18 - 2013-12-28 16:18 - 00284696 _____ C:\WINDOWS\Minidump\122813-31218-01.dmp
2013-12-28 16:18 - 2013-12-28 16:18 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-28 15:55 - 2013-12-28 15:55 - 00000000 _____ C:\Users\s***\defogger_reenable
2013-12-28 15:46 - 2013-12-28 15:46 - 00006854 _____ C:\Users\s***\Desktop\gmer1.txt
2013-12-28 15:25 - 2013-12-28 15:25 - 00010884 _____ C:\Users\s***\Desktop\gmer.txt
2013-12-28 15:01 - 2014-01-01 15:26 - 00000000 ____D C:\FRST
2013-12-28 14:51 - 2014-01-01 15:26 - 00000000 ____D C:\Users\s***\Downloads\Nerv
2013-12-28 13:31 - 2014-01-01 14:54 - 00003116 _____ C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2013-12-28 13:30 - 2013-12-28 13:30 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\s***\Downloads\wzmp_8.exe
2013-12-28 13:30 - 2013-12-28 13:30 - 00001211 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Users\s***\AppData\Roaming\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2013-12-28 13:30 - 2013-03-15 17:10 - 00020480 _____ C:\WINDOWS\system32\wsusnative64.exe
2013-12-28 10:49 - 2013-12-28 10:49 - 00001169 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-28 10:46 - 2013-12-28 10:46 - 00283096 _____ (Mozilla) C:\Users\s***\Downloads\Firefox Setup Stub 26.0.exe
2013-12-28 10:45 - 2013-12-28 10:45 - 00001169 _____ C:\Users\s***\Desktop\Continue Firefox Installation.lnk
2013-12-18 21:04 - 2013-12-25 16:30 - 00002403 _____ C:\WINDOWS\setupact.log
2013-12-18 21:04 - 2013-12-18 21:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-14 20:36 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-14 20:36 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-14 20:36 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-14 20:36 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-14 20:36 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-14 20:36 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-14 20:36 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-14 20:36 - 2013-11-08 06:23 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-12-14 20:36 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-14 20:36 - 2013-11-08 05:42 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2013-12-14 20:36 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-14 20:36 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-14 20:36 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-14 20:36 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-14 20:36 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-14 20:36 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-14 20:36 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-14 20:36 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-14 20:36 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-14 20:36 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-14 20:36 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-14 20:36 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-14 20:36 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-14 20:36 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-14 20:36 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-14 20:36 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-14 20:36 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-14 20:36 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-14 20:36 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-14 20:36 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-14 20:36 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-14 20:36 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-14 20:36 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-14 20:36 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-14 20:36 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-14 20:36 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-14 20:36 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-14 20:36 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-14 20:36 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-14 20:36 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-14 20:36 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-14 20:36 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-14 20:36 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-14 20:36 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-14 20:35 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 20:35 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 20:35 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-14 20:35 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-14 20:35 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-12 12:01 - 2013-12-12 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 11:52 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-11 11:52 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-11 11:52 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-11 11:52 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-11 11:52 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-11 11:52 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-11 11:52 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-11 11:35 - 2014-01-01 14:54 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-11 09:59 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-11 09:59 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-11 09:59 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-11 09:59 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-11 09:59 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-11 09:59 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-11 09:59 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-11 09:59 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-11 09:59 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-11 09:59 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-11 09:59 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-11 09:59 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-11 09:59 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-11 09:59 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-11 09:59 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-11 09:59 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-11 09:59 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-11 09:59 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-11 09:59 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-11 09:59 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-11 09:59 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-11 09:58 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-11 09:56 - 2013-12-11 10:07 - 00000000 ____D C:\Users\s***\Downloads\stinger
2013-12-11 09:53 - 2013-12-11 09:54 - 00000112 ___RH C:\Users\s***\Downloads\Stinger.opt
2013-12-11 09:53 - 2013-12-11 09:54 - 00000000 ____D C:\Program Files (x86)\stinger
2013-12-11 09:53 - 2013-12-11 09:53 - 10237984 _____ (McAfee Inc) C:\Users\s***\Downloads\stinger32_6.1.0.690.exe
2013-12-10 10:43 - 2014-01-01 14:57 - 00001866 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-12-10 10:42 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2013-12-10 10:41 - 2013-12-10 10:41 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-12-10 10:40 - 2013-12-18 20:41 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-10 10:40 - 2013-12-10 10:42 - 00000000 ____D C:\Program Files\McAfee
2013-12-10 10:40 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files\McAfee.com
2013-12-10 10:21 - 2013-12-11 14:51 - 00000000 ____D C:\Program Files\stinger
2013-12-10 10:20 - 2013-12-11 09:55 - 00000000 ____D C:\ProgramData\McAfee
2013-12-10 10:20 - 2013-12-10 10:42 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-10 10:20 - 2013-11-04 16:46 - 00182752 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2013-12-10 10:19 - 2013-12-10 10:19 - 05132336 _____ (McAfee, Inc.) C:\Users\s***\Downloads\McAfeeSetup.exe
2013-12-09 21:49 - 2014-01-01 14:51 - 00008138 _____ C:\WINDOWS\PFRO.log
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\Users\s***\AppData\Roaming\Malwarebytes
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 21:29 - 2013-12-09 21:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\s***\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-09 21:29 - 2013-12-09 21:29 - 00000000 ____D C:\Users\s***\Downloads\ComputerBild
2013-12-08 13:22 - 2013-12-08 13:25 - 00000000 ____D C:\Users\h***.s***-PC\eBooks neu
2013-12-08 12:49 - 2013-12-08 13:25 - 00000000 ____D C:\Users\h***.s***-PC\EBooks
2013-12-07 08:29 - 2013-12-07 08:29 - 00000000 ____D C:\Users\Gast\AppData\Local\Macromedia
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-12-07 08:22 - 2013-12-07 08:22 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-12-07 08:21 - 2013-12-07 08:21 - 00001456 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2013-12-07 08:20 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast
2013-12-07 08:20 - 2013-12-07 08:20 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-12-07 08:20 - 2013-11-21 18:10 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-07 08:20 - 2013-11-21 18:10 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-12-07 08:20 - 2013-11-21 18:10 - 00000000 ____D C:\Users\Gast\AppData\Local\Microsoft Help
2013-12-07 08:20 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-07 08:20 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-07 08:20 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

2014-01-01 15:26 - 2013-12-28 15:01 - 00000000 ____D C:\FRST
2014-01-01 15:26 - 2013-12-28 14:51 - 00000000 ____D C:\Users\s***\Downloads\Nerv
2014-01-01 15:23 - 2013-11-21 18:24 - 01526708 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-01 15:14 - 2014-01-01 15:14 - 00001064 _____ C:\Users\s***\Desktop\JRT.txt
2014-01-01 15:05 - 2014-01-01 15:05 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-01 15:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-01 15:02 - 2013-01-11 15:55 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-01 14:59 - 2013-11-21 18:58 - 00000000 __RDO C:\Users\s***\SkyDrive
2014-01-01 14:57 - 2013-12-10 10:43 - 00001866 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-01-01 14:57 - 2013-01-11 13:57 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4179510247-2226308497-1868162751-1000
2014-01-01 14:54 - 2013-12-28 13:31 - 00003116 _____ C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2014-01-01 14:54 - 2013-12-11 11:35 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-01 14:53 - 2013-01-11 15:49 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 14:52 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-01 14:51 - 2013-12-09 21:49 - 00008138 _____ C:\WINDOWS\PFRO.log
2014-01-01 14:51 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2014-01-01 14:50 - 2014-01-01 13:58 - 00000000 ____D C:\AdwCleaner
2014-01-01 14:50 - 2013-10-21 14:19 - 00000000 ____D C:\Users\s***\AppData\Roaming\Common
2014-01-01 14:37 - 2013-01-11 15:49 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 12:55 - 2014-01-01 12:55 - 00001131 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-01 12:55 - 2014-01-01 12:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-30 12:53 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-30 12:53 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-30 12:53 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-28 16:50 - 2013-11-21 18:02 - 00000000 ____D C:\Users\s***
2013-12-28 16:18 - 2013-12-28 16:18 - 581205596 _____ C:\WINDOWS\MEMORY.DMP
2013-12-28 16:18 - 2013-12-28 16:18 - 00284696 _____ C:\WINDOWS\Minidump\122813-31218-01.dmp
2013-12-28 16:18 - 2013-12-28 16:18 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-28 16:18 - 2013-01-11 15:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 15:55 - 2013-12-28 15:55 - 00000000 _____ C:\Users\s***\defogger_reenable
2013-12-28 15:46 - 2013-12-28 15:46 - 00006854 _____ C:\Users\s***\Desktop\gmer1.txt
2013-12-28 15:25 - 2013-12-28 15:25 - 00010884 _____ C:\Users\s***\Desktop\gmer.txt
2013-12-28 13:30 - 2013-12-28 13:30 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\s***\Downloads\wzmp_8.exe
2013-12-28 13:30 - 2013-12-28 13:30 - 00001211 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Users\s***\AppData\Roaming\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2013-12-28 12:58 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-28 10:49 - 2013-12-28 10:49 - 00001169 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-28 10:49 - 2013-11-18 19:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 10:46 - 2013-12-28 10:46 - 00283096 _____ (Mozilla) C:\Users\s***\Downloads\Firefox Setup Stub 26.0.exe
2013-12-28 10:45 - 2013-12-28 10:45 - 00001169 _____ C:\Users\s***\Desktop\Continue Firefox Installation.lnk
2013-12-25 17:07 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-25 16:30 - 2013-12-18 21:04 - 00002403 _____ C:\WINDOWS\setupact.log
2013-12-18 22:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-18 21:04 - 2013-12-18 21:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-18 20:41 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-18 20:37 - 2013-08-18 19:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-18 20:35 - 2013-01-11 15:52 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-18 12:48 - 2013-03-15 15:08 - 00000000 ____D C:\Users\s***\Documents\Outlook-Dateien
2013-12-18 12:47 - 2013-09-18 16:13 - 00000000 ____D C:\Users\s***\AppData\Local\5FC6D25F-9263-4513-B851-6C78564AF3B1.aplzod
2013-12-12 15:50 - 2013-12-12 12:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 11:54 - 2013-01-20 15:05 - 00000000 ____D C:\Users\s***\AppData\Local\Apple
2013-12-12 11:39 - 2013-03-15 14:37 - 00000000 ____D C:\Users\s***\AppData\Roaming\Dropbox
2013-12-12 09:53 - 2013-03-15 14:40 - 00000000 ___RD C:\Users\s***\Dropbox
2013-12-12 09:33 - 2013-08-22 15:44 - 00477448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-11 14:54 - 2013-01-11 16:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 14:51 - 2013-12-10 10:21 - 00000000 ____D C:\Program Files\stinger
2013-12-11 11:35 - 2013-01-11 15:49 - 00000000 ____D C:\Users\s***\AppData\Local\Google
2013-12-11 11:35 - 2013-01-11 15:48 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 10:07 - 2013-12-11 09:56 - 00000000 ____D C:\Users\s***\Downloads\stinger
2013-12-11 10:02 - 2013-01-11 15:55 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-11 09:55 - 2013-12-10 10:20 - 00000000 ____D C:\ProgramData\McAfee
2013-12-11 09:54 - 2013-12-11 09:53 - 00000112 ___RH C:\Users\s***\Downloads\Stinger.opt
2013-12-11 09:54 - 2013-12-11 09:53 - 00000000 ____D C:\Program Files (x86)\stinger
2013-12-11 09:53 - 2013-12-11 09:53 - 10237984 _____ (McAfee Inc) C:\Users\s***\Downloads\stinger32_6.1.0.690.exe
2013-12-10 11:32 - 2013-01-11 15:49 - 00004094 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-10 11:32 - 2013-01-11 15:49 - 00003858 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-10 10:42 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files\McAfee
2013-12-10 10:42 - 2013-12-10 10:20 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-10 10:41 - 2013-12-10 10:41 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-12-10 10:41 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-12-10 10:40 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files\McAfee.com
2013-12-10 10:19 - 2013-12-10 10:19 - 05132336 _____ (McAfee, Inc.) C:\Users\s***\Downloads\McAfeeSetup.exe
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\Users\s***\AppData\Roaming\Malwarebytes
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 21:29 - 2013-12-09 21:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\s***\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-09 21:29 - 2013-12-09 21:29 - 00000000 ____D C:\Users\s***\Downloads\ComputerBild
2013-12-09 20:33 - 2013-11-21 17:52 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-09 20:31 - 2013-02-05 20:20 - 00000000 ____D C:\Users\s***\Sicherung Registry ccleaner
2013-12-08 13:25 - 2013-12-08 13:22 - 00000000 ____D C:\Users\h***.s***-PC\eBooks neu
2013-12-08 13:25 - 2013-12-08 12:49 - 00000000 ____D C:\Users\h***.s***-PC\EBooks
2013-12-08 13:22 - 2013-11-21 18:02 - 00000000 ____D C:\Users\h***.s***-PC
2013-12-08 13:04 - 2013-10-29 21:53 - 00000000 ____D C:\WINDOWS\tmp
2013-12-08 13:03 - 2013-10-29 21:53 - 00001021 _____ C:\Users\Public\Desktop\Kobo.lnk
2013-12-08 13:02 - 2013-10-29 21:52 - 00000000 ____D C:\Program Files (x86)\Kobo
2013-12-07 08:29 - 2013-12-07 08:29 - 00000000 ____D C:\Users\Gast\AppData\Local\Macromedia
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-12-07 08:22 - 2013-12-07 08:22 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-12-07 08:21 - 2013-12-07 08:21 - 00001456 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2013-12-07 08:21 - 2013-12-07 08:20 - 00000000 ____D C:\Users\Gast
2013-12-07 08:20 - 2013-12-07 08:20 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-02 10:14 - 2013-01-11 17:31 - 00003546 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\s***\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-28 13:16

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Hallo,
eine Frage. Ist vllt. das OfferMosquito PlugIn das Problem? Falls ja, ist der in der Registry noch zu finden, habe eben mal nachgeschaut

Vielen Dank für die tatkräftige Unterstützung.
VG

schrauber · 02.01.2014, 16:58

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Nerv · 03.01.2014, 20:11

Hallo,
hier das log File:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2cfd20ad88ccbb4e9f7bc96650e0b8cf
# engine=16493
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-03 02:22:59
# local_time=2014-01-03 03:22:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5122 16777214 66 65 2050794 17693787 0 0
# compatibility_mode=5893 16776574 66 85 8201125 11549481 0 0
# scanned=250372
# found=0
# cleaned=0
# scan_time=24929

hier Security Check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.78  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
McAfee Anti-Virus und Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 	11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Mozilla Thunderbird (24.2.0) 
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 WinZip Malware Protector WinZipMalwareProtector.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Und zum Schluss noch FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by s*** (administrator) on s***-PC on 03-01-2014 19:58:31
Running from C:\Users\s***\Downloads\Nerv
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Atheros) C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2013-01-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2013-01-11] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258592 2012-11-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
MountPoints2: {de045346-5be5-11e2-9148-806e6f6e6963} - "E:\zdata\cobi.exe" 
HKU\h***.s***-PC\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\s***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {19B94843-D3F4-4B04-B5A0-F864EC83FB03} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE550&p={SearchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll (Google Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\s***\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default
FF DefaultSearchEngine: Search
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Search
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\s***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF SearchPlugin: C:\Users\s***\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default\searchplugins\ChatZumSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FRITZ!Box AddOn - C:\Users\s***\AppData\Roaming\Mozilla\Firefox\Profiles\c26y7k8a.default\Extensions\fb_add_on@avm.de
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome: 
=======
CHR HomePage: hxxp://wisersearch.com/?channel=de
CHR RestoreOnStartup: "hxxp://wisersearch.com/?channel=de", "hxxp://www.google.com"
CHR DefaultSearchKeyword: search
CHR DefaultSearchProvider: Search
CHR DefaultSearchURL: hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SiteAdvisor) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_0
CHR Extension: (Google Wallet) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Simple New Tab) - C:\Users\s***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Acer\WDAgent\Ath_WlanAgent.exe [81536 2012-08-24] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-21] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 idsvc; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-02 20:20 - 2014-01-02 20:20 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-01 17:26 - 2014-01-01 17:26 - 00001717 _____ C:\Users\Gast\Desktop\Konto EVG Sonderedition.lnk
2014-01-01 17:25 - 2014-01-01 17:25 - 00000000 ____D C:\Users\s***\AppData\Roaming\ZSoft
2014-01-01 17:25 - 2002-02-22 04:50 - 00203976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\richtx32.ocx
2014-01-01 17:23 - 2014-01-01 17:23 - 16669689 _____ C:\Users\s***\Downloads\13_12_10_Version_2014.rar
2014-01-01 16:14 - 2014-01-01 16:14 - 00000000 ____D C:\Users\s***\AppData\Local\Systweak
2014-01-01 15:14 - 2014-01-01 15:14 - 00001064 _____ C:\Users\s***\Desktop\JRT.txt
2014-01-01 15:05 - 2014-01-01 15:05 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-01 13:58 - 2014-01-01 14:50 - 00000000 ____D C:\AdwCleaner
2014-01-01 12:55 - 2014-01-01 12:55 - 00001131 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-01 12:55 - 2014-01-01 12:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-01 12:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-28 16:18 - 2013-12-28 16:18 - 581205596 _____ C:\WINDOWS\MEMORY.DMP
2013-12-28 16:18 - 2013-12-28 16:18 - 00284696 _____ C:\WINDOWS\Minidump\122813-31218-01.dmp
2013-12-28 16:18 - 2013-12-28 16:18 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-28 15:55 - 2013-12-28 15:55 - 00000000 _____ C:\Users\s***\defogger_reenable
2013-12-28 15:46 - 2013-12-28 15:46 - 00006854 _____ C:\Users\s***\Desktop\gmer1.txt
2013-12-28 15:25 - 2013-12-28 15:25 - 00010884 _____ C:\Users\s***\Desktop\gmer.txt
2013-12-28 15:01 - 2014-01-03 19:58 - 00000000 ____D C:\FRST
2013-12-28 14:51 - 2014-01-03 19:58 - 00000000 ____D C:\Users\s***\Downloads\Nerv
2013-12-28 13:31 - 2014-01-02 20:11 - 00003116 _____ C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2013-12-28 13:30 - 2013-12-28 13:30 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\s***\Downloads\wzmp_8.exe
2013-12-28 13:30 - 2013-12-28 13:30 - 00001211 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Users\s***\AppData\Roaming\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2013-12-28 13:30 - 2013-03-15 17:10 - 00020480 _____ C:\WINDOWS\system32\wsusnative64.exe
2013-12-28 10:49 - 2013-12-28 10:49 - 00001169 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-28 10:46 - 2013-12-28 10:46 - 00283096 _____ (Mozilla) C:\Users\s***\Downloads\Firefox Setup Stub 26.0.exe
2013-12-28 10:45 - 2013-12-28 10:45 - 00001169 _____ C:\Users\s***\Desktop\Continue Firefox Installation.lnk
2013-12-18 21:04 - 2014-01-02 20:20 - 00004790 _____ C:\WINDOWS\setupact.log
2013-12-18 21:04 - 2013-12-18 21:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-14 20:36 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-14 20:36 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-14 20:36 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-14 20:36 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-14 20:36 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-14 20:36 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-14 20:36 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-14 20:36 - 2013-11-08 06:23 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-12-14 20:36 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-14 20:36 - 2013-11-08 05:42 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2013-12-14 20:36 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-14 20:36 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-14 20:36 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-14 20:36 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-14 20:36 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-14 20:36 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-14 20:36 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-14 20:36 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-14 20:36 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-14 20:36 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-14 20:36 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-14 20:36 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-14 20:36 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-14 20:36 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-14 20:36 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-14 20:36 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-14 20:36 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-14 20:36 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-14 20:36 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-14 20:36 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-14 20:36 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-14 20:36 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-14 20:36 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-14 20:36 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-14 20:36 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-14 20:36 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-14 20:36 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-14 20:36 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-14 20:36 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-14 20:36 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-14 20:36 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-14 20:36 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-14 20:36 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-14 20:36 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-14 20:35 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 20:35 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 20:35 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-14 20:35 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-14 20:35 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-12 12:01 - 2013-12-12 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 11:52 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-11 11:52 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-11 11:52 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-11 11:52 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-11 11:52 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-11 11:52 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-11 11:52 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-11 11:35 - 2014-01-03 11:37 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-11 09:59 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-11 09:59 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-11 09:59 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-11 09:59 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-11 09:59 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-11 09:59 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-11 09:59 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-11 09:59 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-11 09:59 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-11 09:59 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-11 09:59 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-11 09:59 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-11 09:59 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-11 09:59 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-11 09:59 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-11 09:59 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-11 09:59 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-11 09:59 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-11 09:59 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-11 09:59 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-11 09:59 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-11 09:58 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-11 09:56 - 2013-12-11 10:07 - 00000000 ____D C:\Users\s***\Downloads\stinger
2013-12-11 09:53 - 2013-12-11 09:54 - 00000112 ___RH C:\Users\s***\Downloads\Stinger.opt
2013-12-11 09:53 - 2013-12-11 09:54 - 00000000 ____D C:\Program Files (x86)\stinger
2013-12-11 09:53 - 2013-12-11 09:53 - 10237984 _____ (McAfee Inc) C:\Users\s***\Downloads\stinger32_6.1.0.690.exe
2013-12-10 10:43 - 2014-01-02 22:40 - 00001866 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-12-10 10:42 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2013-12-10 10:41 - 2013-12-10 10:41 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-12-10 10:40 - 2013-12-18 20:41 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-10 10:40 - 2013-12-10 10:42 - 00000000 ____D C:\Program Files\McAfee
2013-12-10 10:40 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files\McAfee.com
2013-12-10 10:21 - 2013-12-11 14:51 - 00000000 ____D C:\Program Files\stinger
2013-12-10 10:20 - 2013-12-11 09:55 - 00000000 ____D C:\ProgramData\McAfee
2013-12-10 10:20 - 2013-12-10 10:42 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-10 10:20 - 2013-11-04 16:46 - 00182752 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2013-12-10 10:19 - 2013-12-10 10:19 - 05132336 _____ (McAfee, Inc.) C:\Users\s***\Downloads\McAfeeSetup.exe
2013-12-09 21:49 - 2014-01-01 14:51 - 00008138 _____ C:\WINDOWS\PFRO.log
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\Users\s***\AppData\Roaming\Malwarebytes
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 21:29 - 2013-12-09 21:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\s***\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-09 21:29 - 2013-12-09 21:29 - 00000000 ____D C:\Users\s***\Downloads\ComputerBild
2013-12-08 13:22 - 2013-12-08 13:25 - 00000000 ____D C:\Users\h***.s***-PC\eBooks neu
2013-12-08 12:49 - 2013-12-08 13:25 - 00000000 ____D C:\Users\h***.s***-PC\EBooks
2013-12-07 08:29 - 2013-12-07 08:29 - 00000000 ____D C:\Users\Gast\AppData\Local\Macromedia
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-12-07 08:22 - 2013-12-07 08:22 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-12-07 08:21 - 2013-12-07 08:21 - 00001456 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2013-12-07 08:20 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast
2013-12-07 08:20 - 2013-12-07 08:20 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-12-07 08:20 - 2013-11-21 18:10 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-07 08:20 - 2013-11-21 18:10 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-12-07 08:20 - 2013-11-21 18:10 - 00000000 ____D C:\Users\Gast\AppData\Local\Microsoft Help
2013-12-07 08:20 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-07 08:20 - 2013-08-22 16:36 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-07 08:20 - 2013-08-22 16:36 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

2014-01-03 20:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-03 19:58 - 2013-12-28 15:01 - 00000000 ____D C:\FRST
2014-01-03 19:58 - 2013-12-28 14:51 - 00000000 ____D C:\Users\s***\Downloads\Nerv
2014-01-03 19:54 - 2013-11-21 18:24 - 01621787 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-03 11:42 - 2013-01-11 13:57 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4179510247-2226308497-1868162751-1000
2014-01-03 11:37 - 2013-12-11 11:35 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-03 11:37 - 2013-01-11 15:49 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 11:37 - 2013-01-11 15:49 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 11:02 - 2013-01-11 15:55 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-02 22:40 - 2013-12-10 10:43 - 00001866 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-01-02 20:23 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-02 20:23 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-02 20:23 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-02 20:20 - 2014-01-02 20:20 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-02 20:20 - 2013-12-18 21:04 - 00004790 _____ C:\WINDOWS\setupact.log
2014-01-02 20:11 - 2013-12-28 13:31 - 00003116 _____ C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2014-01-02 20:10 - 2013-11-21 18:58 - 00000000 __RDO C:\Users\s***\SkyDrive
2014-01-02 20:09 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-02 20:08 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-02 20:08 - 2013-01-11 15:58 - 00000000 ____D C:\Program Files\WinRAR
2014-01-01 17:26 - 2014-01-01 17:26 - 00001717 _____ C:\Users\Gast\Desktop\Konto EVG Sonderedition.lnk
2014-01-01 17:26 - 2013-11-15 11:46 - 00001717 _____ C:\Users\s***\Desktop\Konto EVG Sonderedition.lnk
2014-01-01 17:26 - 2013-11-15 11:46 - 00001717 _____ C:\Users\h***.s***-PC\Desktop\Konto EVG Sonderedition.lnk
2014-01-01 17:25 - 2014-01-01 17:25 - 00000000 ____D C:\Users\s***\AppData\Roaming\ZSoft
2014-01-01 17:24 - 2013-01-20 14:34 - 00000000 ____D C:\Users\s***\Bahn
2014-01-01 17:23 - 2014-01-01 17:23 - 16669689 _____ C:\Users\s***\Downloads\13_12_10_Version_2014.rar
2014-01-01 16:49 - 2013-01-11 15:59 - 00001092 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-01 16:46 - 2013-01-11 15:58 - 00000000 ____D C:\Users\s***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-01 16:14 - 2014-01-01 16:14 - 00000000 ____D C:\Users\s***\AppData\Local\Systweak
2014-01-01 15:14 - 2014-01-01 15:14 - 00001064 _____ C:\Users\s***\Desktop\JRT.txt
2014-01-01 15:05 - 2014-01-01 15:05 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-01 14:51 - 2013-12-09 21:49 - 00008138 _____ C:\WINDOWS\PFRO.log
2014-01-01 14:51 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2014-01-01 14:50 - 2014-01-01 13:58 - 00000000 ____D C:\AdwCleaner
2014-01-01 14:50 - 2013-10-21 14:19 - 00000000 ____D C:\Users\s***\AppData\Roaming\Common
2014-01-01 12:55 - 2014-01-01 12:55 - 00001131 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-01 12:55 - 2014-01-01 12:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-28 16:50 - 2013-11-21 18:02 - 00000000 ____D C:\Users\s***
2013-12-28 16:18 - 2013-12-28 16:18 - 581205596 _____ C:\WINDOWS\MEMORY.DMP
2013-12-28 16:18 - 2013-12-28 16:18 - 00284696 _____ C:\WINDOWS\Minidump\122813-31218-01.dmp
2013-12-28 16:18 - 2013-12-28 16:18 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-28 16:18 - 2013-01-11 15:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 15:55 - 2013-12-28 15:55 - 00000000 _____ C:\Users\s***\defogger_reenable
2013-12-28 15:46 - 2013-12-28 15:46 - 00006854 _____ C:\Users\s***\Desktop\gmer1.txt
2013-12-28 15:25 - 2013-12-28 15:25 - 00010884 _____ C:\Users\s***\Desktop\gmer.txt
2013-12-28 13:30 - 2013-12-28 13:30 - 04892480 _____ (WinZip International LLC                                    ) C:\Users\s***\Downloads\wzmp_8.exe
2013-12-28 13:30 - 2013-12-28 13:30 - 00001211 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Users\s***\AppData\Roaming\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2013-12-28 13:30 - 2013-12-28 13:30 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2013-12-28 12:58 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-28 10:49 - 2013-12-28 10:49 - 00001169 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-28 10:49 - 2013-11-18 19:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 10:46 - 2013-12-28 10:46 - 00283096 _____ (Mozilla) C:\Users\s***\Downloads\Firefox Setup Stub 26.0.exe
2013-12-28 10:45 - 2013-12-28 10:45 - 00001169 _____ C:\Users\s***\Desktop\Continue Firefox Installation.lnk
2013-12-18 22:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-18 21:04 - 2013-12-18 21:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-18 20:41 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-18 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-18 20:37 - 2013-08-18 19:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-18 20:35 - 2013-01-11 15:52 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-18 12:48 - 2013-03-15 15:08 - 00000000 ____D C:\Users\s***\Documents\Outlook-Dateien
2013-12-18 12:47 - 2013-09-18 16:13 - 00000000 ____D C:\Users\s***\AppData\Local\5FC6D25F-9263-4513-B851-6C78564AF3B1.aplzod
2013-12-12 15:50 - 2013-12-12 12:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 11:54 - 2013-01-20 15:05 - 00000000 ____D C:\Users\s***\AppData\Local\Apple
2013-12-12 11:39 - 2013-03-15 14:37 - 00000000 ____D C:\Users\s***\AppData\Roaming\Dropbox
2013-12-12 09:53 - 2013-03-15 14:40 - 00000000 ___RD C:\Users\s***\Dropbox
2013-12-12 09:33 - 2013-08-22 15:44 - 00477448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-11 14:54 - 2013-01-11 16:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 14:51 - 2013-12-10 10:21 - 00000000 ____D C:\Program Files\stinger
2013-12-11 11:35 - 2013-01-11 15:49 - 00000000 ____D C:\Users\s***\AppData\Local\Google
2013-12-11 11:35 - 2013-01-11 15:48 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 10:07 - 2013-12-11 09:56 - 00000000 ____D C:\Users\s***\Downloads\stinger
2013-12-11 10:02 - 2013-01-11 15:55 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-11 09:55 - 2013-12-10 10:20 - 00000000 ____D C:\ProgramData\McAfee
2013-12-11 09:54 - 2013-12-11 09:53 - 00000112 ___RH C:\Users\s***\Downloads\Stinger.opt
2013-12-11 09:54 - 2013-12-11 09:53 - 00000000 ____D C:\Program Files (x86)\stinger
2013-12-11 09:53 - 2013-12-11 09:53 - 10237984 _____ (McAfee Inc) C:\Users\s***\Downloads\stinger32_6.1.0.690.exe
2013-12-10 11:32 - 2013-01-11 15:49 - 00004094 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-10 11:32 - 2013-01-11 15:49 - 00003858 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-10 10:42 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files\McAfee
2013-12-10 10:42 - 2013-12-10 10:20 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-12-10 10:41 - 2013-12-10 10:41 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-12-10 10:41 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-12-10 10:40 - 2013-12-10 10:40 - 00000000 ____D C:\Program Files\McAfee.com
2013-12-10 10:19 - 2013-12-10 10:19 - 05132336 _____ (McAfee, Inc.) C:\Users\s***\Downloads\McAfeeSetup.exe
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\Users\s***\AppData\Roaming\Malwarebytes
2013-12-09 21:32 - 2013-12-09 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-09 21:29 - 2013-12-09 21:29 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\s***\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-09 21:29 - 2013-12-09 21:29 - 00000000 ____D C:\Users\s***\Downloads\ComputerBild
2013-12-09 20:33 - 2013-11-21 17:52 - 00000000 ___DC C:\WINDOWS\Panther
2013-12-09 20:31 - 2013-02-05 20:20 - 00000000 ____D C:\Users\s***\Sicherung Registry ccleaner
2013-12-08 13:25 - 2013-12-08 13:22 - 00000000 ____D C:\Users\h***.s***-PC\eBooks neu
2013-12-08 13:25 - 2013-12-08 12:49 - 00000000 ____D C:\Users\h***.s***-PC\EBooks
2013-12-08 13:22 - 2013-11-21 18:02 - 00000000 ____D C:\Users\h***.s***-PC
2013-12-08 13:04 - 2013-10-29 21:53 - 00000000 ____D C:\WINDOWS\tmp
2013-12-08 13:03 - 2013-10-29 21:53 - 00001021 _____ C:\Users\Public\Desktop\Kobo.lnk
2013-12-08 13:02 - 2013-10-29 21:52 - 00000000 ____D C:\Program Files (x86)\Kobo
2013-12-07 08:29 - 2013-12-07 08:29 - 00000000 ____D C:\Users\Gast\AppData\Local\Macromedia
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-12-07 08:28 - 2013-12-07 08:28 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-12-07 08:22 - 2013-12-07 08:22 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-12-07 08:21 - 2013-12-07 08:21 - 00001456 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-12-07 08:21 - 2013-12-07 08:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Packages
2013-12-07 08:21 - 2013-12-07 08:20 - 00000000 ____D C:\Users\Gast
2013-12-07 08:20 - 2013-12-07 08:20 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-12-07 08:20 - 2013-12-07 08:20 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\s***\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-01 18:59

==================== End Of Log ============================

--- --- ---

--- --- ---

Ob das Problem behoben ist, muss ich erst noch sehen. Was ist mit Daten in der Cloud? Kann dort noch was her kommen? Und was ist mit OfferMosquito? Ist das ein AddOn, das die beschriebenen Probleme macht? Denn der Eintrag in der Registry existiert immer noch.
Vielen Dank und beste Grüße

schrauber · 04.01.2014, 15:42

Zitat:

Denn der Eintrag in der Registry existiert immer noch.

Wo siehst du den?

Nerv · 04.01.2014, 16:03

Hallo,
ich habe ganz viele Einträge gefunden.
Z.B:
HKEY_CLASSES_ROOT\AppID\npOfferMosquitoIEHelper.dll
HKEY_CLASSES_ROOT\BeboMediaLtd.OfferMosquitoIEHelper
HKEY_CLASSES_ROOT\BeboMediaLtd.OfferMosquitoIEHelper.1
HKEY_CLASSES_ROOT\Interface\{E563EA8B-7C40-4E55-AD48-EF3A1463F16C}
HKEY_CURRENT_USER\Software\Classes\AppID\npOfferMosquitoIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E563EA8B-7C40-4E55-AD48-EF3A1463F16C}

Soll ich die Einträge löschen? Es sind aber recht viele.

VG

schrauber · 05.01.2014, 12:01

Das mach ich

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
Mosquito
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Nerv · 05.01.2014, 20:11

Hallo,
hier die Fundstellen:

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 20:07 on 05/01/2014 by s***
Administrator - Elevation successful

========== regfind ==========

Searching for "Mosquito"
[HKEY_CURRENT_USER\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper]
[HKEY_CURRENT_USER\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper]
"Path"="C:\Users\s***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll"
[HKEY_CURRENT_USER\Software\Classes\AppID\npOfferMosquitoIEHelper.dll]
[HKEY_CURRENT_USER\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper]
[HKEY_CURRENT_USER\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper]
@="OfferMosquito support plugin for Internet Explorer/Chrome Frame"
[HKEY_CURRENT_USER\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper\CurVer]
@="BeboMediaLtd.OfferMosquitoIEHelper.1"
[HKEY_CURRENT_USER\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper.1]
[HKEY_CURRENT_USER\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper.1]
@="OfferMosquito support plugin for Internet Explorer/Chrome Frame"
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-offermosquitoiehelper]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-offermosquitoiehelper]
@="OfferMosquito support plugin for Internet Explorer/Chrome Frame"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E563EA8B-7C40-4E55-AD48-EF3A1463F16C}]
@="IOfferMosquitoIEPlaceholderBHO"
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper]
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper]
"Path"="C:\Users\s***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll"
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\AppID\npOfferMosquitoIEHelper.dll]
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper]
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper]
@="OfferMosquito support plugin for Internet Explorer/Chrome Frame"
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper\CurVer]
@="BeboMediaLtd.OfferMosquitoIEHelper.1"
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper.1]
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper.1]
@="OfferMosquito support plugin for Internet Explorer/Chrome Frame"
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\MIME\Database\Content Type\application/x-offermosquitoiehelper]
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\MIME\Database\Content Type\application/x-offermosquitoiehelper]
@="OfferMosquito support plugin for Internet Explorer/Chrome Frame"
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\AppID\npOfferMosquitoIEHelper.dll]
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\BeboMediaLtd.OfferMosquitoIEHelper]
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\BeboMediaLtd.OfferMosquitoIEHelper]
@="OfferMosquito support plugin for Internet Explorer/Chrome Frame"
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\BeboMediaLtd.OfferMosquitoIEHelper\CurVer]
@="BeboMediaLtd.OfferMosquitoIEHelper.1"
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\BeboMediaLtd.OfferMosquitoIEHelper.1]
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\BeboMediaLtd.OfferMosquitoIEHelper.1]
@="OfferMosquito support plugin for Internet Explorer/Chrome Frame"
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\MIME\Database\Content Type\application/x-offermosquitoiehelper]
[HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\MIME\Database\Content Type\application/x-offermosquitoiehelper]
@="OfferMosquito support plugin for Internet Explorer/Chrome Frame"

-= EOF =-

VG

schrauber · 06.01.2014, 16:39

Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen)

Code:

ATTFilter

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper]
[-HKEY_CURRENT_USER\Software\Classes\AppID\npOfferMosquitoIEHelper.dll]
[-HKEY_CURRENT_USER\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper]
[-HKEY_CURRENT_USER\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper.1]
[-HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-offermosquitoiehelper]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E563EA8B-7C40-4E55-AD48-EF3A1463F16C}]
[-HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper]
[-HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\AppID\npOfferMosquitoIEHelper.dll]
[-HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper]
[-HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\BeboMediaLtd.OfferMosquitoIEHelper.1]
[-HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000\Software\Classes\MIME\Database\Content Type\application/x-offermosquitoiehelper]
[-HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\AppID\npOfferMosquitoIEHelper.dll]
[-HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\BeboMediaLtd.OfferMosquitoIEHelper]
[-HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\BeboMediaLtd.OfferMosquitoIEHelper.1]
[-HKEY_USERS\S-1-5-21-4179510247-2226308497-1868162751-1000_Classes\MIME\Database\Content Type\application/x-offermosquitoiehelper]

Starte die regfix.reg duch Doppelklick.

Nerv · 07.01.2014, 13:18

Hallo Schrauber,
Registry ist nun clean.
Vielen Dank für die tolle Hilfe!
Hatte bisher auch keine seltsamen Fenster mehr im Browser.
Ich melde mich mal in ein paar Tagen wieder und gebe Feedback.
Viele Grüße
Nerv

schrauber · 08.01.2014, 08:30

ok

Nerv · 12.01.2014, 22:21

Hallo Schrauber,
Es sieht so aus als wäre der Spuk vorbei. Vielen Dank!
Soll ich die ganzen Tools nun wieder deinstalliern/löschen? Außer malwarebytes.
VG

08.01.2014, 08:30	#14
schrauber /// the machine /// TB-Ausbilder	Im Firefox ständig Werbemeldungen oder Hinweise zu Performance oder Spyware ok __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Im Firefox ständig Werbemeldungen oder Hinweise zu Performance oder Spyware

Log-Analyse und Auswertung: Im Firefox ständig Werbemeldungen oder Hinweise zu Performance oder Spyware