Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Verdächtige Popup Fenster im FireFox

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.06.2014, 11:03   #1
wbtroj
 
Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Hallo,
ich hoffe Ihr könnt mir mal wieder helfen:
Seit ein paar Tagen bekomme ich sehr verdächtige Popup Seiten im Firefox - unabhängig wo ich surfe (zum Beispiel auch hier beim Trojaner Board.
Hier mal ein paar ScreenShots dazu:
(Edit: Leider hat es nicht funktioniert, den img-Tag mit der Adresse aus meiner Drobbox zu füllen. Auch mit dem URL-Tag habe ich es versucht. Beide male werden die Links nicht angezeigt. Ich habe sie daher noch mal als reinen Text aufgeführt)
1)
(Link: https://www.dropbox.com/s/882w4lrdvdmgqcc/entertainment_factory1.jpg?m=hxxp://)

2)
(Link: https://www.dropbox.com/s/lny1mu4rwck931l/test%20your%20internet%20speed.jpg)

3)
(Link: https://www.dropbox.com/s/s5xu09l2u9hzk6p/maleware_windows.jpghxxp://)

4)
(Link: https://www.dropbox.com/s/0fuxi7ntfgr3dse/fenster%20mit%20popups.jpg)

Bei Bild 4) ist in der linken Seite eine Sidebar zu erkennen die im oberen Bereich den Namen "Webget" hat. Danach habe ich gegoogelt und eine Anweisung zum Entfernen gefunden und ausgeführt:
==>> unter "Programme und Features" in der Systemsteuerung habe ich das Programm gefunden und gelöscht.
==>> Als Add-On ist es bei mir nicht eingetragen gewesen und auch nicht in der Run-Sektion der Registry

Was ich bisher gemacht habe:
Avast scan mit folgendem Ergebnis
a) Win32:Mobogenie-O
==>> gefunden in Quarantaene-Ordner eines aeltern Scanas mit dem AdwCleaner
==>> habe ich in die Avast-Quarantaene geschoben
b) Win32:FakeVimes-B[Trj] in der pagefile.sys eines meiner Laufwerke
==>> habe pagefile.sys geloescht und in der neu erstellten ist kein neuer Befund gewesen
c) Scan mit SuperAntiSpyware
==>> es wurden bisher 10 Bedrohungen gefunden

Scan musste ich abbrechen, da ich einen Stromausfall hatte. Habe dann nicht nochmal
aufgesetzt, da ich mich nun doch erst mal hier an Euch wenden wollte.
d) Ansonsten alle vom Trojaner Board angeforderten Programme laufen lassen. Hier die
Ergebnisse:

FRST.txt:
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014
Ran by internet_2 (ATTENTION: The logged in user is not administrator) on DESKTOP-PC on 12-06-2014 15:47:19
Running from D:\AntiVirus
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(The Eraser Project) E:\Program Files\Eraser\Eraser.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NTeWORKS) E:\Image Processing\PicPick\picpick.exe
(Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) E:\Program Files\Windows Sidebar\sidebar.exe
(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Microsoft Corporation) E:\MS\Office10\MSOFFICE.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Users\internet_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\javaw.exe
(Mozilla Corporation) E:\Internet\FireFox\firefox.exe
(Mozilla Corporation) E:\Internet\FireFox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] => E:\Program Files\Comodo\COMODO Internet Security\cistray.exe [1225944 2014-03-26] (COMODO)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [Eraser] => E:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [StartCCC] => E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => E:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11680400 2012-10-26] (Realtek Semiconductor)
HKLM\...\RunOnce: [20140529] - E:\Program Files\AVAST Software\Avast\setup\emupdate\f427c2e8-09d0-4a46-a509-4921e98386d5.exe /check [183208 2014-05-31] (AVAST Software)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [360448 2009-07-14] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-18] (Microsoft Corporation)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [PicPick Start] => E:\Image Processing\PicPick\picpick.exe [13165400 2014-03-12] (NTeWORKS)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Messenger (Yahoo!)] => "E:\PROGRA~3\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\MountPoints2: {e9c92f2f-d4c2-11e2-85eb-806e6f6e6963} - notepad readme.txt
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\MountPoints2: {e9c92f30-d4c2-11e2-85eb-806e6f6e6963} - O:\Run.exe
Startup: C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI (RC3).lnk
ShortcutTarget: Secunia PSI (RC3).lnk -> D:\Programme\Personal Software Inspector\psi.exe (Secunia)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\internet_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloaderPortable.lnk
ShortcutTarget: JDownloaderPortable.lnk -> E:\Media\Video\JDownloader\JDownloaderPortable.exe (AppWork GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fil-PH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x13A26660C36CCE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{65379DEE-2D36-4695-8857-4DC4D45113C2}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas
FF Homepage: https://www.gmx.net/|hxxp://speedtest.net
FF NetworkProxy: "backup.ftp", "localhost"
FF NetworkProxy: "backup.ftp_port", 4001
FF NetworkProxy: "backup.socks", "localhost"
FF NetworkProxy: "backup.socks_port", 4001
FF NetworkProxy: "backup.ssl", "localhost"
FF NetworkProxy: "backup.ssl_port", 4001
FF NetworkProxy: "ftp", "localhost"
FF NetworkProxy: "ftp_port", 4001
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 4001
FF NetworkProxy: "no_proxies_on", "stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "localhost"
FF NetworkProxy: "socks_port", 4001
FF NetworkProxy: "ssl", "localhost"
FF NetworkProxy: "ssl_port", 4001
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - E:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\searchplugins\11-suche.xml
FF SearchPlugin: I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\searchplugins\gmx-suche.xml
FF SearchPlugin: I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\searchplugins\heise-netze-whois.xml
FF SearchPlugin: I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\searchplugins\heise-netze.xml
FF SearchPlugin: I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\searchplugins\ixquick.xml
FF SearchPlugin: I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\searchplugins\lastminute.xml
FF SearchPlugin: I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\searchplugins\metager.xml
FF SearchPlugin: I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\searchplugins\webde-suche.xml
FF Extension: German Dictionary - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\de_DE@dicts.j3e.de [2014-03-23]
FF Extension: United States English Spellchecker - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\en-US@dictionaries.addons.mozilla.org [2013-07-16]
FF Extension: Free Download Manager plugin - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\fdm_ffext@freedownloadmanager.org [2013-07-16]
FF Extension: Xmarks - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\foxmarks@kei.com [2013-11-09]
FF Extension: FireShot - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-06-05]
FF Extension: TV-Fox - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2014-05-25]
FF Extension: Live HTTP Headers - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-07-16]
FF Extension: WOT - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: DownloadHelper - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: FoxClocks - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-01-25]
FF Extension: Memory Fox - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-07-16]
FF Extension: Classic Theme Restorer - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-01]
FF Extension: Exif Viewer - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\exif_viewer@mozilla.doslash.org.xpi [2013-07-16]
FF Extension: Firebug - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\firebug@software.joehewitt.com.xpi [2013-07-16]
FF Extension: One Click Proxy - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2013-07-16]
FF Extension: Tabs on Bottom (Australis) - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\jid1-OesGFwaQGIBASw@jetpack.xpi [2014-05-25]
FF Extension: Open RegEdit Key - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\openregeditkey@kashiif.com.xpi [2013-07-16]
FF Extension: SQLite Manager - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2013-07-16]
FF Extension: Stealthy - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\stealthyextension@gmail.com.xpi [2013-07-16]
FF Extension: Tabs On Bottom - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\tabsonbottom@piro.sakura.ne.jp.xpi [2014-05-04]
FF Extension: GMX MailCheck - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\toolbar@gmx.net.xpi [2013-07-16]
FF Extension: Xenotix Keylogger - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\xboz@ajin.com.xpi [2013-07-16]
FF Extension: YSlow - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\yslow@yahoo-inc.com.xpi [2013-07-16]
FF Extension: Facebook Phishing Protector - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2013-07-16]
FF Extension: Screengrab  (fix version) - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2013-07-16]
FF Extension: X-notifier - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2013-07-16]
FF Extension: FireFTP - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013-07-16]
FF Extension: Modify Headers - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013-10-06]
FF Extension: Web Developer - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-07-16]
FF Extension: Greasemonkey - I:\Eigene Dateien\Internet\FireFox\Profile\@ndreas\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - E:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - E:\Program Files\McAfee\SiteAdvisor [2011-12-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-20]
FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-06-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software)
R2 c2cautoupdatesvc; E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cmdAgent; E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-17] (COMODO)
S3 cmdvirth; E:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-26] (COMODO)
R2 FoxitCloudUpdateService; E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
S2 gupdate; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
S3 gupdatem; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2013-06-20] () [File not signed]
S4 McAfee SiteAdvisor Service; E:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-07] (McAfee, Inc.)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 NitroReaderDriverReadSpool3; E:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 SkypeUpdate; E:\Program Files\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 wampapache; P:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) [File not signed]
S3 wampmysqld; P:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () [File not signed]
S3 WinDefend; E:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
R3 WMPNetworkSvc; E:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2013-08-18] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 Update webget; "E:\Program Files\webget\updatewebget.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-25] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-17] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-17] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-17] (COMODO)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2009-08-26] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2009-09-16] () [File not signed]
S3 gdrv; C:\Windows\gdrv.sys [17488 2014-06-10] (Windows (R) 2000 DDK provider)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-17] (COMODO)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [22120 2011-06-15] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [27752 2011-09-16] (Realtek Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [90648 2011-06-14] (Ray Hinchliffe)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
R1 {55685567-4840-4a91-962b-49a412e9485a}w; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys [52920 2014-05-26] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 SASDIFSV; \??\I:\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\I:\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-12 15:46 - 2014-06-12 15:47 - 00000000 ____D () C:\FRST
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-11 18:47 - 2014-05-30 17:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 18:47 - 2014-05-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 18:47 - 2014-05-30 17:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 18:47 - 2014-05-30 16:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 18:47 - 2014-05-30 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 18:47 - 2014-05-30 16:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 18:47 - 2014-05-30 16:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 18:47 - 2014-05-30 16:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 18:47 - 2014-05-30 16:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 18:47 - 2014-05-30 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 18:47 - 2014-05-30 16:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 18:47 - 2014-05-30 16:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 18:47 - 2014-05-30 16:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 18:47 - 2014-05-30 16:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 18:47 - 2014-05-30 16:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 18:47 - 2014-05-30 16:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 18:47 - 2014-05-30 16:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 18:47 - 2014-05-30 16:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 18:47 - 2014-05-30 16:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 18:47 - 2014-05-30 15:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 18:47 - 2014-05-30 15:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 18:47 - 2014-05-30 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 18:47 - 2014-05-30 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 18:47 - 2014-05-30 15:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 18:47 - 2014-05-30 15:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 18:47 - 2014-05-30 15:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 18:47 - 2014-05-30 15:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 18:47 - 2014-05-30 15:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 16:54 - 2014-06-08 16:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 16:54 - 2014-04-05 10:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 16:54 - 2014-04-05 10:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 16:53 - 2014-06-08 16:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 16:53 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2012-10-30 17:59 - 03340880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-06-10 17:22 - 2012-10-30 16:43 - 00369117 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-06-10 17:22 - 2012-10-29 16:34 - 02357344 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-06-10 17:22 - 2012-10-25 14:45 - 00097424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-06-10 17:22 - 2012-10-23 11:30 - 03219600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-06-10 17:22 - 2012-09-20 00:59 - 00742264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-06-10 17:22 - 2012-09-12 09:51 - 02486416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-06-10 17:22 - 2012-09-09 14:33 - 01929080 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-06-10 17:22 - 2012-08-21 14:51 - 00658064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-06-10 17:22 - 2012-08-13 18:06 - 01501840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-06-10 17:22 - 2012-08-03 18:18 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-06-10 17:22 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-06-10 17:22 - 2012-06-08 16:23 - 00071808 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2014-06-10 17:22 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00176736 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2014-06-10 17:22 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2014-06-10 17:22 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2014-06-10 17:22 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-06-10 17:22 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2014-06-10 17:22 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2014-06-10 17:22 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-09 11:05 - 2014-06-09 13:27 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-05 16:03 - 2014-06-05 19:05 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 08:40 - 2014-05-30 09:00 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-30 08:18 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-30 08:18 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-30 08:18 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-30 08:17 - 2014-05-30 08:18 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 07:52 - 2014-05-26 20:57 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-28 08:33 - 2014-06-12 14:54 - 00000000 ____D () E:\Program Files\webget
2014-05-25 14:32 - 2014-05-30 16:53 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-24 13:48 - 2014-05-24 14:03 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt
2014-05-21 15:36 - 2014-05-29 15:36 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Mp3tag
2014-05-17 15:06 - 2014-04-12 10:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 15:06 - 2014-04-12 10:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 15:06 - 2014-04-12 10:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 15:06 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 15:06 - 2014-04-12 10:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 15:06 - 2014-04-12 10:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 15:06 - 2014-04-12 10:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 15:06 - 2014-03-04 17:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-17 15:06 - 2014-03-04 17:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 15:06 - 2014-03-04 17:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 15:06 - 2014-03-04 17:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 14:58 - 2014-03-25 10:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 15:57 - 2014-05-13 16:08 - 00000000 ____D () C:\Users\internet_2\.FBReader
2014-05-13 15:05 - 2014-05-13 15:05 - 00001757 _____ () C:\Users\internet_2\Desktop\FBReader.lnk
2014-05-13 15:05 - 2014-05-13 15:05 - 00001757 _____ () C:\Users\internet\Desktop\FBReader.lnk
2014-05-13 15:05 - 2014-05-13 15:05 - 00000000 ____D () E:\Program Files\FBReader
2014-05-13 15:05 - 2014-05-13 15:05 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
2014-05-13 13:36 - 2014-05-13 13:36 - 00000869 _____ () C:\Users\internet\Desktop\Cool Reader - CHIP Downloader.lnk

==================== One Month Modified Files and Folders =======

2014-06-12 15:48 - 2013-06-14 16:41 - 00000000 ____D () C:\Users\internet_2\AppData\Local\Temp
2014-06-12 15:47 - 2014-06-12 15:46 - 00000000 ____D () C:\FRST
2014-06-12 15:45 - 2013-09-22 13:46 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Dropbox
2014-06-12 15:36 - 2013-06-22 19:49 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Skype
2014-06-12 15:31 - 2013-06-14 15:33 - 00795754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 15:10 - 2013-06-21 08:43 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Nitro PDF
2014-06-12 15:04 - 2013-06-14 15:23 - 01957100 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 15:03 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 15:03 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 15:00 - 2014-01-01 10:16 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-12 14:58 - 2014-03-03 09:13 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\DropboxMaster
2014-06-12 14:55 - 2014-01-01 10:16 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-12 14:55 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 14:54 - 2014-05-28 08:33 - 00000000 ____D () E:\Program Files\webget
2014-06-12 14:54 - 2014-03-22 07:07 - 00021916 _____ () C:\Windows\setupact.log
2014-06-12 14:54 - 2013-06-15 07:45 - 00401084 _____ () C:\Windows\PFRO.log
2014-06-12 14:53 - 2014-01-04 11:01 - 00000000 ____D () C:\Users\internet\AppData\Local\CrashDumps
2014-06-12 14:49 - 2013-07-14 07:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 14:30 - 2009-07-14 10:04 - 00000505 _____ () C:\Windows\win.ini
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-12 08:38 - 2013-09-10 17:39 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\vlc
2014-06-11 20:35 - 2014-04-25 11:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 20:35 - 2011-02-08 14:44 - 00000000 ____D () E:\Program Files\internet explorer
2014-06-11 18:51 - 2013-07-27 08:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 18:48 - 2013-06-17 13:26 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 16:52 - 2014-02-04 16:57 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Free Download Manager
2014-06-10 17:24 - 2013-09-13 10:24 - 00000000 ___HD () E:\Program Files\Temp
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2011-02-08 16:04 - 00000000 ____D () E:\Program Files\Realtek
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-10 16:49 - 2013-06-14 15:35 - 00000010 _____ () C:\Windows\GSetup.ini
2014-06-10 16:29 - 2013-10-14 18:29 - 00000000 ____D () C:\Users\internet_2\AppData\Local\CrashDumps
2014-06-10 16:05 - 2013-09-04 12:00 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Orbit
2014-06-10 16:04 - 2013-10-14 10:09 - 00000000 ____D () E:\Program Files\Calibre2
2014-06-09 13:27 - 2014-06-09 11:05 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-09 10:10 - 2013-10-14 10:15 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\calibre
2014-06-08 16:48 - 2014-06-11 16:54 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 16:43 - 2014-06-11 16:53 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 19:05 - 2014-06-05 16:03 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-06-03 22:11 - 2013-09-30 16:09 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 12:10 - 2013-06-25 13:16 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FileZilla
2014-05-31 11:41 - 2013-07-17 12:01 - 00000000 ____D () C:\Users\internet_2\.mediathek3
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 17:18 - 2014-06-11 18:47 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 17:02 - 2014-06-11 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 17:02 - 2014-06-11 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 16:53 - 2014-05-25 14:32 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-30 16:44 - 2014-06-11 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 16:43 - 2014-06-11 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 16:42 - 2014-06-11 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 16:38 - 2014-06-11 18:47 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 16:34 - 2014-06-11 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 16:33 - 2014-06-11 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 16:30 - 2014-06-11 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 16:28 - 2014-06-11 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 16:28 - 2014-06-11 18:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 16:27 - 2014-06-11 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 16:21 - 2014-06-11 18:47 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 16:16 - 2014-06-11 18:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 16:10 - 2014-06-11 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 16:06 - 2014-06-11 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 16:04 - 2014-06-11 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 16:02 - 2014-06-11 18:47 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 15:57 - 2014-06-11 18:47 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 15:56 - 2014-06-11 18:47 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 15:54 - 2014-06-11 18:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 15:50 - 2014-06-11 18:47 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 15:49 - 2014-06-11 18:47 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 15:40 - 2014-06-11 18:47 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 15:21 - 2014-06-11 18:47 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 15:15 - 2014-06-11 18:47 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 15:13 - 2014-06-11 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 09:00 - 2014-05-30 08:40 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-30 08:17 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 08:18 - 2011-02-15 11:34 - 00000000 ____D () E:\Program Files\Java
2014-05-29 16:12 - 2014-04-29 08:22 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\MyPhoneExplorer
2014-05-29 15:36 - 2014-05-21 15:36 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Mp3tag
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ___HD () C:\Users\internet\.opdveza-an
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ____D () C:\Users\internet\.borland
2014-05-28 13:09 - 2013-06-15 12:56 - 00000600 _____ () C:\Users\internet_2\AppData\Roaming\winscp.rnd
2014-05-27 09:55 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-26 20:57 - 2014-05-30 07:52 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-25 14:05 - 2013-06-14 15:31 - 00000000 ____D () C:\Users\internet
2014-05-25 07:10 - 2014-03-03 09:12 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 14:03 - 2014-05-24 13:48 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt
2014-05-19 16:09 - 2013-09-13 09:30 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Notepad++
2014-05-19 07:02 - 2009-07-14 12:53 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-18 12:38 - 2013-11-13 08:06 - 00000000 ____D () C:\Windows\rescache
2014-05-18 12:11 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-17 17:53 - 2013-06-23 07:54 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype
2014-05-16 10:11 - 2013-06-14 16:41 - 00000000 ____D () C:\Users\internet_2
2014-05-16 09:51 - 2013-06-15 10:30 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-16 09:51 - 2013-06-15 10:30 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 08:29 - 2013-06-21 09:21 - 00000000 ____D () C:\Users\internet_2\AppData\Local\gtk-2.0
2014-05-15 19:13 - 2013-12-27 21:07 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 19:13 - 2013-10-20 11:43 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 19:13 - 2013-10-20 11:43 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-13 16:08 - 2014-05-13 15:57 - 00000000 ____D () C:\Users\internet_2\.FBReader
2014-05-13 15:05 - 2014-05-13 15:05 - 00001757 _____ () C:\Users\internet_2\Desktop\FBReader.lnk
2014-05-13 15:05 - 2014-05-13 15:05 - 00001757 _____ () C:\Users\internet\Desktop\FBReader.lnk
2014-05-13 15:05 - 2014-05-13 15:05 - 00000000 ____D () E:\Program Files\FBReader
2014-05-13 15:05 - 2014-05-13 15:05 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
2014-05-13 14:19 - 2013-10-14 09:49 - 00000000 ____D () C:\Users\internet_2\cr3
2014-05-13 13:36 - 2014-05-13 13:36 - 00000869 _____ () C:\Users\internet\Desktop\Cool Reader - CHIP Downloader.lnk

Files to move or delete:
====================
C:\Users\internet\AppData\Roaming\CamLayout.ini
C:\Users\internet\AppData\Roaming\CamShapes.ini
C:\Users\internet_2\AppData\Roaming\Camdata.ini
C:\Users\internet_2\AppData\Roaming\CamLayout.ini
C:\Users\internet_2\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\internet_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmftzpb.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Addition.txtFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014
Ran by internet_2 at 2014-06-12 15:48:44
Running from D:\AntiVirus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AMD Catalyst Control Center (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FFEB98D2-E65A-3C8F-DC9E-7A0F6EEDDE33}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Avidemux 2.4 (HKLM\...\Avidemux 2.4) (Version: 2.4.4 - )
BillardGL 1.75 (HKLM\...\BillardGL 1.75) (Version:  - )
Borland Turbo Delphi (HKLM\...\{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}) (Version: 10.0.3 - Borland Software Corporation)
calibre (HKLM\...\{A696C2ED-7597-46AB-9676-898F9849576D}) (Version: 1.39.0 - Kovid Goyal)
CamStudio Lossless Codec v1.5 (HKLM\...\camcodec) (Version: 1.5 - CamStudio)
CamStudio version 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Canon CanoScan Toolbox 4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.55693.2551 - COMODO Security Solutions Inc.)
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.03 - Corel Inc)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
CrystalDiskInfo 6.1.12 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Display Manager (HKLM\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
DIY DataRecovery MBRtool (HKLM\...\MBRtool_is1) (Version: 2.3.200 - DIY DataRecovery.nl)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EASEUS Partition Master 4.1.1 Professional (HKLM\...\EASEUS Partition Master Professional Edition_is1) (Version:  - EASEUS)
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
FileZilla Client 3.7.4.1 (HKLM\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Free Download Manager 3.9.3 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeCommander XE (HKCU\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
FreeDoko 0.7.12 (HKLM\...\FreeDoko) (Version: 0.7.12 - Borg Enders und Diether Knof)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Helium (HKLM\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
ImageJ 1.47v (HKLM\...\ImageJ_is1) (Version:  - NIH)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 51 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
LibreOffice 4.0 Help Pack (German) (HKLM\...\{FE231FC3-A6F1-45D4-AE1B-C591610EBC32}) (Version: 4.0.5.2 - The Document Foundation)
LibreOffice 4.1.5.3 (HKLM\...\{E77773E5-944A-453F-97F3-46767AE0A253}) (Version: 4.1.5.3 - The Document Foundation)
Macromedia Dreamweaver MX 2004 (HKLM\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0 - Macromedia)
Macromedia Extension Manager (HKLM\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.115 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework SDK (English) 1.1 (HKLM\...\{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}) (Version: 1.1.4322 - Microsoft)
Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C3013E88-B772-4446-A0AE-A7F37180B9F1}) (Version: 2.3.2208 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Miro (HKLM\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Mobilizer (HKLM\...\com.springbox.mobilizer) (Version: 0.9.6 - UNKNOWN)
Mobilizer (Version: 0.9.6 - UNKNOWN) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 21.0 (x86 de) (HKLM\...\Mozilla Firefox 21.0 (x86 de)) (Version: 21.0 - Mozilla)
Mozilla Firefox 29.0.1 (x86 de) (HKCU\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Neverball 1.5.4 (HKCU\...\Neverball) (Version: 1.5.4 - )
Nitro Reader 3 (HKLM\...\{587BE1E5-418E-461F-B3F0-D7C07E38B481}) (Version: 3.5.5.2 - Nitro)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PicPick (HKLM\...\PicPick) (Version: 3.3.2 - NTeWORKS)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Diagnostic Utility (HKCU\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Roadkil's Disk Image Version 1.6 (HKLM\...\{2AE21A08-FF8E-44CF-84C7-F5571DBF7360}_is1) (Version:  - Roadkil.Net)
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sokoban YASC (HKLM\...\Sokoban YASC - Yet Another Sokoban Clone_is1) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
StreamTransport version: 1.1.4.0 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TreeSize Free V3.0 (HKCU\...\TreeSize Free_is1) (Version: 3.0 - JAM Software)
UBCD4Win 3.60 (HKLM\...\UBCD4Win_is1) (Version:  - UBCD4Win Team - Benjamin Burrows)
vavideo.app Version 1.0 (HKLM\...\vavideo.app_is1) (Version: 1.0 - vavideo)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSDC Free Video Editor Version 2.1.6.133 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.6.133 - Flash-Integro LLC)
WBInvoker (HKLM\...\{5319996b-e624-478f-881b-882508bd323f}.sdb) (Version:  - )
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.47-21 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.21 - HTTrack)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.1.5 (HKCU\...\winscp3_is1) (Version: 5.1.5 - Martin Prikryl)
XQDC X-Setup Pro 9.2.100 (HKLM\...\xqdcXSP_is1) (Version: 9.2.100 - XQDC Ltd.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 10:04 - 2013-06-16 15:43 - 00000959 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost


==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2014-02-12 03:29 - 2014-02-12 03:29 - 00093696 _____ () E:\Internet\FTP\FileZilla 3.7.1\fzshellext.dll
2013-10-20 11:43 - 2013-10-20 11:43 - 19336120 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-12 14:56 - 2014-06-12 14:56 - 00043008 _____ () C:\Users\internet_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmftzpb.dll
2013-08-24 03:01 - 2013-08-24 03:01 - 25100288 _____ () C:\Users\internet_2\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-10 08:13 - 2014-05-10 08:13 - 03839088 _____ () E:\Internet\FireFox\mozjs.dll
2014-05-16 09:51 - 2014-05-16 09:51 - 16361136 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: Macromedia Licensing Service => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: Wlansvc => 3

==================== Faulty Device Manager Devices =============

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2014 02:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updatewebget.exe, version: 0.0.0.0, time stamp: 0x5398819f
Faulting module name: KERNEL32.dll_unloaded, version: 0.0.0.0, time stamp: 0x531599f5
Exception code: 0xc0000005
Fault offset: 0x7778ed93
Faulting process id: 0x148c
Faulting application start time: 0xupdatewebget.exe0
Faulting application path: updatewebget.exe1
Faulting module path: updatewebget.exe2
Report Id: updatewebget.exe3

Error: (06/11/2014 06:47:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (06/11/2014 06:47:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (06/10/2014 06:37:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/10/2014 04:51:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program JBrowser.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10bc

Start Time: 01cf8488eba61e71

Termination Time: 8

Application Path: O:\JBrowser.exe

Report Id: 4e8fe422-f07c-11e3-9dd7-6cf049ddb301

Error: (06/10/2014 04:28:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CTCMSu.exe, version: 5.2.13.0, time stamp: 0x4566921d
Faulting module name: wdmaud.drv, version: 6.1.7601.17514, time stamp: 0x4ce7ba26
Exception code: 0xc0000005
Fault offset: 0x00003d48
Faulting process id: 0x1640
Faulting application start time: 0xCTCMSu.exe0
Faulting application path: CTCMSu.exe1
Faulting module path: CTCMSu.exe2
Report Id: CTCMSu.exe3

Error: (06/10/2014 04:16:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CTCMSu.exe, version: 5.2.13.0, time stamp: 0x4566921d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0x1678
Faulting application start time: 0xCTCMSu.exe0
Faulting application path: CTCMSu.exe1
Faulting module path: CTCMSu.exe2
Report Id: CTCMSu.exe3

Error: (06/10/2014 04:01:55 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: desktop-PC)
Description: Application or service 'The main calibre program' could not be shut down.

Error: (06/10/2014 04:01:25 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: desktop-PC)
Description: Application or service 'calibre worker process' could not be shut down.

Error: (06/10/2014 04:00:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).


System errors:
=============
Error: (06/12/2014 03:00:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (06/12/2014 02:55:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL

Error: (06/12/2014 02:55:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update webget service failed to start due to the following error: 
%%2

Error: (06/12/2014 02:53:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update webget service failed to start due to the following error: 
%%2

Error: (06/12/2014 02:53:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update webget service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/12/2014 02:53:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Util webget service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/12/2014 02:33:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (06/12/2014 07:26:41 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (06/12/2014 07:24:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (06/12/2014 07:21:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update webget service failed to start due to the following error: 
%%5


Microsoft Office Sessions:
=========================
Error: (06/12/2014 02:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: updatewebget.exe0.0.0.05398819fKERNEL32.dll_unloaded0.0.0.0531599f5c00000057778ed93148c01cf860af8c1ae69E:\Program Files\webget\updatewebget.exeKERNEL32.dll37c5ec38-f1fe-11e3-a48a-6cf049ddb301

Error: (06/11/2014 06:47:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (06/11/2014 06:47:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (06/10/2014 06:37:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"f:\programming\Android\android studio\bin\studio64.exe.Manifest

Error: (06/10/2014 04:51:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: JBrowser.exe1.0.0.110bc01cf8488eba61e718O:\JBrowser.exe4e8fe422-f07c-11e3-9dd7-6cf049ddb301

Error: (06/10/2014 04:28:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CTCMSu.exe5.2.13.04566921dwdmaud.drv6.1.7601.175144ce7ba26c000000500003d48164001cf8484885fe7c0E:\Program Files\Creative\MediaSource5\CTCMSu.exeC:\Windows\system32\wdmaud.drv40811bda-f079-11e3-9dd7-6cf049ddb301

Error: (06/10/2014 04:16:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CTCMSu.exe5.2.13.04566921dntdll.dll6.1.7601.18247521ea91cc00000050003224d167801cf8483f97b70c7E:\Program Files\Creative\MediaSource5\CTCMSu.exeC:\Windows\SYSTEM32\ntdll.dll749734d1-f077-11e3-9dd7-6cf049ddb301

Error: (06/10/2014 04:01:55 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: desktop-PC)
Description: 2E:\Program Files\Calibre2\calibre.exeThe main calibre program0121743280

Error: (06/10/2014 04:01:25 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: desktop-PC)
Description: 2E:\Program Files\Calibre2\calibre-parallel.execalibre worker process0521754720

Error: (06/10/2014 04:00:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)


==================== Memory info =========================== 

Percentage of memory in use: 62%
Total physical RAM: 3325.55 MB
Available physical RAM: 1251.24 MB
Total Pagefile: 4323.84 MB
Available Pagefile: 2147.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:23.49 GB) (Free:4.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:10.72 GB) (Free:4.14 GB) NTFS
Drive e: (Programme) (Fixed) (Total:22.36 GB) (Free:3.94 GB) NTFS
Drive f: (Daten) (Fixed) (Total:23.39 GB) (Free:2.25 GB) NTFS
Drive g: (MP3) (Fixed) (Total:102.53 GB) (Free:54.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Bilder) (Fixed) (Total:107.42 GB) (Free:54.22 GB) NTFS
Drive i: (Eigene) (Fixed) (Total:30.25 GB) (Free:13.43 GB) NTFS
Drive j: (WBTRANS16GB) (Removable) (Total:14.95 GB) (Free:8.96 GB) FAT32
Drive k: (SundayBackups) (Fixed) (Total:28.96 GB) (Free:10.44 GB) NTFS
Drive l: (Backups) (Fixed) (Total:9.82 GB) (Free:5.54 GB) NTFS
Drive m: (Videos) (Fixed) (Total:88.13 GB) (Free:29.4 GB) NTFS
Drive p: () (Fixed) (Total:74.51 GB) (Free:14.5 GB) FAT32
Drive z: (FREE) (Fixed) (Total:0.05 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
--- --- ---
GMER.log: ==>> attached als zip-file


Ich hoffe Ihr könnt mir mal wieder helfen und mich von diesen lästigen Plagegeistern befreien. In freudiger Erwartung und mit vielen Grüßen
Andreas!

Geändert von wbtroj (12.06.2014 um 11:12 Uhr) Grund: Link Adressen werden nicht angezeigt

Alt 12.06.2014, 11:06   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



hi,

unsere Tools brauchen immer Adminrechte!

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 13.06.2014, 04:16   #3
wbtroj
 
Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Hallo Schrauber,
vielen Dank für Deine schnell Antwort. Wollte auch schon Ergebnisse liefern, aber ComboFix brauchte sehr lange und hat sich im Endeffekt aufgehängt. Ich werde es morgen nochmal versuchen und melde mich dann wieder.

Gruß Andreas!

Hallo Schrauber,
sorry - das mit den Adminrechten hatte ich vergessen. Allerdings wurden bis auf FRST sowie so alle anderen Programme mit der Admin-Aufforderungen gestartet. Deshalb habe ich heute nur FRST nochmal neu laufen lassen.
Hier die Ergebnisse:
Additional.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014
Ran by internet at 2014-06-13 09:48:29
Running from D:\AntiVirus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AMD Catalyst Control Center (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FFEB98D2-E65A-3C8F-DC9E-7A0F6EEDDE33}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
Avidemux 2.4 (HKLM\...\Avidemux 2.4) (Version: 2.4.4 - )
BillardGL 1.75 (HKLM\...\BillardGL 1.75) (Version:  - )
Borland Turbo Delphi (HKLM\...\{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}) (Version: 10.0.3 - Borland Software Corporation)
calibre (HKLM\...\{A696C2ED-7597-46AB-9676-898F9849576D}) (Version: 1.39.0 - Kovid Goyal)
CamStudio Lossless Codec v1.5 (HKLM\...\camcodec) (Version: 1.5 - CamStudio)
CamStudio version 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Canon CanoScan Toolbox 4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.55693.2551 - COMODO Security Solutions Inc.)
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.03 - Corel Inc)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
CrystalDiskInfo 6.1.12 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Display Manager (HKLM\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
DIY DataRecovery MBRtool (HKLM\...\MBRtool_is1) (Version: 2.3.200 - DIY DataRecovery.nl)
EASEUS Partition Master 4.1.1 Professional (HKLM\...\EASEUS Partition Master Professional Edition_is1) (Version:  - EASEUS)
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version:  - )
FileZilla Client 3.7.4.1 (HKLM\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Free Download Manager 3.9.3 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeDoko 0.7.12 (HKLM\...\FreeDoko) (Version: 0.7.12 - Borg Enders und Diether Knof)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Helium (HKLM\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
ImageJ 1.47v (HKLM\...\ImageJ_is1) (Version:  - NIH)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 51 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
LibreOffice 4.0 Help Pack (German) (HKLM\...\{FE231FC3-A6F1-45D4-AE1B-C591610EBC32}) (Version: 4.0.5.2 - The Document Foundation)
LibreOffice 4.1.5.3 (HKLM\...\{E77773E5-944A-453F-97F3-46767AE0A253}) (Version: 4.1.5.3 - The Document Foundation)
Macromedia Dreamweaver MX 2004 (HKLM\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0 - Macromedia)
Macromedia Extension Manager (HKLM\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.115 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework SDK (English) 1.1 (HKLM\...\{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}) (Version: 1.1.4322 - Microsoft)
Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C3013E88-B772-4446-A0AE-A7F37180B9F1}) (Version: 2.3.2208 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Miro (HKLM\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Mobilizer (HKLM\...\com.springbox.mobilizer) (Version: 0.9.6 - UNKNOWN)
Mobilizer (Version: 0.9.6 - UNKNOWN) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 21.0 (x86 de) (HKLM\...\Mozilla Firefox 21.0 (x86 de)) (Version: 21.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nitro Reader 3 (HKLM\...\{587BE1E5-418E-461F-B3F0-D7C07E38B481}) (Version: 3.5.5.2 - Nitro)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PicPick (HKLM\...\PicPick) (Version: 3.3.2 - NTeWORKS)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Diagnostic Utility (HKLM\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Roadkil's Disk Image Version 1.6 (HKLM\...\{2AE21A08-FF8E-44CF-84C7-F5571DBF7360}_is1) (Version:  - Roadkil.Net)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sokoban YASC (HKLM\...\Sokoban YASC - Yet Another Sokoban Clone_is1) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
StreamTransport version: 1.1.4.0 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UBCD4Win 3.60 (HKLM\...\UBCD4Win_is1) (Version:  - UBCD4Win Team - Benjamin Burrows)
vavideo.app Version 1.0 (HKLM\...\vavideo.app_is1) (Version: 1.0 - vavideo)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSDC Free Video Editor Version 2.1.6.133 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.6.133 - Flash-Integro LLC)
WBInvoker (HKLM\...\{5319996b-e624-478f-881b-882508bd323f}.sdb) (Version:  - )
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.47-21 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.21 - HTTrack)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
XQDC X-Setup Pro 9.2.100 (HKLM\...\xqdcXSP_is1) (Version: 9.2.100 - XQDC Ltd.)

==================== Restore Points  =========================

11-06-2014 10:47:43 Windows Update

==================== Hosts content: ==========================

2009-07-14 10:04 - 2013-06-16 15:43 - 00000959 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost


==================== Scheduled Tasks (whitelisted) =============

Task: {1291E9C6-050C-4A5C-AAC4-1187167AC714} - System32\Tasks\avast! Emergency Update => E:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-25] (AVAST Software)
Task: {15934C0F-D139-4309-BB90-8B9DC0AAFD47} - System32\Tasks\{4C59AC1C-202A-41AF-9123-6C665BB86827} => D:\moviemk.exe [2008-04-14] (Microsoft Corporation)
Task: {30472C5C-A170-4B37-B050-FD4C410044BB} - System32\Tasks\{3DC555EF-59C2-49B8-9AD8-19BA6896984B} => C:\Windows\system32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {40910F57-9D83-4E4C-AE87-37E69ECEA2AA} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => E:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)
Task: {9DADE6A6-88BE-4788-B6B3-E4B003CA2B44} - System32\Tasks\{05E7625E-6833-4F4D-9702-2CE80609AC7C} => E:\Games\Billard\Camron3D\carom.exe
Task: {A5E8E34F-F0D1-40DF-B5E1-F4C6EFD0DBC6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)
Task: {B8595D9F-4B67-4D11-AA20-D21E6BBA97E0} - System32\Tasks\{A2E15662-C697-4156-B16A-8DFE7B03CD9C} => E:\Games\Billard\Camron3D\carom.exe
Task: {BAE11546-192A-4978-A36B-DC6058CE6408} - System32\Tasks\{E830B81E-0E19-4E62-B82A-A17FC9115B4E} => D:\moviemk.exe [2008-04-14] (Microsoft Corporation)
Task: {C086CD84-47FD-46E8-A468-BF5A9747A7CD} - System32\Tasks\{0C075C35-C0B6-4DB9-83D0-B7B8811D81C1} => E:\Games\Billard\Camron3D\carom.exe
Task: {C280373C-E284-4901-860C-469C695D979A} - System32\Tasks\GoogleUpdateTaskMachineUA => E:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-11] (Google Inc.)
Task: {E662863F-F505-40F1-9088-2E344C400424} - System32\Tasks\CCleanerSkipUAC => E:\Program Files\CCleaner\CCleaner.exe [2014-04-18] (Piriform Ltd)
Task: {F65F46A1-B232-4315-B8F5-DC1F87922B8D} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => E:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)
Task: {F88D516A-F19F-4B46-A1E0-CAA9D0B8A3F4} - System32\Tasks\{8F355BAC-CBAB-41EE-ACEA-AAD36AA25841} => E:\Games\Billard\Camron3D\carom.exe
Task: {FDAAAC38-E336-414F-80E5-5E64E5095D40} - System32\Tasks\{775E29D0-B1C3-466D-AF4E-F234E71B1F21} => E:\Media\Video\Pinnacle VideoSpin\Programs\VideoSpin.exe
Task: {FE968CB4-AC69-4836-9634-2E0738F045D2} - System32\Tasks\GoogleUpdateTaskMachineCore => E:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-11] (Google Inc.)
Task: {FE9E75C7-7343-4A11-86DE-D03FB359CCB9} - System32\Tasks\{2E281DFD-1809-4500-B68C-F0D04A417FD0} => E:\Media\Video\Pinnacle VideoSpin\Programs\VideoSpin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => E:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => E:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-12 18:57 - 2014-06-12 18:57 - 02775040 _____ () E:\Program Files\AVAST Software\Avast\defs\14061200\algo.dll
2014-02-12 03:29 - 2014-02-12 03:29 - 00093696 _____ () E:\Internet\FTP\FileZilla 3.7.1\fzshellext.dll
2013-10-20 11:43 - 2013-10-20 11:43 - 19336120 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-13 09:33 - 2014-06-13 09:33 - 00043008 _____ () C:\Users\internet_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplamcty.dll
2013-08-24 03:01 - 2013-08-24 03:01 - 25100288 _____ () C:\Users\internet_2\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-10 08:13 - 2014-05-10 08:13 - 03839088 _____ () E:\Internet\FireFox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: Macromedia Licensing Service => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: Wlansvc => 3

==================== Faulty Device Manager Devices =============

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2014 09:35:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ComboFix.exe version 14.6.12.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1370

Start Time: 01cf86a76bb894ea

Termination Time: 0

Application Path: D:\AntiVirus\ComboFix.exe

Report Id:

Error: (06/13/2014 09:29:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ComboFix.exe version 14.6.12.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1184

Start Time: 01cf86a0b158bc55

Termination Time: 10

Application Path: D:\AntiVirus\ComboFix.exe

Report Id:

Error: (06/13/2014 08:00:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ComboFix.exe version 14.6.12.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2ec

Start Time: 01cf86945174e134

Termination Time: 16

Application Path: D:\AntiVirus\ComboFix.exe

Report Id:

Error: (06/13/2014 07:49:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/12/2014 06:02:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/12/2014 02:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updatewebget.exe, version: 0.0.0.0, time stamp: 0x5398819f
Faulting module name: KERNEL32.dll_unloaded, version: 0.0.0.0, time stamp: 0x531599f5
Exception code: 0xc0000005
Fault offset: 0x7778ed93
Faulting process id: 0x148c
Faulting application start time: 0xupdatewebget.exe0
Faulting application path: updatewebget.exe1
Faulting module path: updatewebget.exe2
Report Id: updatewebget.exe3

Error: (06/11/2014 06:47:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (06/11/2014 06:47:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (06/10/2014 06:37:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/10/2014 04:51:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program JBrowser.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10bc

Start Time: 01cf8488eba61e71

Termination Time: 8

Application Path: O:\JBrowser.exe

Report Id: 4e8fe422-f07c-11e3-9dd7-6cf049ddb301


System errors:
=============
Error: (06/13/2014 07:09:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL

Error: (06/13/2014 07:08:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update webget service failed to start due to the following error: 
%%2

Error: (06/12/2014 08:25:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (06/12/2014 08:25:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (06/12/2014 07:48:51 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom1, is not ready for access yet.

Error: (06/12/2014 07:48:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (06/12/2014 07:48:50 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom1, is not ready for access yet.

Error: (06/12/2014 07:48:49 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom1, is not ready for access yet.

Error: (06/12/2014 07:48:48 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom1, is not ready for access yet.

Error: (06/12/2014 07:48:47 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom1, is not ready for access yet.


Microsoft Office Sessions:
=========================
Error: (06/13/2014 09:35:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ComboFix.exe14.6.12.1137001cf86a76bb894ea0D:\AntiVirus\ComboFix.exe

Error: (06/13/2014 09:29:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ComboFix.exe14.6.12.1118401cf86a0b158bc5510D:\AntiVirus\ComboFix.exe

Error: (06/13/2014 08:00:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ComboFix.exe14.6.12.12ec01cf86945174e13416D:\AntiVirus\ComboFix.exe

Error: (06/13/2014 07:49:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"f:\programming\Android\android studio\bin\studio64.exe.Manifest

Error: (06/12/2014 06:02:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"f:\programming\Android\android studio\bin\studio64.exe.Manifest

Error: (06/12/2014 02:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: updatewebget.exe0.0.0.05398819fKERNEL32.dll_unloaded0.0.0.0531599f5c00000057778ed93148c01cf860af8c1ae69E:\Program Files\webget\updatewebget.exeKERNEL32.dll37c5ec38-f1fe-11e3-a48a-6cf049ddb301

Error: (06/11/2014 06:47:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (06/11/2014 06:47:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (06/10/2014 06:37:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"f:\programming\Android\android studio\bin\studio64.exe.Manifest

Error: (06/10/2014 04:51:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: JBrowser.exe1.0.0.110bc01cf8488eba61e718O:\JBrowser.exe4e8fe422-f07c-11e3-9dd7-6cf049ddb301


==================== Memory info =========================== 

Percentage of memory in use: 66%
Total physical RAM: 3325.55 MB
Available physical RAM: 1110.74 MB
Total Pagefile: 4323.84 MB
Available Pagefile: 2515.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:23.49 GB) (Free:4.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:10.72 GB) (Free:4.13 GB) NTFS
Drive e: (Programme) (Fixed) (Total:22.36 GB) (Free:3.94 GB) NTFS
Drive f: (Daten) (Fixed) (Total:23.39 GB) (Free:2.25 GB) NTFS
Drive g: (MP3) (Fixed) (Total:102.53 GB) (Free:54.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Bilder) (Fixed) (Total:107.42 GB) (Free:54.22 GB) NTFS
Drive i: (Eigene) (Fixed) (Total:30.25 GB) (Free:13.02 GB) NTFS
Drive k: (SundayBackups) (Fixed) (Total:28.96 GB) (Free:10.44 GB) NTFS
Drive l: (Backups) (Fixed) (Total:9.82 GB) (Free:5.54 GB) NTFS
Drive m: (Videos) (Fixed) (Total:88.13 GB) (Free:29.25 GB) NTFS
Drive p: () (Fixed) (Total:74.51 GB) (Free:14.48 GB) FAT32
Drive z: (FREE) (Fixed) (Total:0.05 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 69ECF574)
Partition 1: (Active) - (Size=103 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=88 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: EE4EEE4E)
Partition 1: (Active) - (Size=23 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=47 MB) - (Type=0C)
Partition 3: (Not Active) - (Size=126 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 75 GB) (Disk ID: E5B69024)
Partition 1: (Not Active) - (Size=75 GB) - (Type=0C)

==================== End Of Log ============================
         
FRST Scan Result:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014
Ran by internet (administrator) on DESKTOP-PC on 13-06-2014 09:47:09
Running from D:\AntiVirus
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Corporation) E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Nitro PDF Software) E:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(The Eraser Project) E:\Program Files\Eraser\Eraser.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NTeWORKS) E:\Image Processing\PicPick\picpick.exe
(Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) E:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\internet_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\javaw.exe
(Microsoft Corporation) E:\MS\Office10\MSOFFICE.EXE
(Microsoft Corporation) E:\Program Files\windows media player\wmpnetwk.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) E:\Internet\FireFox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] => E:\Program Files\Comodo\COMODO Internet Security\cistray.exe [1225944 2014-03-26] (COMODO)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [Eraser] => E:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [StartCCC] => E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => E:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11680400 2012-10-26] (Realtek Semiconductor)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-18] (Microsoft Corporation)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\Run: [PicPick Start] => E:\Image Processing\PicPick\picpick.exe [13165400 2014-03-12] (NTeWORKS)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\MountPoints2: {e9c92f2f-d4c2-11e2-85eb-806e6f6e6963} - N:\CDBROWSE.EXE
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\MountPoints2: {e9c92f30-d4c2-11e2-85eb-806e6f6e6963} - O:\Run.exe
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [PicPick Start] => E:\Image Processing\PicPick\picpick.exe [13165400 2014-03-12] (NTeWORKS)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Messenger (Yahoo!)] => "E:\PROGRA~3\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\MountPoints2: {e9c92f2f-d4c2-11e2-85eb-806e6f6e6963} - notepad readme.txt
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\MountPoints2: {e9c92f30-d4c2-11e2-85eb-806e6f6e6963} - O:\Run.exe
Startup: C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI (RC3).lnk
ShortcutTarget: Secunia PSI (RC3).lnk -> D:\Programme\Personal Software Inspector\psi.exe (Secunia)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\internet\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloaderPortable.lnk
ShortcutTarget: JDownloaderPortable.lnk -> E:\Media\Video\JDownloader\JDownloaderPortable.exe (AppWork GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fil-PH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x13A26660C36CCE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{65379DEE-2D36-4695-8857-4DC4D45113C2}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: I:\Eigene Dateien\Internet\FireFox\Profile\@dele
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - E:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\y4m0hhnp.default\user.js
FF Extension: McAfee SiteAdvisor - E:\Program Files\McAfee\SiteAdvisor [2011-12-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - E:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - E:\Program Files\McAfee\SiteAdvisor [2011-12-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-20]
FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-06-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software)
R2 c2cautoupdatesvc; E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cmdAgent; E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-17] (COMODO)
S3 cmdvirth; E:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-26] (COMODO)
R2 FoxitCloudUpdateService; E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
S2 gupdate; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
S3 gupdatem; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2013-06-20] () [File not signed]
S4 McAfee SiteAdvisor Service; E:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-07] (McAfee, Inc.)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 NitroReaderDriverReadSpool3; E:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S2 SkypeUpdate; E:\Program Files\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 wampapache; P:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) [File not signed]
S3 wampmysqld; P:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () [File not signed]
S3 WinDefend; E:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
R3 WMPNetworkSvc; E:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2013-08-18] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 Update webget; "E:\Program Files\webget\updatewebget.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-25] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-17] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-17] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-17] (COMODO)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2009-08-26] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2009-09-16] () [File not signed]
S3 gdrv; C:\Windows\gdrv.sys [17488 2014-06-10] (Windows (R) 2000 DDK provider)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-17] (COMODO)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [22120 2011-06-15] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [27752 2011-09-16] (Realtek Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [90648 2011-06-14] (Ray Hinchliffe)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
R1 {55685567-4840-4a91-962b-49a412e9485a}w; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys [52920 2014-05-26] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 SASDIFSV; \??\I:\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\I:\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-13 09:47 - 2014-06-13 09:47 - 00000000 ____D () C:\FRST
2014-06-12 17:24 - 2014-06-13 09:33 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-11 18:47 - 2014-05-30 17:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 18:47 - 2014-05-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 18:47 - 2014-05-30 17:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 18:47 - 2014-05-30 16:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 18:47 - 2014-05-30 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 18:47 - 2014-05-30 16:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 18:47 - 2014-05-30 16:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 18:47 - 2014-05-30 16:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 18:47 - 2014-05-30 16:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 18:47 - 2014-05-30 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 18:47 - 2014-05-30 16:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 18:47 - 2014-05-30 16:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 18:47 - 2014-05-30 16:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 18:47 - 2014-05-30 16:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 18:47 - 2014-05-30 16:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 18:47 - 2014-05-30 16:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 18:47 - 2014-05-30 16:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 18:47 - 2014-05-30 16:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 18:47 - 2014-05-30 16:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 18:47 - 2014-05-30 15:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 18:47 - 2014-05-30 15:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 18:47 - 2014-05-30 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 18:47 - 2014-05-30 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 18:47 - 2014-05-30 15:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 18:47 - 2014-05-30 15:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 18:47 - 2014-05-30 15:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 18:47 - 2014-05-30 15:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 18:47 - 2014-05-30 15:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 16:54 - 2014-06-08 16:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 16:54 - 2014-04-05 10:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 16:54 - 2014-04-05 10:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 16:53 - 2014-06-08 16:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 16:53 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2012-10-30 17:59 - 03340880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-06-10 17:22 - 2012-10-30 16:43 - 00369117 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-06-10 17:22 - 2012-10-29 16:34 - 02357344 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-06-10 17:22 - 2012-10-25 14:45 - 00097424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-06-10 17:22 - 2012-10-23 11:30 - 03219600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-06-10 17:22 - 2012-09-20 00:59 - 00742264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-06-10 17:22 - 2012-09-12 09:51 - 02486416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-06-10 17:22 - 2012-09-09 14:33 - 01929080 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-06-10 17:22 - 2012-08-21 14:51 - 00658064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-06-10 17:22 - 2012-08-13 18:06 - 01501840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-06-10 17:22 - 2012-08-03 18:18 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-06-10 17:22 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-06-10 17:22 - 2012-06-08 16:23 - 00071808 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2014-06-10 17:22 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00176736 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2014-06-10 17:22 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2014-06-10 17:22 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2014-06-10 17:22 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-06-10 17:22 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2014-06-10 17:22 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2014-06-10 17:22 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-09 11:05 - 2014-06-09 13:27 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-05 16:03 - 2014-06-05 19:05 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-06-03 22:11 - 2014-06-03 22:11 - 00147667 ____N () C:\Windows\Minidump\060314-22495-01.dmp
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 08:40 - 2014-05-30 09:00 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-30 08:18 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-30 08:18 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-30 08:18 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-30 08:17 - 2014-05-30 08:18 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 07:52 - 2014-05-26 20:57 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-28 08:33 - 2014-06-12 14:54 - 00000000 ____D () E:\Program Files\webget
2014-05-25 14:32 - 2014-05-30 16:53 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-24 13:48 - 2014-05-24 14:03 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt
2014-05-21 15:36 - 2014-05-29 15:36 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Mp3tag
2014-05-17 15:06 - 2014-04-12 10:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 15:06 - 2014-04-12 10:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 15:06 - 2014-04-12 10:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 15:06 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 15:06 - 2014-04-12 10:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 15:06 - 2014-04-12 10:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 15:06 - 2014-04-12 10:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 15:06 - 2014-03-04 17:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-17 15:06 - 2014-03-04 17:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 15:06 - 2014-03-04 17:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 15:06 - 2014-03-04 17:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 15:06 - 2014-03-04 17:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 14:58 - 2014-03-25 10:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

==================== One Month Modified Files and Folders =======

2014-06-13 09:47 - 2014-06-13 09:47 - 00000000 ____D () C:\FRST
2014-06-13 09:33 - 2014-06-12 17:24 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-13 09:33 - 2014-03-03 09:13 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\DropboxMaster
2014-06-13 09:33 - 2013-09-22 13:46 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Dropbox
2014-06-13 09:33 - 2013-06-22 19:49 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Skype
2014-06-13 09:32 - 2014-01-01 10:16 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 09:00 - 2014-01-01 10:16 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 08:49 - 2013-07-14 07:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-13 08:21 - 2013-09-10 17:39 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\vlc
2014-06-13 08:04 - 2013-06-14 15:33 - 00795754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 07:18 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 07:18 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 07:16 - 2013-06-14 15:23 - 01972928 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 07:07 - 2014-03-22 07:07 - 00021972 _____ () C:\Windows\setupact.log
2014-06-13 07:07 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 21:18 - 2013-10-20 13:10 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc
2014-06-12 18:00 - 2013-11-13 08:06 - 00000000 ____D () C:\Windows\rescache
2014-06-12 16:46 - 2013-06-21 08:43 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Nitro PDF
2014-06-12 14:54 - 2014-05-28 08:33 - 00000000 ____D () E:\Program Files\webget
2014-06-12 14:54 - 2013-06-15 07:45 - 00401084 _____ () C:\Windows\PFRO.log
2014-06-12 14:30 - 2009-07-14 10:04 - 00000505 _____ () C:\Windows\win.ini
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-11 20:35 - 2014-04-25 11:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 20:35 - 2011-02-08 14:44 - 00000000 ____D () E:\Program Files\internet explorer
2014-06-11 18:51 - 2013-07-27 08:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 18:48 - 2013-06-17 13:26 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 16:52 - 2014-02-04 16:57 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Free Download Manager
2014-06-10 17:24 - 2013-09-13 10:24 - 00000000 ___HD () E:\Program Files\Temp
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2011-02-08 16:04 - 00000000 ____D () E:\Program Files\Realtek
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-10 16:49 - 2013-06-14 15:35 - 00000010 _____ () C:\Windows\GSetup.ini
2014-06-10 16:05 - 2013-09-04 12:00 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Orbit
2014-06-10 16:04 - 2013-10-14 10:09 - 00000000 ____D () E:\Program Files\Calibre2
2014-06-09 13:27 - 2014-06-09 11:05 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-09 10:10 - 2013-10-14 10:15 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\calibre
2014-06-08 16:48 - 2014-06-11 16:54 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 16:43 - 2014-06-11 16:53 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 19:05 - 2014-06-05 16:03 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-06-03 22:11 - 2014-06-03 22:11 - 00147667 ____N () C:\Windows\Minidump\060314-22495-01.dmp
2014-06-03 22:11 - 2013-09-30 16:09 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 12:10 - 2013-06-25 13:16 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FileZilla
2014-05-31 11:41 - 2013-07-17 12:01 - 00000000 ____D () C:\Users\internet_2\.mediathek3
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 17:18 - 2014-06-11 18:47 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 17:02 - 2014-06-11 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 17:02 - 2014-06-11 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 16:53 - 2014-05-25 14:32 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-30 16:44 - 2014-06-11 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 16:43 - 2014-06-11 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 16:42 - 2014-06-11 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 16:38 - 2014-06-11 18:47 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 16:34 - 2014-06-11 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 16:33 - 2014-06-11 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 16:30 - 2014-06-11 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 16:28 - 2014-06-11 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 16:28 - 2014-06-11 18:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 16:27 - 2014-06-11 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 16:21 - 2014-06-11 18:47 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 16:16 - 2014-06-11 18:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 16:10 - 2014-06-11 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 16:06 - 2014-06-11 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 16:04 - 2014-06-11 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 16:02 - 2014-06-11 18:47 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 15:57 - 2014-06-11 18:47 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 15:56 - 2014-06-11 18:47 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 15:54 - 2014-06-11 18:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 15:50 - 2014-06-11 18:47 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 15:49 - 2014-06-11 18:47 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 15:40 - 2014-06-11 18:47 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 15:21 - 2014-06-11 18:47 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 15:15 - 2014-06-11 18:47 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 15:13 - 2014-06-11 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 09:00 - 2014-05-30 08:40 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-30 08:17 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 08:18 - 2011-02-15 11:34 - 00000000 ____D () E:\Program Files\Java
2014-05-29 16:12 - 2014-04-29 08:22 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\MyPhoneExplorer
2014-05-29 15:36 - 2014-05-21 15:36 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Mp3tag
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ___HD () C:\Users\internet\.opdveza-an
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ____D () C:\Users\internet\.borland
2014-05-28 13:09 - 2013-06-15 12:56 - 00000600 _____ () C:\Users\internet_2\AppData\Roaming\winscp.rnd
2014-05-27 09:55 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-26 20:57 - 2014-05-30 07:52 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-25 14:05 - 2013-06-14 15:31 - 00000000 ____D () C:\Users\internet
2014-05-25 07:10 - 2014-03-03 09:12 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 14:03 - 2014-05-24 13:48 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt
2014-05-19 16:09 - 2013-09-13 09:30 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Notepad++
2014-05-19 07:02 - 2009-07-14 12:53 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-18 12:11 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-17 17:53 - 2013-06-23 07:54 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype
2014-05-16 10:11 - 2013-06-14 16:41 - 00000000 ____D () C:\Users\internet_2
2014-05-16 09:51 - 2013-06-15 10:30 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-16 09:51 - 2013-06-15 10:30 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 19:13 - 2013-12-27 21:07 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 19:13 - 2013-10-20 11:43 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 19:13 - 2013-10-20 11:43 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

Files to move or delete:
====================
C:\Users\internet\AppData\Roaming\CamLayout.ini
C:\Users\internet\AppData\Roaming\CamShapes.ini
C:\Users\internet_2\AppData\Roaming\Camdata.ini
C:\Users\internet_2\AppData\Roaming\CamLayout.ini
C:\Users\internet_2\AppData\Roaming\CamShapes.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 17:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Anmerkung zur Gmer_zip Datei:
Natürlich habe ich die Anleitung zum Posten gelesen und auch versucht, alle Protokolle direkt einzu binden. Mitnichten will ich Dir unnötige Arbeit machen. Ich kann sehr wohl einschätzen, wie viel Mühe es eh schon macht, mir und all den Leuten hier zu helfen.
Aber als ich mir den Post in der Vorschau angesehen habe, da wurde mir mitgeteilt, das zuviele Zeichen vorhanden sind. Daher habe ich - übrigens wie in der Anleitung nachzulesen - das log von GMER als zip-Datei angehängt.

Leider war es mir gestern und heute nicht möglich Combofix zum laufen zu bekommen. Das Programm habe ich sowohl mit Adminrechten im eingeschränkten Account als auch direkt im Admin laufen lassen und es ist nie weiter gekommen, als bis zu der Meldung "Outputfolder: C:\3278...".

Im FRST kann man dazu ja finden
"Error: (06/13/2014 09:35:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ComboFix.exe14.6.12.1137001cf86a76bb894ea0D:\AntiVirus\ComboFix.exe"

Aber das hilft mir nicht weiter. Ich hoffe, Du kannst damit was anfangen.
Ich hätte Dir gerne einen ScreenShot davon mit gepostet, aber leider werden meine Links aus der Dropbox ja nicht angezeigt.

Den Outputfolder unter C:\ konnte ich nicht finden, dafür aber einen neuen, mir unbekannten Ordner "32788R22FWJFW" mit folgendem Hint unter der Maus: "Shows the disk drives and hardware connected to this computer". Kann ich mir nicht erklären - hat aber vielleicht ja gar nichts mit Combofix zu tun.

Sorry dass ich Dir keine besseren Nachrichten bieten konnte - aber heute ist ja auch Freitag der 13. !

Gruß Andreas
__________________

Alt 13.06.2014, 22:14   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Combofix löschen und neu laden, nochmal laufen lassen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.06.2014, 08:32   #5
wbtroj
 
Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Hi Schrauber,
hatte dummerweise drei Tage lang kein Internet. Werde mich also morgen mal dran machen und lass dann von mir hören - danke!
Andreas!


Alt 15.06.2014, 20:09   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



ok
__________________
--> Windows 7: Verdächtige Popup Fenster im FireFox

Alt 16.06.2014, 03:38   #7
wbtroj
 
Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Hallo Schrauber,
sorry, aber das läuft leider alles nicht so wie es sein sollte. Habe heute versucht Combofix nochmal von dem Link, den Du mir in Deiner Antwort genannt hattest, herunterzuladen. Nach kurzer Zeit kam dann Avast hoch mit der Meldung:

"Avast Dateisystem-Schutz hat eine Bedrohung blockiert.
Keine Aktion erforderlich.
Objekt: C:\Users\internet_2\...\5DcYqYMX.exe.part
Infektion: Win32: Dropper-gen [Drp]
Aktion: In Container verschoben
Prozess: E:\Internet\FireFox\fierefox.exe

Eine Bedrohung wurde gefunden und bei Erzeugung oder Änderung der Datei Blockiert"

Wohlgemerkt: das kam beim Herunterladen - nicht beim Ausführen von Combofix. Da hätte ich natürlich Avast laut Deiner Anweisung ausgeschaltet.

Was soll ich tun? Von einer anderen Quelle möchte ich ohne Deine Zustimmung nicht laden, denn einige sehen mir schon sehr dubios aus!

Gruß Andreas!

Alt 16.06.2014, 22:30   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Check mal bitte ob du auch wirklich auf bleepingcomputer.com bist wenn Du downloaden willst, und dort auch auf den korrekten Button klickst.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.06.2014, 05:00   #9
wbtroj
 
Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Hi Schrauber,
vielen Dank für Deinen Hinweis. Mit Deinem Link stimmt bei mir irgendwas nicht. Der zeigt zwar schon auf die richtige Seite, aber dann meckert Avast immer. Ich bin dann mal direkt auf bleepingcomputer.com und habe mir den Download für combofix besorgt. Das Herunterladen hat dann auch ohne Probleme geklappt, aber das Programm hängt nach dem Start leider immer noch.

Wenn Du möchtest, dann hier mal ein ScreenShot davon:
https://www.dropbox.com/s/99ldpognu50v61u/P_20140617_094212.jpg

Im Eventlog finde ich u. a. dies:
A)
Code:
ATTFilter
The program ComboFix.exe version 14.6.16.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 Process ID: 1730
 Start Time: 01cf89cbb364be55
 Termination Time: 0
 Application Path: C:\Users\internet\Desktop\ComboFix.exe
 Report Id:
         
B)
Code:
ATTFilter
Fault bucket , type 0
Event Name: AppHangB1
Response: Not available
Cab Id: 0

Problem signature:
P1: ComboFix.exe
P2: 14.6.16.1
P3: 4b1ae3c6
P4: c30a
P5: 6144
P6: 
P7: 
P8: 
P9: 
P10: 

Attached files:
I:\Temp\WER6AA5.tmp.appcompat.txt
I:\Temp\WER6BAF.tmp.WERInternalMetadata.xml
I:\Temp\WERB138.tmp.xml
I:\Temp\WERB158.tmp.WERDataCollectionFailure.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_ComboFix.exe_7b6a9325309628d13d9da38c712ad97849d18b8b_cab_1154b155

Analysis symbol: 
Rechecking for solution: 0
Report Id: 9352ba33-f5c2-11e3-b028-6cf049ddb301
Report Status: 4
         
Das sagt mir aber leider mal wieder nichts.

Und hier noch ein frisches FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by internet (administrator) on DESKTOP-PC on 17-06-2014 10:55:40
Running from D:\AntiVirus
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Corporation) E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Nitro PDF Software) E:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(The Eraser Project) E:\Program Files\Eraser\Eraser.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NTeWORKS) E:\Image Processing\PicPick\picpick.exe
(Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) E:\Program Files\Windows Sidebar\sidebar.exe
(Automattic, Inc.) C:\Users\internet_2\AppData\Local\Cloudup\App\Cloudup.exe
(Dropbox, Inc.) C:\Users\internet_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\javaw.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) E:\Program Files\windows media player\wmpnetwk.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) E:\MS\Office10\MSOFFICE.EXE
(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Joyent, Inc) C:\Users\internet_2\AppData\Local\Cloudup\App\cloudup-node.exe
(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Mozilla Corporation) E:\Internet\FireFox\firefox.exe
(Mozilla Corporation) E:\Internet\FireFox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] => E:\Program Files\Comodo\COMODO Internet Security\cistray.exe [1225944 2014-03-26] (COMODO)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [Eraser] => E:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [StartCCC] => E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => E:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11680400 2012-10-26] (Realtek Semiconductor)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-18] (Microsoft Corporation)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\Run: [PicPick Start] => E:\Image Processing\PicPick\picpick.exe [13165400 2014-03-12] (NTeWORKS)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\MountPoints2: {e9c92f2f-d4c2-11e2-85eb-806e6f6e6963} - N:\CDBROWSE.EXE
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\MountPoints2: {e9c92f30-d4c2-11e2-85eb-806e6f6e6963} - O:\Run.exe
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [PicPick Start] => E:\Image Processing\PicPick\picpick.exe [13165400 2014-03-12] (NTeWORKS)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Messenger (Yahoo!)] => "E:\PROGRA~3\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Cloudup] => C:\Users\internet_2\AppData\Local\Cloudup\App\Cloudup.exe [531344 2014-04-15] (Automattic, Inc.)
Startup: C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI (RC3).lnk
ShortcutTarget: Secunia PSI (RC3).lnk -> D:\Programme\Personal Software Inspector\psi.exe (Secunia)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\internet\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloaderPortable.lnk
ShortcutTarget: JDownloaderPortable.lnk -> E:\Media\Video\JDownloader\JDownloaderPortable.exe (AppWork GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fil-PH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x13A26660C36CCE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{65379DEE-2D36-4695-8857-4DC4D45113C2}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: I:\Eigene Dateien\Internet\FireFox\Profile\@dele
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - E:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\y4m0hhnp.default\user.js
FF Extension: McAfee SiteAdvisor - E:\Program Files\McAfee\SiteAdvisor [2011-12-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - E:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - E:\Program Files\McAfee\SiteAdvisor [2011-12-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-20]
FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-06-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software)
R2 c2cautoupdatesvc; E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cmdAgent; E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-17] (COMODO)
S3 cmdvirth; E:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-26] (COMODO)
R2 FoxitCloudUpdateService; E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
S2 gupdate; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
S3 gupdatem; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2013-06-20] () [File not signed]
S4 McAfee SiteAdvisor Service; E:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-07] (McAfee, Inc.)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 NitroReaderDriverReadSpool3; E:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S2 SkypeUpdate; E:\Program Files\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 wampapache; P:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) [File not signed]
S3 wampmysqld; P:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () [File not signed]
S3 WinDefend; E:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
R3 WMPNetworkSvc; E:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2013-08-18] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 Update webget; "E:\Program Files\webget\updatewebget.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-25] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-17] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-17] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-17] (COMODO)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2009-08-26] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2009-09-16] () [File not signed]
S3 gdrv; C:\Windows\gdrv.sys [17488 2014-06-10] (Windows (R) 2000 DDK provider)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-17] (COMODO)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [22120 2011-06-15] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [27752 2011-09-16] (Realtek Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [90648 2011-06-14] (Ray Hinchliffe)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
R1 {55685567-4840-4a91-962b-49a412e9485a}w; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys [52920 2014-05-26] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 SASDIFSV; \??\I:\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\I:\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-17 09:29 - 2014-06-17 09:18 - 05206841 _____ (Swearware) C:\Users\internet\Desktop\ComboFix.exe
2014-06-17 09:03 - 2014-06-17 09:18 - 05206841 _____ (Swearware) C:\Users\internet_2\Desktop\ComboFix.exe
2014-06-16 11:09 - 2014-06-16 11:09 - 00001191 _____ () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloudup.lnk
2014-06-15 21:21 - 2014-06-15 21:21 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-13 09:47 - 2014-06-17 10:55 - 00000000 ____D () C:\FRST
2014-06-12 17:24 - 2014-06-17 09:30 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-11 18:47 - 2014-05-30 17:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 18:47 - 2014-05-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 18:47 - 2014-05-30 17:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 18:47 - 2014-05-30 16:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 18:47 - 2014-05-30 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 18:47 - 2014-05-30 16:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 18:47 - 2014-05-30 16:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 18:47 - 2014-05-30 16:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 18:47 - 2014-05-30 16:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 18:47 - 2014-05-30 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 18:47 - 2014-05-30 16:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 18:47 - 2014-05-30 16:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 18:47 - 2014-05-30 16:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 18:47 - 2014-05-30 16:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 18:47 - 2014-05-30 16:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 18:47 - 2014-05-30 16:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 18:47 - 2014-05-30 16:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 18:47 - 2014-05-30 16:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 18:47 - 2014-05-30 16:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 18:47 - 2014-05-30 15:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 18:47 - 2014-05-30 15:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 18:47 - 2014-05-30 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 18:47 - 2014-05-30 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 18:47 - 2014-05-30 15:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 18:47 - 2014-05-30 15:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 18:47 - 2014-05-30 15:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 18:47 - 2014-05-30 15:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 18:47 - 2014-05-30 15:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 16:54 - 2014-06-08 16:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 16:54 - 2014-04-05 10:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 16:54 - 2014-04-05 10:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 16:53 - 2014-06-08 16:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 16:53 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2012-10-30 17:59 - 03340880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-06-10 17:22 - 2012-10-30 16:43 - 00369117 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-06-10 17:22 - 2012-10-29 16:34 - 02357344 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-06-10 17:22 - 2012-10-25 14:45 - 00097424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-06-10 17:22 - 2012-10-23 11:30 - 03219600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-06-10 17:22 - 2012-09-20 00:59 - 00742264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-06-10 17:22 - 2012-09-12 09:51 - 02486416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-06-10 17:22 - 2012-09-09 14:33 - 01929080 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-06-10 17:22 - 2012-08-21 14:51 - 00658064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-06-10 17:22 - 2012-08-13 18:06 - 01501840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-06-10 17:22 - 2012-08-03 18:18 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-06-10 17:22 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-06-10 17:22 - 2012-06-08 16:23 - 00071808 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2014-06-10 17:22 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00176736 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2014-06-10 17:22 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2014-06-10 17:22 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2014-06-10 17:22 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-06-10 17:22 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2014-06-10 17:22 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2014-06-10 17:22 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-09 11:05 - 2014-06-09 13:27 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-05 16:03 - 2014-06-05 19:05 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-06-03 22:11 - 2014-06-03 22:11 - 00147667 ____N () C:\Windows\Minidump\060314-22495-01.dmp
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 08:40 - 2014-05-30 09:00 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-30 08:18 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-30 08:18 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-30 08:18 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-30 08:17 - 2014-05-30 08:18 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 07:52 - 2014-05-26 20:57 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-28 08:33 - 2014-06-12 14:54 - 00000000 ____D () E:\Program Files\webget
2014-05-25 14:32 - 2014-05-30 16:53 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-24 13:48 - 2014-05-24 14:03 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt
2014-05-21 15:36 - 2014-05-29 15:36 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Mp3tag

==================== One Month Modified Files and Folders =======

2014-06-17 10:55 - 2014-06-13 09:47 - 00000000 ____D () C:\FRST
2014-06-17 10:49 - 2013-07-14 07:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-17 10:35 - 2013-09-22 13:46 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Dropbox
2014-06-17 10:35 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-17 10:35 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-17 10:28 - 2013-06-22 19:49 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Skype
2014-06-17 10:26 - 2014-03-03 09:13 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\DropboxMaster
2014-06-17 10:24 - 2014-01-01 10:16 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 10:24 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 10:23 - 2014-03-22 07:07 - 00022868 _____ () C:\Windows\setupact.log
2014-06-17 09:56 - 2013-06-23 07:54 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype
2014-06-17 09:56 - 2013-06-14 15:23 - 01086108 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 09:30 - 2014-06-12 17:24 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-17 09:18 - 2014-06-17 09:29 - 05206841 _____ (Swearware) C:\Users\internet\Desktop\ComboFix.exe
2014-06-17 09:18 - 2014-06-17 09:03 - 05206841 _____ (Swearware) C:\Users\internet_2\Desktop\ComboFix.exe
2014-06-17 09:15 - 2013-09-10 17:39 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\vlc
2014-06-17 09:01 - 2014-01-01 10:16 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-16 16:22 - 2013-06-14 15:33 - 00795754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-16 11:09 - 2014-06-16 11:09 - 00001191 _____ () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloudup.lnk
2014-06-15 21:21 - 2014-06-15 21:21 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-15 21:21 - 2013-06-22 19:49 - 00000000 ___RD () E:\Program Files\Skype
2014-06-15 17:07 - 2013-06-21 08:43 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Nitro PDF
2014-06-14 08:14 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-12 21:18 - 2013-10-20 13:10 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc
2014-06-12 18:00 - 2013-11-13 08:06 - 00000000 ____D () C:\Windows\rescache
2014-06-12 14:54 - 2014-05-28 08:33 - 00000000 ____D () E:\Program Files\webget
2014-06-12 14:54 - 2013-06-15 07:45 - 00401084 _____ () C:\Windows\PFRO.log
2014-06-12 14:30 - 2009-07-14 10:04 - 00000505 _____ () C:\Windows\win.ini
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-11 20:35 - 2014-04-25 11:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 20:35 - 2011-02-08 14:44 - 00000000 ____D () E:\Program Files\internet explorer
2014-06-11 18:51 - 2013-07-27 08:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 18:48 - 2013-06-17 13:26 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 16:52 - 2014-02-04 16:57 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Free Download Manager
2014-06-10 17:24 - 2013-09-13 10:24 - 00000000 ___HD () E:\Program Files\Temp
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2011-02-08 16:04 - 00000000 ____D () E:\Program Files\Realtek
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-10 16:49 - 2013-06-14 15:35 - 00000010 _____ () C:\Windows\GSetup.ini
2014-06-10 16:05 - 2013-09-04 12:00 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Orbit
2014-06-10 16:04 - 2013-10-14 10:09 - 00000000 ____D () E:\Program Files\Calibre2
2014-06-09 13:27 - 2014-06-09 11:05 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-09 10:10 - 2013-10-14 10:15 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\calibre
2014-06-08 16:48 - 2014-06-11 16:54 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 16:43 - 2014-06-11 16:53 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 19:05 - 2014-06-05 16:03 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-06-03 22:11 - 2014-06-03 22:11 - 00147667 ____N () C:\Windows\Minidump\060314-22495-01.dmp
2014-06-03 22:11 - 2013-09-30 16:09 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 12:10 - 2013-06-25 13:16 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FileZilla
2014-05-31 11:41 - 2013-07-17 12:01 - 00000000 ____D () C:\Users\internet_2\.mediathek3
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 17:18 - 2014-06-11 18:47 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 17:02 - 2014-06-11 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 17:02 - 2014-06-11 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 16:53 - 2014-05-25 14:32 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-30 16:44 - 2014-06-11 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 16:43 - 2014-06-11 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 16:42 - 2014-06-11 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 16:38 - 2014-06-11 18:47 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 16:34 - 2014-06-11 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 16:33 - 2014-06-11 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 16:30 - 2014-06-11 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 16:28 - 2014-06-11 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 16:28 - 2014-06-11 18:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 16:27 - 2014-06-11 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 16:21 - 2014-06-11 18:47 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 16:16 - 2014-06-11 18:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 16:10 - 2014-06-11 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 16:06 - 2014-06-11 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 16:04 - 2014-06-11 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 16:02 - 2014-06-11 18:47 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 15:57 - 2014-06-11 18:47 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 15:56 - 2014-06-11 18:47 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 15:54 - 2014-06-11 18:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 15:50 - 2014-06-11 18:47 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 15:49 - 2014-06-11 18:47 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 15:40 - 2014-06-11 18:47 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 15:21 - 2014-06-11 18:47 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 15:15 - 2014-06-11 18:47 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 15:13 - 2014-06-11 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 09:00 - 2014-05-30 08:40 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-30 08:17 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 08:18 - 2011-02-15 11:34 - 00000000 ____D () E:\Program Files\Java
2014-05-29 16:12 - 2014-04-29 08:22 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\MyPhoneExplorer
2014-05-29 15:36 - 2014-05-21 15:36 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Mp3tag
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ___HD () C:\Users\internet\.opdveza-an
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ____D () C:\Users\internet\.borland
2014-05-28 13:09 - 2013-06-15 12:56 - 00000600 _____ () C:\Users\internet_2\AppData\Roaming\winscp.rnd
2014-05-27 09:55 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-26 20:57 - 2014-05-30 07:52 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-25 14:05 - 2013-06-14 15:31 - 00000000 ____D () C:\Users\internet
2014-05-25 07:10 - 2014-03-03 09:12 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 14:03 - 2014-05-24 13:48 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt
2014-05-19 16:09 - 2013-09-13 09:30 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Notepad++
2014-05-19 07:02 - 2009-07-14 12:53 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-18 12:11 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET

Files to move or delete:
====================
C:\Users\internet\AppData\Roaming\CamLayout.ini
C:\Users\internet\AppData\Roaming\CamShapes.ini
C:\Users\internet_2\AppData\Roaming\Camdata.ini
C:\Users\internet_2\AppData\Roaming\CamLayout.ini
C:\Users\internet_2\AppData\Roaming\CamShapes.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 17:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Wie können wir denn jetzt weitermachen?

Gruß Andreas

Alt 17.06.2014, 11:54   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.06.2014, 14:01   #11
wbtroj
 
Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Hallo Schrauber,
ok - alles soweit ausgeführt. JRT konnte ich allerdings nicht starten. Es kam immer die Meldung:
Code:
ATTFilter
Error during execution ""I:\Temp\jrt\get.bat""
         
Habe auch schon versucht die Umgebungsvariable für Temp auf ein anderes Laufwerk zu setzen (u. a. auch auf "C:"). Leider kein Erfolg.
Hier die anderen Protokolle:
A)mbam.txt:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.06.2014
Suchlauf-Zeit: 07:53:44
Logdatei: mbam.txt
Administrator: Nein

Version: 2.00.2.1012
Malware Datenbank: v2014.06.17.13
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: internet_2

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 223481
Verstrichene Zeit: 16 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Webget.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update webget, Löschen bei Neustart, [820f6b0e2d4e1c1a4daa694536cc08f8], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
B) ADW:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.212 - Report created 18/06/2014 at 08:50:47
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Basic Service Pack 1 (32 bits)
# Username : internet - DESKTOP-PC
# Running from : D:\AntiVirus\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update webget

***** [ Files / Folders ] *****

Folder Deleted : E:\Program Files\webget
Folder Deleted : I:\Temp\OCS
File Deleted : C:\Users\internet\daemonprocess.txt
File Deleted : C:\Users\internet_2\daemonprocess.txt
File Deleted : C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\y4m0hhnp.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\OCS

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v21.0 (de)

[ File : C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\y4m0hhnp.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5986 octets] - [22/02/2014 14:32:29]
AdwCleaner[S0].txt - [6046 octets] - [22/02/2014 14:41:43]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [6106 octets] ##########
         
--- --- ---


C) FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by internet (administrator) on DESKTOP-PC on 18-06-2014 09:17:14
Running from D:\AntiVirus
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Corporation) E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) E:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) E:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Nitro PDF Software) E:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(The Eraser Project) E:\Program Files\Eraser\Eraser.exe
(Malwarebytes Corporation) E:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NTeWORKS) E:\Image Processing\PicPick\picpick.exe
(Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) E:\Program Files\Windows Sidebar\sidebar.exe
(Automattic, Inc.) C:\Users\internet_2\AppData\Local\Cloudup\App\Cloudup.exe
(Dropbox, Inc.) C:\Users\internet_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\javaw.exe
(Microsoft Corporation) E:\MS\Office10\MSOFFICE.EXE
(Joyent, Inc) C:\Users\internet_2\AppData\Local\Cloudup\App\cloudup-node.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) E:\Program Files\windows media player\wmpnetwk.exe
(Mozilla Corporation) E:\Internet\FireFox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] => E:\Program Files\Comodo\COMODO Internet Security\cistray.exe [1225944 2014-03-26] (COMODO)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [Eraser] => E:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [StartCCC] => E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => E:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11680400 2012-10-26] (Realtek Semiconductor)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-18] (Microsoft Corporation)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\Run: [PicPick Start] => E:\Image Processing\PicPick\picpick.exe [13165400 2014-03-12] (NTeWORKS)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\MountPoints2: {e9c92f2f-d4c2-11e2-85eb-806e6f6e6963} - N:\CDBROWSE.EXE
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\MountPoints2: {e9c92f30-d4c2-11e2-85eb-806e6f6e6963} - O:\Run.exe
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [PicPick Start] => E:\Image Processing\PicPick\picpick.exe [13165400 2014-03-12] (NTeWORKS)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Messenger (Yahoo!)] => "E:\PROGRA~3\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Cloudup] => C:\Users\internet_2\AppData\Local\Cloudup\App\Cloudup.exe [531344 2014-04-15] (Automattic, Inc.)
Startup: C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI (RC3).lnk
ShortcutTarget: Secunia PSI (RC3).lnk -> D:\Programme\Personal Software Inspector\psi.exe (Secunia)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\internet\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloaderPortable.lnk
ShortcutTarget: JDownloaderPortable.lnk -> E:\Media\Video\JDownloader\JDownloaderPortable.exe (AppWork GmbH)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fil-PH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x13A26660C36CCE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{65379DEE-2D36-4695-8857-4DC4D45113C2}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: I:\Eigene Dateien\Internet\FireFox\Profile\@dele
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - E:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Extension: McAfee SiteAdvisor - E:\Program Files\McAfee\SiteAdvisor [2011-12-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - E:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - E:\Program Files\McAfee\SiteAdvisor [2011-12-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-20]
FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-06-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software)
R2 c2cautoupdatesvc; E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cmdAgent; E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-17] (COMODO)
S3 cmdvirth; E:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-26] (COMODO)
R2 FoxitCloudUpdateService; E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
S2 gupdate; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
S3 gupdatem; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2013-06-20] () [File not signed]
R2 MBAMScheduler; E:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; E:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; E:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-07] (McAfee, Inc.)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 NitroReaderDriverReadSpool3; E:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S2 SkypeUpdate; E:\Program Files\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 wampapache; P:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) [File not signed]
S3 wampmysqld; P:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () [File not signed]
S3 WinDefend; E:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
R3 WMPNetworkSvc; E:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2013-08-18] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-25] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-17] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-17] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-17] (COMODO)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2009-08-26] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2009-09-16] () [File not signed]
S3 gdrv; C:\Windows\gdrv.sys [17488 2014-06-10] (Windows (R) 2000 DDK provider)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-17] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [22120 2011-06-15] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [27752 2011-09-16] (Realtek Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [90648 2011-06-14] (Ray Hinchliffe)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
R1 {55685567-4840-4a91-962b-49a412e9485a}w; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys [52920 2014-05-26] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 SASDIFSV; \??\I:\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\I:\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 09:07 - 2014-06-18 09:07 - 00000000 ____D () C:\Temp
2014-06-18 08:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-18 07:33 - 2014-06-18 09:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 07:31 - 2014-06-18 07:31 - 00000960 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 07:31 - 2014-06-18 07:31 - 00000000 ____D () E:\Program Files\ Malwarebytes Anti-Malware 
2014-06-18 07:31 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-18 07:31 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 07:31 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-17 09:29 - 2014-06-17 09:18 - 05206841 _____ (Swearware) C:\Users\internet\Desktop\ComboFix.exe
2014-06-17 09:03 - 2014-06-17 09:18 - 05206841 _____ (Swearware) C:\Users\internet_2\Desktop\ComboFix.exe
2014-06-16 11:09 - 2014-06-16 11:09 - 00001191 _____ () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloudup.lnk
2014-06-15 21:21 - 2014-06-15 21:21 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-13 09:47 - 2014-06-18 09:17 - 00000000 ____D () C:\FRST
2014-06-12 17:24 - 2014-06-17 09:30 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-11 18:47 - 2014-05-30 17:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 18:47 - 2014-05-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 18:47 - 2014-05-30 17:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 18:47 - 2014-05-30 16:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 18:47 - 2014-05-30 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 18:47 - 2014-05-30 16:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 18:47 - 2014-05-30 16:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 18:47 - 2014-05-30 16:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 18:47 - 2014-05-30 16:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 18:47 - 2014-05-30 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 18:47 - 2014-05-30 16:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 18:47 - 2014-05-30 16:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 18:47 - 2014-05-30 16:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 18:47 - 2014-05-30 16:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 18:47 - 2014-05-30 16:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 18:47 - 2014-05-30 16:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 18:47 - 2014-05-30 16:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 18:47 - 2014-05-30 16:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 18:47 - 2014-05-30 16:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 18:47 - 2014-05-30 15:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 18:47 - 2014-05-30 15:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 18:47 - 2014-05-30 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 18:47 - 2014-05-30 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 18:47 - 2014-05-30 15:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 18:47 - 2014-05-30 15:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 18:47 - 2014-05-30 15:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 18:47 - 2014-05-30 15:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 18:47 - 2014-05-30 15:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 16:54 - 2014-06-08 16:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 16:54 - 2014-04-05 10:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 16:54 - 2014-04-05 10:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 16:53 - 2014-06-08 16:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 16:53 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2012-10-30 17:59 - 03340880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-06-10 17:22 - 2012-10-30 16:43 - 00369117 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-06-10 17:22 - 2012-10-29 16:34 - 02357344 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-06-10 17:22 - 2012-10-25 14:45 - 00097424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-06-10 17:22 - 2012-10-23 11:30 - 03219600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-06-10 17:22 - 2012-09-20 00:59 - 00742264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-06-10 17:22 - 2012-09-12 09:51 - 02486416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-06-10 17:22 - 2012-09-09 14:33 - 01929080 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-06-10 17:22 - 2012-08-21 14:51 - 00658064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-06-10 17:22 - 2012-08-13 18:06 - 01501840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-06-10 17:22 - 2012-08-03 18:18 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-06-10 17:22 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-06-10 17:22 - 2012-06-08 16:23 - 00071808 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2014-06-10 17:22 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00176736 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2014-06-10 17:22 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2014-06-10 17:22 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2014-06-10 17:22 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-06-10 17:22 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2014-06-10 17:22 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2014-06-10 17:22 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-09 11:05 - 2014-06-09 13:27 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-05 16:03 - 2014-06-05 19:05 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-06-03 22:11 - 2014-06-03 22:11 - 00147667 ____N () C:\Windows\Minidump\060314-22495-01.dmp
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 08:40 - 2014-05-30 09:00 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-30 08:18 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-30 08:18 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-30 08:18 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-30 08:17 - 2014-05-30 08:18 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 07:52 - 2014-05-26 20:57 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-25 14:32 - 2014-05-30 16:53 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-24 13:48 - 2014-05-24 14:03 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt
2014-05-21 15:36 - 2014-05-29 15:36 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Mp3tag

==================== One Month Modified Files and Folders =======

2014-06-18 09:17 - 2014-06-13 09:47 - 00000000 ____D () C:\FRST
2014-06-18 09:17 - 2013-06-22 19:49 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Skype
2014-06-18 09:15 - 2014-03-03 09:13 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\DropboxMaster
2014-06-18 09:15 - 2013-09-22 13:46 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Dropbox
2014-06-18 09:15 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 09:15 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 09:11 - 2014-01-01 10:16 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 09:07 - 2014-06-18 09:07 - 00000000 ____D () C:\Temp
2014-06-18 09:04 - 2013-06-23 07:54 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype
2014-06-18 09:03 - 2014-06-18 07:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 09:01 - 2013-06-14 15:23 - 01118100 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 09:00 - 2014-01-01 10:16 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 08:52 - 2014-03-22 07:07 - 00023092 _____ () C:\Windows\setupact.log
2014-06-18 08:52 - 2013-06-15 07:45 - 00401394 _____ () C:\Windows\PFRO.log
2014-06-18 08:52 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 08:50 - 2013-06-14 16:41 - 00000000 ____D () C:\Users\internet_2
2014-06-18 08:50 - 2013-06-14 15:31 - 00000000 ____D () C:\Users\internet
2014-06-18 08:49 - 2013-07-14 07:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-18 08:21 - 2013-06-21 08:43 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Nitro PDF
2014-06-18 08:09 - 2013-09-10 17:39 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\vlc
2014-06-18 07:31 - 2014-06-18 07:31 - 00000960 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 07:31 - 2014-06-18 07:31 - 00000000 ____D () E:\Program Files\ Malwarebytes Anti-Malware 
2014-06-18 07:27 - 2013-06-14 15:33 - 00795754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 09:30 - 2014-06-12 17:24 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-17 09:18 - 2014-06-17 09:29 - 05206841 _____ (Swearware) C:\Users\internet\Desktop\ComboFix.exe
2014-06-17 09:18 - 2014-06-17 09:03 - 05206841 _____ (Swearware) C:\Users\internet_2\Desktop\ComboFix.exe
2014-06-16 11:09 - 2014-06-16 11:09 - 00001191 _____ () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloudup.lnk
2014-06-15 21:21 - 2014-06-15 21:21 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-15 21:21 - 2013-06-22 19:49 - 00000000 ___RD () E:\Program Files\Skype
2014-06-14 08:14 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-12 21:18 - 2013-10-20 13:10 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc
2014-06-12 18:00 - 2013-11-13 08:06 - 00000000 ____D () C:\Windows\rescache
2014-06-12 14:30 - 2009-07-14 10:04 - 00000505 _____ () C:\Windows\win.ini
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-11 20:35 - 2014-04-25 11:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 20:35 - 2011-02-08 14:44 - 00000000 ____D () E:\Program Files\internet explorer
2014-06-11 18:51 - 2013-07-27 08:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 18:48 - 2013-06-17 13:26 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 16:52 - 2014-02-04 16:57 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Free Download Manager
2014-06-10 17:24 - 2013-09-13 10:24 - 00000000 ___HD () E:\Program Files\Temp
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2011-02-08 16:04 - 00000000 ____D () E:\Program Files\Realtek
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-10 16:49 - 2013-06-14 15:35 - 00000010 _____ () C:\Windows\GSetup.ini
2014-06-10 16:05 - 2013-09-04 12:00 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Orbit
2014-06-10 16:04 - 2013-10-14 10:09 - 00000000 ____D () E:\Program Files\Calibre2
2014-06-09 13:27 - 2014-06-09 11:05 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-09 10:10 - 2013-10-14 10:15 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\calibre
2014-06-08 16:48 - 2014-06-11 16:54 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 16:43 - 2014-06-11 16:53 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 19:05 - 2014-06-05 16:03 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-06-03 22:11 - 2014-06-03 22:11 - 00147667 ____N () C:\Windows\Minidump\060314-22495-01.dmp
2014-06-03 22:11 - 2013-09-30 16:09 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 12:10 - 2013-06-25 13:16 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FileZilla
2014-05-31 11:41 - 2013-07-17 12:01 - 00000000 ____D () C:\Users\internet_2\.mediathek3
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 17:18 - 2014-06-11 18:47 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 17:02 - 2014-06-11 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 17:02 - 2014-06-11 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 16:53 - 2014-05-25 14:32 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-30 16:44 - 2014-06-11 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 16:43 - 2014-06-11 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 16:42 - 2014-06-11 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 16:38 - 2014-06-11 18:47 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 16:34 - 2014-06-11 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 16:33 - 2014-06-11 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 16:30 - 2014-06-11 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 16:28 - 2014-06-11 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 16:28 - 2014-06-11 18:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 16:27 - 2014-06-11 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 16:21 - 2014-06-11 18:47 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 16:16 - 2014-06-11 18:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 16:10 - 2014-06-11 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 16:06 - 2014-06-11 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 16:04 - 2014-06-11 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 16:02 - 2014-06-11 18:47 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 15:57 - 2014-06-11 18:47 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 15:56 - 2014-06-11 18:47 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 15:54 - 2014-06-11 18:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 15:50 - 2014-06-11 18:47 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 15:49 - 2014-06-11 18:47 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 15:40 - 2014-06-11 18:47 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 15:21 - 2014-06-11 18:47 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 15:15 - 2014-06-11 18:47 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 15:13 - 2014-06-11 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 09:00 - 2014-05-30 08:40 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-30 08:17 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 08:18 - 2011-02-15 11:34 - 00000000 ____D () E:\Program Files\Java
2014-05-29 16:12 - 2014-04-29 08:22 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\MyPhoneExplorer
2014-05-29 15:36 - 2014-05-21 15:36 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Mp3tag
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ___HD () C:\Users\internet\.opdveza-an
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ____D () C:\Users\internet\.borland
2014-05-28 13:09 - 2013-06-15 12:56 - 00000600 _____ () C:\Users\internet_2\AppData\Roaming\winscp.rnd
2014-05-27 09:55 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-26 20:57 - 2014-05-30 07:52 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-25 07:10 - 2014-03-03 09:12 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 14:03 - 2014-05-24 13:48 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt
2014-05-19 16:09 - 2013-09-13 09:30 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Notepad++
2014-05-19 07:02 - 2009-07-14 12:53 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\internet\AppData\Roaming\CamLayout.ini
C:\Users\internet\AppData\Roaming\CamShapes.ini
C:\Users\internet_2\AppData\Roaming\Camdata.ini
C:\Users\internet_2\AppData\Roaming\CamLayout.ini
C:\Users\internet_2\AppData\Roaming\CamShapes.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 17:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Ich bin bis einschließich Samstag nicht zu hause. Ich kann zwar Deine Post lesen und schon mal eventuell Programme herunterladen, aber natürlich nichts am Desktop machen.

Ok- schöne Tage noch
Andreas!

Hi Schrauber,
nur kurz: Meine Pläne haben sich geändert und ich bin bis auf weiteres erst mal nicht unterwegs. Kann also wieder mitspielen !
Bis denn
Andreas!

Alt 19.06.2014, 12:52   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.06.2014, 07:55   #13
wbtroj
 
Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Hallo Schrauber,
sorry – das hat alles ein wenig laenger gedauert. Den Eset Scan musste ich nach 16 Stunden abbrechen und dann für die vorhandenen Laufwerke einzeln durchführen, da ich den Computer nicht unbeaufsichtigt laufen lassen kann.

Hier nun die Protokolle
A) Eset
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18792
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-20 01:35:42
# local_time=2014-06-20 09:35:42 (+0800, China Standard Time)
# country="United States"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1132061 20152349 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4603717 59386664 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 534579 28804317 0 0
# scanned=8435
# found=0
# cleaned=0
# scan_time=1066
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18810
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-21 01:35:34
# local_time=2014-06-21 09:35:34 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1218453 20238741 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4690109 59473056 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 620971 28890709 0 0
# scanned=89318
# found=1
# cleaned=0
# scan_time=7416
sh=294B2ACF4CC34EE68C6F8A9C20CDD14A39D54176 ft=1 fh=30b9cad22c611066 vn="a variant of Win32/InstallCore.LN potentially unwanted application" ac=I fn="C:\Users\internet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7415WCK\JDownloaderSetup_CH[1].exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18810
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-21 02:34:08
# local_time=2014-06-21 10:34:08 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1221967 20242255 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4693623 59476570 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 624485 28894223 0 0
# scanned=46956
# found=6
# cleaned=0
# scan_time=3046
sh=A4A6105A04F8DC979E3B82E9AD63B62B2286A61C ft=0 fh=0000000000000000 vn="Win32/Mobogenie.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Users\internet\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.1.35.zip.vir"
sh=B3E9B985A45EF896577466209FC1FDEDB066EB70 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Users\internet\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\MUServer.apk.vir"
sh=185972DE963ED7F0692CF8919D753871B3FAB912 ft=0 fh=0000000000000000 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Users\internet\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip.vir"
sh=D0E5E11ACDD3E7AF720794C6AD722169570CA169 ft=1 fh=afc8ab45c959803b vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Users\internet\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=A703E83DC6447E84E8582B80A3DBF6C03B77D04A ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\C\Users\internet\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=0D34657F3EC6BF0D38D039381A986C379DD76DCD ft=1 fh=9487f2225b41a910 vn="a variant of Win32/DownloadSponsor.A potentially unwanted application" ac=I fn="D:\AdwCleaner\Quarantine\I\Temp\OCS\ocs_v71b.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18810
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-21 04:57:36
# local_time=2014-06-21 12:57:36 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1230575 20250863 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4702231 59485178 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 633093 28902831 0 0
# scanned=205923
# found=7
# cleaned=0
# scan_time=8181
sh=CEC6D5B7D6F8A2D613069F3D0F882CFE23C4B92A ft=1 fh=d853b3542beb8cb3 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Media\ac3filter_2_5b.exe"
sh=CEC6D5B7D6F8A2D613069F3D0F882CFE23C4B92A ft=1 fh=d853b3542beb8cb3 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Media\GomPlayer\codecs\down.gom"
sh=9B2AA2AD46B3D13C5C110DF7707DD4155A1D9DE3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A potentially unwanted application" ac=I fn="E:\My Dropbox\Sunday Backups\Firefox 3.6.2pre (de) Desktop - 2010-10-11.pcv"
sh=4D55BCE485FE68EF3BD9A09C3EE0500DD94DB258 ft=1 fh=e2cb5610fcbbfa64 vn="a variant of Win32/Toolbar.Conduit.K potentially unwanted application" ac=I fn="E:\NCH Software\VideoPad\uninst.exe"
sh=6F79E7EABD86598A83570EEAB772C2593979979A ft=1 fh=18f512dafcbbfa64 vn="a variant of Win32/Toolbar.Conduit.K potentially unwanted application" ac=I fn="E:\NCH Software\VideoPad\videopad.exe"
sh=FD437067B25677E6EDFC173E672CAAB346851F7C ft=1 fh=4ec0e6a65fe2e9ab vn="a variant of Win32/Toolbar.Conduit.K potentially unwanted application" ac=I fn="E:\NCH Software\VideoPad\videopad_setup_v2.12.exe"
sh=D99FA9347B3E05EC6A36156323A5D53BE8F9F14F ft=1 fh=e9a3de554c15b3cd vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="E:\Program Files\Wisdom-soft AutoScreenRecorder 3.1 Free\toolbar.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18810
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-21 08:45:59
# local_time=2014-06-21 04:45:59 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1244278 20264566 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4715934 59498881 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 646796 28916534 0 0
# scanned=280044
# found=3
# cleaned=0
# scan_time=13251
sh=ACFAAC92B5210832B185D476D047B1C2733D792A ft=1 fh=a510a895afb6c194 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\Downloads\CrystalDiskInfo6_1_12-en.exe"
sh=DC92ACB066FAAFC06F47908C766FD2459E3D6FAF ft=1 fh=2ed4d2c82e8cb35f vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\Downloads\FreeHideIP-3.7.6.8.Setup.exe"
sh=60183C09418B96DE84179F05FA5386B95587FD77 ft=1 fh=c966c0ff35ef0ed4 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\Downloads\FreemakeVideoDownloaderSetup_3.5.4.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18813
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-21 08:52:44
# local_time=2014-06-21 04:52:44 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1244683 20264971 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4716339 59499286 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 647201 28916939 0 0
# scanned=7821
# found=0
# cleaned=0
# scan_time=163
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18813
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-21 09:04:31
# local_time=2014-06-21 05:04:31 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1245390 20265678 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4717046 59499993 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 647908 28917646 0 0
# scanned=24609
# found=0
# cleaned=0
# scan_time=547
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18813
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-21 11:17:32
# local_time=2014-06-21 07:17:32 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1253371 20273659 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4725027 59507974 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 655889 28925627 0 0
# scanned=198239
# found=0
# cleaned=0
# scan_time=7854
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18813
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-21 11:24:15
# local_time=2014-06-21 07:24:15 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1253774 20274062 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4725430 59508377 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 656292 28926030 0 0
# scanned=142
# found=0
# cleaned=0
# scan_time=2
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18813
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-21 12:16:13
# local_time=2014-06-21 08:16:13 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1256892 20277180 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4728548 59511495 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 659410 28929148 0 0
# scanned=25342
# found=8
# cleaned=0
# scan_time=2837
sh=49ACAFACAAC62A745E69D71A58CC9453C41B15D0 ft=1 fh=b98f31ba52914450 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="K:\UBCD4WinV360.exe"
sh=9B2AA2AD46B3D13C5C110DF7707DD4155A1D9DE3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A potentially unwanted application" ac=I fn="K:\$RECYCLE.BIN\S-1-5-21-2546741769-1852086618-152487652-1000\$RARQAKY\Dx5.pcv"
sh=AD50578A9BE9DCA0256D78C53A0EE36CA7F5D89E ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="K:\Sunday_Backups\Android\backups\MyPhoneExplorer\Mobogenie Daemon_1.0.9.apk"
sh=E1AF8694777A88E8925B35F4DF6F52BEEDACED16 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A potentially unwanted application" ac=I fn="K:\Sunday_Backups\Laptop\Mozilla_Laptop\Firefox 3.6.12 (de) - 2010-Nov-07-Laptop.pcv"
sh=72FB5F6B761D88F2F56C18FD87C8C42CA1AA3DE8 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A potentially unwanted application" ac=I fn="K:\Sunday_Backups\Laptop\Mozilla_Laptop\Firefox 3.6.12 (de) - 2010-Nov-14-Laptop.pcv"
sh=4B9B1607C28352F8FDE107E2E08AF260F0237A96 ft=1 fh=f338f095141cac61 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="K:\UBCD4Win\plugin\CDBurning\ExpressBurn\expressburn.exe"
sh=6661EDA8383915E3713D78F0189D1A15EB5D80C7 ft=1 fh=cd240aea2e807323 vn="Win32/PrcView potentially unsafe application" ac=I fn="K:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe"
sh=EC70E13DB30A165A8CC77485C719BA0CD4A43CC3 ft=0 fh=0000000000000000 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application" ac=I fn="K:\UBCD4Win\plugin\System-Info\Information\SysInfo\sysinfo.7z"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18819
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-22 02:19:08
# local_time=2014-06-22 10:19:08 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1307467 20327755 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4779123 59562070 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 709985 28979723 0 0
# scanned=76250
# found=1
# cleaned=0
# scan_time=9392
sh=49ACAFACAAC62A745E69D71A58CC9453C41B15D0 ft=1 fh=b98f31ba52914450 vn="a variant of Win32/Toolbar.Conduit.I potentially unwanted application" ac=I fn="M:\Sound\Software_Setups\UBCD4WinV360.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18819
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-22 03:56:05
# local_time=2014-06-22 11:56:05 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1313284 20333572 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4784940 59567887 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 715802 28985540 0 0
# scanned=208834
# found=0
# cleaned=0
# scan_time=5223
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=174c21841cd0d049a64ca43c5d69115c
# engine=18819
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-22 04:24:25
# local_time=2014-06-22 12:24:25 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1314984 20335272 0 0
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 94 4786640 59569587 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 717502 28987240 0 0
# scanned=21
# found=0
# cleaned=0
# scan_time=2
ESETSmartInstaller@High as downloader log:
all ok
         
B) Security Check
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 CCleaner     
 Java 7 Update 60  
 Java SE Development Kit 7 Update 51 
 Java version out of Date! 
 Adobe Flash Player 	13.0.0.214  
 Mozilla Firefox 21.0 Firefox out of Date!  
 Google Chrome 29.0.1547.76  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Comodo Firewall cmdagent.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 10% 
````````````````````End of Log``````````````````````
         
Komisch das hier mal wieder die Version für Mozilla mit 21.0 und damit als out of date angezeigt wird. Meine aktuelle Version ist 31.0 und damit up to date.

Für einige Programme, wie z. B. Den Adope Flashplayer, muss ich gleich nochmal die aktuellen Version herunterladen.

C) FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by internet (administrator) on DESKTOP-PC on 22-06-2014 13:25:42
Running from D:\AntiVirus
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Corporation) E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) E:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) E:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Nitro PDF Software) E:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(Malwarebytes Corporation) E:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(The Eraser Project) E:\Program Files\Eraser\Eraser.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) E:\Program Files\windows media player\wmpnetwk.exe
(Realtek Semiconductor) E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(COMODO) E:\Program Files\Comodo\COMODO Internet Security\cis.exe
(NTeWORKS) E:\Image Processing\PicPick\picpick.exe
(Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) E:\Program Files\Windows Sidebar\sidebar.exe
(Automattic, Inc.) C:\Users\internet_2\AppData\Local\Cloudup\App\Cloudup.exe
(Microsoft Corporation) E:\MS\Office10\MSOFFICE.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Users\internet_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) E:\Program Files\Java\jre7\bin\javaw.exe
(Joyent, Inc) C:\Users\internet_2\AppData\Local\Cloudup\App\cloudup-node.exe
(Mozilla Corporation) E:\Internet\FireFox\firefox.exe
(Mozilla Corporation) E:\Internet\FireFox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] => E:\Program Files\Comodo\COMODO Internet Security\cistray.exe [1225944 2014-03-26] (COMODO)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] => C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [Eraser] => E:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [StartCCC] => E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => E:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11680400 2012-10-26] (Realtek Semiconductor)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-18] (Microsoft Corporation)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\Run: [PicPick Start] => E:\Image Processing\PicPick\picpick.exe [13165400 2014-03-12] (NTeWORKS)
HKU\S-1-5-21-2546741769-1852086618-152487652-1000\...\MountPoints2: {e9c92f2f-d4c2-11e2-85eb-806e6f6e6963} - N:\CDBROWSE.EXE
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [PicPick Start] => E:\Image Processing\PicPick\picpick.exe [13165400 2014-03-12] (NTeWORKS)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Messenger (Yahoo!)] => "E:\PROGRA~3\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-2546741769-1852086618-152487652-1002\...\Run: [Cloudup] => C:\Users\internet_2\AppData\Local\Cloudup\App\Cloudup.exe [531344 2014-04-15] (Automattic, Inc.)
Startup: C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI (RC3).lnk
ShortcutTarget: Secunia PSI (RC3).lnk -> D:\Programme\Personal Software Inspector\psi.exe (Secunia)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\internet\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloaderPortable.lnk
ShortcutTarget: JDownloaderPortable.lnk -> E:\Media\Video\JDownloader\JDownloaderPortable.exe (AppWork GmbH)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fil-PH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x13A26660C36CCE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - E:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{65379DEE-2D36-4695-8857-4DC4D45113C2}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: I:\Eigene Dateien\Internet\FireFox\Profile\@dele
FF Homepage: hxxp://www.gmx.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - E:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - E:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - E:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - E:\Media\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - E:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - E:\Program Files\McAfee\SiteAdvisor [2011-12-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-20]
FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; E:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-06-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software)
R2 c2cautoupdatesvc; E:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; E:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 cmdAgent; E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-17] (COMODO)
S3 cmdvirth; E:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-26] (COMODO)
R2 FoxitCloudUpdateService; E:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
S2 gupdate; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
S3 gupdatem; E:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-04-11] (Google Inc.)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2013-06-20] () [File not signed]
R2 MBAMScheduler; E:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; E:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; E:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-07] (McAfee, Inc.)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
R2 NitroReaderDriverReadSpool3; E:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S2 SkypeUpdate; E:\Program Files\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 wampapache; P:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) [File not signed]
S3 wampmysqld; P:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () [File not signed]
S3 WinDefend; E:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-12] (Microsoft Corporation)
R3 WMPNetworkSvc; E:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2013-08-18] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-25] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-17] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-17] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-17] (COMODO)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2009-08-26] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2009-09-16] () [File not signed]
S3 gdrv; C:\Windows\gdrv.sys [17488 2014-06-10] (Windows (R) 2000 DDK provider)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-17] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [22120 2011-06-15] (Realtek                                            )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [27752 2011-09-16] (Realtek Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [90648 2011-06-14] (Ray Hinchliffe)
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [49768 2011-06-15] (Realtek Corporation)
R1 {55685567-4840-4a91-962b-49a412e9485a}w; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys [52920 2014-05-26] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 SASDIFSV; \??\I:\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\I:\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-22 12:24 - 2014-06-22 12:25 - 00000000 ____D () C:\Users\internet\Documents\Calibre Library
2014-06-22 12:24 - 2014-06-22 12:25 - 00000000 ____D () C:\Users\internet\AppData\Roaming\calibre
2014-06-22 10:21 - 2014-06-22 10:21 - 00001457 _____ () C:\Users\internet\Desktop\eset_log.lnk
2014-06-21 07:22 - 2014-06-21 07:22 - 00001622 _____ () C:\Users\internet\Desktop\ESETSmartInstaller.exe - Shortcut.lnk
2014-06-21 07:22 - 2014-06-21 07:22 - 00001604 _____ () C:\Users\internet\Desktop\OnlineScannerApp.exe - Shortcut.lnk
2014-06-20 08:44 - 2014-06-20 08:44 - 00000000 ____D () E:\Program Files\ESET
2014-06-19 09:53 - 1997-11-19 16:49 - 00303616 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-06-18 10:26 - 2014-06-18 10:00 - 01016261 _____ (Thisisu) C:\Users\internet\Desktop\JRT.exe
2014-06-18 10:17 - 2014-04-06 14:35 - 00000013 _____ () C:\Windows\system32\newmd5.txt
2014-06-18 10:01 - 2014-06-18 10:00 - 01016261 _____ (Thisisu) C:\Users\internet_2\Desktop\JRT.exe
2014-06-18 09:07 - 2014-06-18 09:07 - 00000000 ____D () C:\Temp
2014-06-18 08:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-18 07:33 - 2014-06-22 08:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 07:31 - 2014-06-18 07:31 - 00000960 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 07:31 - 2014-06-18 07:31 - 00000000 ____D () E:\Program Files\ Malwarebytes Anti-Malware 
2014-06-18 07:31 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-18 07:31 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 07:31 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-17 09:29 - 2014-06-17 09:18 - 05206841 _____ (Swearware) C:\Users\internet\Desktop\ComboFix.exe
2014-06-16 11:09 - 2014-06-16 11:09 - 00001191 _____ () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloudup.lnk
2014-06-15 21:21 - 2014-06-15 21:21 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-13 09:47 - 2014-06-22 13:25 - 00000000 ____D () C:\FRST
2014-06-12 17:24 - 2014-06-17 09:30 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-11 18:47 - 2014-05-30 17:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 18:47 - 2014-05-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 18:47 - 2014-05-30 17:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 18:47 - 2014-05-30 16:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 18:47 - 2014-05-30 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 18:47 - 2014-05-30 16:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 18:47 - 2014-05-30 16:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 18:47 - 2014-05-30 16:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 18:47 - 2014-05-30 16:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 18:47 - 2014-05-30 16:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 18:47 - 2014-05-30 16:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 18:47 - 2014-05-30 16:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 18:47 - 2014-05-30 16:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 18:47 - 2014-05-30 16:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 18:47 - 2014-05-30 16:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 18:47 - 2014-05-30 16:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 18:47 - 2014-05-30 16:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 18:47 - 2014-05-30 16:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 18:47 - 2014-05-30 16:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 18:47 - 2014-05-30 15:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 18:47 - 2014-05-30 15:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 18:47 - 2014-05-30 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 18:47 - 2014-05-30 15:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 18:47 - 2014-05-30 15:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 18:47 - 2014-05-30 15:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 18:47 - 2014-05-30 15:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 18:47 - 2014-05-30 15:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 18:47 - 2014-05-30 15:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 16:54 - 2014-06-08 16:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 16:54 - 2014-04-05 10:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 16:54 - 2014-04-05 10:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 16:53 - 2014-06-08 16:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 16:53 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 16:53 - 2014-03-26 22:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 16:53 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2012-10-30 17:59 - 03340880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-06-10 17:22 - 2012-10-30 16:43 - 00369117 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-06-10 17:22 - 2012-10-29 16:34 - 02357344 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-06-10 17:22 - 2012-10-25 14:45 - 00097424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-06-10 17:22 - 2012-10-23 11:30 - 03219600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-06-10 17:22 - 2012-09-20 00:59 - 00742264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-06-10 17:22 - 2012-09-12 09:51 - 02486416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-06-10 17:22 - 2012-09-09 14:33 - 01929080 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-06-10 17:22 - 2012-08-21 14:51 - 00658064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-06-10 17:22 - 2012-08-13 18:06 - 01501840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-06-10 17:22 - 2012-08-03 18:18 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-06-10 17:22 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-06-10 17:22 - 2012-06-08 16:23 - 00071808 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2014-06-10 17:22 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00176736 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2014-06-10 17:22 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2014-06-10 17:22 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2014-06-10 17:22 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2014-06-10 17:22 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2014-06-10 17:22 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-06-10 17:22 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2014-06-10 17:22 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2014-06-10 17:22 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2014-06-10 17:22 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-09 11:05 - 2014-06-22 13:02 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-05 16:03 - 2014-06-05 19:05 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-06-03 22:11 - 2014-06-03 22:11 - 00147667 ____N () C:\Windows\Minidump\060314-22495-01.dmp
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 08:40 - 2014-05-30 09:00 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-30 08:18 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-30 08:18 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-30 08:18 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-30 08:17 - 2014-05-30 08:18 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 07:52 - 2014-05-26 20:57 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-25 14:32 - 2014-05-30 16:53 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-24 13:48 - 2014-05-24 14:03 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt

==================== One Month Modified Files and Folders =======

2014-06-22 13:25 - 2014-06-13 09:47 - 00000000 ____D () C:\FRST
2014-06-22 13:02 - 2014-06-09 11:05 - 00000000 ____D () E:\Program Files\Calibre Portable
2014-06-22 13:00 - 2014-01-01 10:16 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 12:57 - 2013-06-22 19:49 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Skype
2014-06-22 12:56 - 2014-03-03 09:13 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\DropboxMaster
2014-06-22 12:56 - 2013-09-22 13:46 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Dropbox
2014-06-22 12:54 - 2014-01-01 10:16 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-22 12:49 - 2013-07-14 07:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-22 12:33 - 2013-06-14 15:33 - 00795754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-22 12:25 - 2014-06-22 12:24 - 00000000 ____D () C:\Users\internet\Documents\Calibre Library
2014-06-22 12:25 - 2014-06-22 12:24 - 00000000 ____D () C:\Users\internet\AppData\Roaming\calibre
2014-06-22 10:21 - 2014-06-22 10:21 - 00001457 _____ () C:\Users\internet\Desktop\eset_log.lnk
2014-06-22 09:21 - 2013-06-14 15:23 - 01219318 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 09:14 - 2013-10-20 13:10 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc
2014-06-22 08:16 - 2014-06-18 07:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-22 07:44 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 07:44 - 2009-07-14 12:34 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 07:35 - 2014-03-22 07:07 - 00023708 _____ () C:\Windows\setupact.log
2014-06-22 07:35 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-21 07:22 - 2014-06-21 07:22 - 00001622 _____ () C:\Users\internet\Desktop\ESETSmartInstaller.exe - Shortcut.lnk
2014-06-21 07:22 - 2014-06-21 07:22 - 00001604 _____ () C:\Users\internet\Desktop\OnlineScannerApp.exe - Shortcut.lnk
2014-06-20 09:01 - 2013-09-10 17:39 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\vlc
2014-06-20 08:44 - 2014-06-20 08:44 - 00000000 ____D () E:\Program Files\ESET
2014-06-18 10:17 - 2014-03-08 08:33 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 10:15 - 2013-06-23 07:54 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype
2014-06-18 10:00 - 2014-06-18 10:26 - 01016261 _____ (Thisisu) C:\Users\internet\Desktop\JRT.exe
2014-06-18 10:00 - 2014-06-18 10:01 - 01016261 _____ (Thisisu) C:\Users\internet_2\Desktop\JRT.exe
2014-06-18 09:33 - 2013-06-21 08:43 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Nitro PDF
2014-06-18 09:07 - 2014-06-18 09:07 - 00000000 ____D () C:\Temp
2014-06-18 08:52 - 2013-06-15 07:45 - 00401394 _____ () C:\Windows\PFRO.log
2014-06-18 08:50 - 2013-06-14 16:41 - 00000000 ____D () C:\Users\internet_2
2014-06-18 08:50 - 2013-06-14 15:31 - 00000000 ____D () C:\Users\internet
2014-06-18 07:31 - 2014-06-18 07:31 - 00000960 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 07:31 - 2014-06-18 07:31 - 00000000 ____D () E:\Program Files\ Malwarebytes Anti-Malware 
2014-06-17 09:30 - 2014-06-12 17:24 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-17 09:18 - 2014-06-17 09:29 - 05206841 _____ (Swearware) C:\Users\internet\Desktop\ComboFix.exe
2014-06-16 11:09 - 2014-06-16 11:09 - 00001191 _____ () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloudup.lnk
2014-06-15 21:21 - 2014-06-15 21:21 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-15 21:21 - 2013-06-22 19:49 - 00000000 ___RD () E:\Program Files\Skype
2014-06-14 08:14 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-12 18:00 - 2013-11-13 08:06 - 00000000 ____D () C:\Windows\rescache
2014-06-12 14:30 - 2009-07-14 10:04 - 00000505 _____ () C:\Windows\win.ini
2014-06-12 09:20 - 2014-06-12 09:20 - 00000000 ____D () C:\Users\internet\AppData\Roaming\SUPERAntiSpyware.com
2014-06-11 20:35 - 2014-04-25 11:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 20:35 - 2011-02-08 14:44 - 00000000 ____D () E:\Program Files\internet explorer
2014-06-11 18:51 - 2013-07-27 08:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 18:48 - 2013-06-17 13:26 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 16:52 - 2014-02-04 16:57 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Free Download Manager
2014-06-10 17:24 - 2013-09-13 10:24 - 00000000 ___HD () E:\Program Files\Temp
2014-06-10 17:23 - 2014-06-10 17:23 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-06-10 17:22 - 2011-02-08 16:04 - 00000000 ____D () E:\Program Files\Realtek
2014-06-10 16:49 - 2014-06-10 16:49 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2014-06-10 16:49 - 2013-06-14 15:35 - 00000010 _____ () C:\Windows\GSetup.ini
2014-06-10 16:05 - 2013-09-04 12:00 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Orbit
2014-06-10 16:04 - 2013-10-14 10:09 - 00000000 ____D () E:\Program Files\Calibre2
2014-06-09 10:10 - 2013-10-14 10:15 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\calibre
2014-06-08 16:48 - 2014-06-11 16:54 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 16:43 - 2014-06-11 16:53 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 19:05 - 2014-06-05 16:03 - 00000368 _____ () C:\Users\internet_2\Desktop\cover.txt
2014-06-03 22:11 - 2014-06-03 22:11 - 00147667 ____N () C:\Windows\Minidump\060314-22495-01.dmp
2014-06-03 22:11 - 2013-09-30 16:09 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 12:10 - 2013-06-25 13:16 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FileZilla
2014-05-31 11:41 - 2013-07-17 12:01 - 00000000 ____D () C:\Users\internet_2\.mediathek3
2014-05-31 10:32 - 2014-05-31 10:32 - 00000849 _____ () C:\Users\Public\Desktop\StreamTransport.lnk
2014-05-30 17:18 - 2014-06-11 18:47 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 17:02 - 2014-06-11 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 17:02 - 2014-06-11 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 16:53 - 2014-05-25 14:32 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\FreeDoko
2014-05-30 16:44 - 2014-06-11 18:47 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 16:43 - 2014-06-11 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 16:42 - 2014-06-11 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 16:38 - 2014-06-11 18:47 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 16:34 - 2014-06-11 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 16:33 - 2014-06-11 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 16:30 - 2014-06-11 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 16:28 - 2014-06-11 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 16:28 - 2014-06-11 18:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 16:27 - 2014-06-11 18:47 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 16:21 - 2014-06-11 18:47 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 16:16 - 2014-06-11 18:47 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 16:10 - 2014-06-11 18:47 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 16:06 - 2014-06-11 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 16:04 - 2014-06-11 18:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 16:02 - 2014-06-11 18:47 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 15:57 - 2014-06-11 18:47 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 15:56 - 2014-06-11 18:47 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 15:54 - 2014-06-11 18:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 15:50 - 2014-06-11 18:47 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 15:49 - 2014-06-11 18:47 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 15:40 - 2014-06-11 18:47 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 15:21 - 2014-06-11 18:47 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 15:15 - 2014-06-11 18:47 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 15:13 - 2014-06-11 18:47 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:00 - 2014-05-30 09:00 - 00000084 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014.info
2014-05-30 09:00 - 2014-05-30 08:40 - 102334358 _____ () C:\Users\internet\Downloads\nano vom 28. Mai 2014@HIGH.mp4
2014-05-30 08:19 - 2014-05-30 08:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-30 08:18 - 2014-05-30 08:17 - 00003993 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 08:18 - 2011-02-15 11:34 - 00000000 ____D () E:\Program Files\Java
2014-05-29 16:12 - 2014-04-29 08:22 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\MyPhoneExplorer
2014-05-29 15:36 - 2014-05-21 15:36 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Mp3tag
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ___HD () C:\Users\internet\.opdveza-an
2014-05-29 13:24 - 2013-06-19 16:54 - 00000000 ____D () C:\Users\internet\.borland
2014-05-28 13:09 - 2013-06-15 12:56 - 00000600 _____ () C:\Users\internet_2\AppData\Roaming\winscp.rnd
2014-05-27 09:55 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-26 20:57 - 2014-05-30 07:52 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-05-25 14:07 - 2014-05-25 14:07 - 00000756 _____ () C:\Users\internet\Desktop\FreeDoko.lnk
2014-05-25 14:07 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2014-05-25 14:05 - 2014-05-25 14:05 - 00000000 ____D () C:\Users\internet\FreeDoko
2014-05-25 07:10 - 2014-03-03 09:12 - 00000000 ____D () C:\Users\internet_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 14:03 - 2014-05-24 13:48 - 00001002 _____ () C:\Users\internet_2\Desktop\DBV_Klaerung.txt

Files to move or delete:
====================
C:\Users\internet\AppData\Roaming\CamLayout.ini
C:\Users\internet\AppData\Roaming\CamShapes.ini
C:\Users\internet_2\AppData\Roaming\Camdata.ini
C:\Users\internet_2\AppData\Roaming\CamLayout.ini
C:\Users\internet_2\AppData\Roaming\CamShapes.ini


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-19 12:03

==================== End Of Log ============================
         
--- --- ---


Die Frage, ob ich noch Probleme habe, kann ich so eigentlich nicht richtig beantworten. Ich hatte ja von dem Befall eigentlich gar nichts mitbekommen und bin nur durch einen routinemäßigen Avast-Scan drauf gekommen.

Ich hoffe aber mal, dass durch die hier getroffenen Maßnahmen jetzt soweit alles ok ist. Lass doch mal bitte Deine Meinung dazu hören.

Bis denn und vielen Dank
Andreas!

Alt 22.06.2014, 08:17   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Deine Daten auf K nochmal prüfen mit deinem AV Programm oder MBAM.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.06.2014, 04:12   #15
wbtroj
 
Windows 7: Verdächtige Popup Fenster im FireFox - Standard

Windows 7: Verdächtige Popup Fenster im FireFox



Danke an Dich und mit K: das ist geklärt.
Schöne Zeit noch Andreas!

Antwort

Themen zu Windows 7: Verdächtige Popup Fenster im FireFox
4d36e972-e325-11ce-bfc1-08002be10318, android/mobserv.a, association, branding, cpu: x86, fcupdateservice.exe, free download, gmer.log, mobogenie, mobogenie entfernen, pup.optional.webget.a, teredo, win32/bundled.toolbar.ask, win32/downloadsponsor.a, win32/installcore.ln, win32/mobogenie.a, win32/remoteadmin.remoteexec.aa, win32/toolbar.conduit, win32/toolbar.conduit.a, win32/toolbar.conduit.i, win32/toolbar.conduit.k, ymx.exe.part



Ähnliche Themen: Windows 7: Verdächtige Popup Fenster im FireFox


  1. POPUP Fenster gehen auf!
    Log-Analyse und Auswertung - 12.02.2015 (17)
  2. Win7 64bit: Firefox neue Tabs mit Werbung, Umleitung von Seitenaurufen, Popup Fenster
    Log-Analyse und Auswertung - 21.11.2014 (10)
  3. Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox)
    Log-Analyse und Auswertung - 28.09.2014 (15)
  4. Windows 7: Chrome öffnet weiße Popup Fenster
    Log-Analyse und Auswertung - 20.12.2013 (5)
  5. Windows 7: FBDownloaderSearch macht sich zur Startseite im Browser, popup-Fenster öffnen sich
    Log-Analyse und Auswertung - 17.12.2013 (9)
  6. Windows 7 - weisses Popup blockiert jede Seite im Firefox (kann entfernt werden)
    Log-Analyse und Auswertung - 08.12.2013 (13)
  7. Sporadisches auftauchendes weißes Popup Fenster (Firefox)
    Log-Analyse und Auswertung - 15.10.2013 (7)
  8. Windows 7: PopUp Fenster "resyncloud" Vermutung auf Trojaner
    Log-Analyse und Auswertung - 26.09.2013 (11)
  9. Windows 7: Weißes Popup in Firefox, OfferMosquito in Addons, anderer Startbildschirm
    Log-Analyse und Auswertung - 17.09.2013 (7)
  10. Windows 7: Firefox öffnet permanent leeres PopUp (als Layer), MalwareBytes findet PUP.Optional.OfferMosquito.A
    Log-Analyse und Auswertung - 04.09.2013 (11)
  11. Verdächtige Firefox Aktivitäten
    Log-Analyse und Auswertung - 14.01.2010 (1)
  12. nochmals gefaktes Windows security popup Fenster
    Plagegeister aller Art und deren Bekämpfung - 09.10.2008 (5)
  13. CiD Popup-Fenster
    Log-Analyse und Auswertung - 06.06.2008 (1)
  14. Hilfe, Popup fenster
    Log-Analyse und Auswertung - 28.02.2008 (1)
  15. Ständige POPUP Fenster vom InternetExplorer trotz FireFox! Nach Besuch auf Porno S.
    Log-Analyse und Auswertung - 31.05.2007 (7)
  16. PopUp Fenster die Zweite! Need help =)
    Plagegeister aller Art und deren Bekämpfung - 22.11.2005 (6)
  17. Werbung bzw Popup Fenster ???
    Alles rund um Windows - 28.02.2005 (28)

Zum Thema Windows 7: Verdächtige Popup Fenster im FireFox - Hallo, ich hoffe Ihr könnt mir mal wieder helfen: Seit ein paar Tagen bekomme ich sehr verdächtige Popup Seiten im Firefox - unabhängig wo ich surfe (zum Beispiel auch hier - Windows 7: Verdächtige Popup Fenster im FireFox...
Archiv
Du betrachtest: Windows 7: Verdächtige Popup Fenster im FireFox auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.