Nr. 1:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.14.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Schwuso :: DERGERÄT [Administrator]
14.01.2014 17:10:28
mbam-log-2014-01-14 (17-10-28).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209257
Laufzeit: 8 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\Schwuso\Downloads\SoftonicDownloader_fuer_inkscape.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Schwuso\Downloads\PhotoScape_V3-6-3.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Nr. 2:AdwCleaner Logfile:
Code:
# AdwCleaner v3.017 - Bericht erstellt am 14/01/2014 um 17:37:58
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Schwuso - DERGERÄT
# Gestartet von : C:\Users\Schwuso\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Schwuso\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Schwuso\AppData\Roaming\pdfforge
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Schwuso\AppData\Roaming\Mozilla\Firefox\Profiles\wabvtw8h.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1199 octets] - [14/01/2014 17:34:27]
AdwCleaner[S0].txt - [1126 octets] - [14/01/2014 17:37:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1186 octets] ##########
--- --- ---
Nr. 3:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Schwuso on 14.01.2014 at 17:46:13,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Successfully deleted: [File] C:\Users\Schwuso\AppData\Roaming\mozilla\firefox\profiles\wabvtw8h.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Emptied folder: C:\Users\Schwuso\AppData\Roaming\mozilla\firefox\profiles\wabvtw8h.default\minidumps [178 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.01.2014 at 17:49:38,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nr. 4:
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-01-2014 02
Ran by Schwuso (administrator) on DERGERÄT on 14-01-2014 17:56:07
Running from C:\Users\Schwuso\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Geek Software GmbH) D:\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alexej Hirsch) C:\Program Files\Bug Shooting\BugShooting.exe
(Dropbox, Inc.) C:\Users\Schwuso\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13548064 2008-07-26] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-07-26] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - D:\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKCU\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [Power2GoExpress] - NA
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\Users\Schwuso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Schwuso\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCD8EE7952011CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Schwuso\AppData\Roaming\Mozilla\Firefox\Profiles\wabvtw8h.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Schwuso\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Schwuso\AppData\Roaming\Mozilla\Firefox\Profiles\wabvtw8h.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-04-25]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-06-22] (Juniper Networks, Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-21] (Microsoft Corporation)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-06] (Avira GmbH)
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [238464 2008-09-03] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Schwuso\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-14 17:55 - 2014-01-14 17:55 - 00000000 ____D C:\Users\Schwuso\Downloads\FRST-OlderVersion
2014-01-14 17:49 - 2014-01-14 17:49 - 00001195 _____ C:\Users\Schwuso\Desktop\JRT.txt
2014-01-14 17:46 - 2014-01-14 17:46 - 00000000 ____D C:\Windows\ERUNT
2014-01-14 17:45 - 2014-01-14 17:45 - 01037068 _____ (Thisisu) C:\Users\Schwuso\Desktop\JRT.exe
2014-01-14 17:34 - 2014-01-14 17:38 - 00000000 ____D C:\AdwCleaner
2014-01-14 17:33 - 2014-01-14 17:33 - 01236282 _____ C:\Users\Schwuso\Desktop\adwcleaner.exe
2014-01-14 17:08 - 2014-01-14 17:08 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-14 17:08 - 2014-01-14 17:08 - 00000000 ____D C:\Users\Schwuso\AppData\Roaming\Malwarebytes
2014-01-14 17:08 - 2014-01-14 17:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 17:08 - 2014-01-14 17:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-14 17:08 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-14 17:04 - 2014-01-14 17:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Schwuso\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-13 23:39 - 2014-01-13 23:39 - 00009002 _____ C:\ComboFix.txt
2014-01-13 23:25 - 2014-01-13 23:39 - 00000000 ____D C:\Qoobox
2014-01-13 23:25 - 2014-01-13 23:39 - 00000000 ____D C:\ComboFix
2014-01-13 23:25 - 2014-01-13 23:38 - 00000000 ____D C:\Windows\erdnt
2014-01-13 23:25 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-13 23:25 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-13 23:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-13 23:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-13 23:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-13 23:25 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-13 23:25 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-13 23:25 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-13 23:23 - 2014-01-13 23:23 - 05166068 ____R (Swearware) C:\Users\Schwuso\Desktop\ComboFix.exe
2014-01-13 15:06 - 2014-01-13 15:06 - 00000000 ____D C:\found.001
2014-01-10 15:58 - 2014-01-10 15:58 - 00000000 ____D C:\found.000
2014-01-10 13:24 - 2014-01-10 13:24 - 00024041 _____ C:\Users\Schwuso\Desktop\Addition.txt
2014-01-10 13:24 - 2014-01-10 13:24 - 00020222 _____ C:\Users\Schwuso\Desktop\FRST.txt
2014-01-10 13:21 - 2014-01-10 13:22 - 00024041 _____ C:\Users\Schwuso\Downloads\Addition.txt
2014-01-10 13:20 - 2014-01-14 17:56 - 00011208 _____ C:\Users\Schwuso\Downloads\FRST.txt
2014-01-10 13:20 - 2014-01-14 17:55 - 00000000 ____D C:\FRST
2014-01-10 13:19 - 2014-01-14 17:55 - 01219584 _____ (Farbar) C:\Users\Schwuso\Downloads\FRST.exe
2014-01-09 18:10 - 2014-01-09 18:10 - 00143376 _____ C:\Windows\Minidump\Mini010914-01.dmp
2014-01-02 17:55 - 2014-01-09 18:10 - 252947818 _____ C:\Windows\MEMORY.DMP
2014-01-02 17:55 - 2014-01-09 18:10 - 00000000 ____D C:\Windows\Minidump
2014-01-02 17:55 - 2014-01-02 17:55 - 00143376 _____ C:\Windows\Minidump\Mini010214-01.dmp
2013-12-20 15:05 - 2013-12-20 15:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-14 17:57 - 2014-01-10 13:20 - 00011208 _____ C:\Users\Schwuso\Downloads\FRST.txt
2014-01-14 17:55 - 2014-01-14 17:55 - 00000000 ____D C:\Users\Schwuso\Downloads\FRST-OlderVersion
2014-01-14 17:55 - 2014-01-10 13:20 - 00000000 ____D C:\FRST
2014-01-14 17:55 - 2014-01-10 13:19 - 01219584 _____ (Farbar) C:\Users\Schwuso\Downloads\FRST.exe
2014-01-14 17:49 - 2014-01-14 17:49 - 00001195 _____ C:\Users\Schwuso\Desktop\JRT.txt
2014-01-14 17:46 - 2014-01-14 17:46 - 00000000 ____D C:\Windows\ERUNT
2014-01-14 17:45 - 2014-01-14 17:45 - 01037068 _____ (Thisisu) C:\Users\Schwuso\Desktop\JRT.exe
2014-01-14 17:44 - 2008-01-21 02:35 - 01661577 _____ C:\Windows\WindowsUpdate.log
2014-01-14 17:41 - 2012-02-04 00:48 - 00000000 ___RD C:\Users\Schwuso\Dropbox
2014-01-14 17:41 - 2012-02-04 00:46 - 00000000 ____D C:\Users\Schwuso\AppData\Roaming\Dropbox
2014-01-14 17:39 - 2012-08-21 20:19 - 00161107 _____ C:\ProgramData\nvModes.001
2014-01-14 17:39 - 2012-02-03 23:07 - 00000000 ____D C:\Users\Schwuso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-01-14 17:39 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 17:39 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 17:39 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 17:38 - 2014-01-14 17:34 - 00000000 ____D C:\AdwCleaner
2014-01-14 17:38 - 2006-11-02 14:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-14 17:37 - 2012-02-20 17:26 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2014-01-14 17:33 - 2014-01-14 17:33 - 01236282 _____ C:\Users\Schwuso\Desktop\adwcleaner.exe
2014-01-14 17:23 - 2008-01-21 03:47 - 00129962 _____ C:\Windows\PFRO.log
2014-01-14 17:13 - 2012-04-02 18:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-14 17:08 - 2014-01-14 17:08 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-14 17:08 - 2014-01-14 17:08 - 00000000 ____D C:\Users\Schwuso\AppData\Roaming\Malwarebytes
2014-01-14 17:08 - 2014-01-14 17:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 17:08 - 2014-01-14 17:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-14 17:04 - 2014-01-14 17:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Schwuso\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 16:14 - 2013-05-26 12:09 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-80295117-2255034306-1307312364-1000UA.job
2014-01-13 23:39 - 2014-01-13 23:39 - 00009002 _____ C:\ComboFix.txt
2014-01-13 23:39 - 2014-01-13 23:25 - 00000000 ____D C:\Qoobox
2014-01-13 23:39 - 2014-01-13 23:25 - 00000000 ____D C:\ComboFix
2014-01-13 23:39 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2014-01-13 23:39 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2014-01-13 23:38 - 2014-01-13 23:25 - 00000000 ____D C:\Windows\erdnt
2014-01-13 23:37 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2014-01-13 23:23 - 2014-01-13 23:23 - 05166068 ____R (Swearware) C:\Users\Schwuso\Desktop\ComboFix.exe
2014-01-13 15:06 - 2014-01-13 15:06 - 00000000 ____D C:\found.001
2014-01-11 13:14 - 2013-05-26 12:09 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-80295117-2255034306-1307312364-1000Core.job
2014-01-10 15:58 - 2014-01-10 15:58 - 00000000 ____D C:\found.000
2014-01-10 13:24 - 2014-01-10 13:24 - 00024041 _____ C:\Users\Schwuso\Desktop\Addition.txt
2014-01-10 13:24 - 2014-01-10 13:24 - 00020222 _____ C:\Users\Schwuso\Desktop\FRST.txt
2014-01-10 13:22 - 2014-01-10 13:21 - 00024041 _____ C:\Users\Schwuso\Downloads\Addition.txt
2014-01-10 10:24 - 2008-01-21 08:16 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 18:10 - 2014-01-09 18:10 - 00143376 _____ C:\Windows\Minidump\Mini010914-01.dmp
2014-01-09 18:10 - 2014-01-02 17:55 - 252947818 _____ C:\Windows\MEMORY.DMP
2014-01-09 18:10 - 2014-01-02 17:55 - 00000000 ____D C:\Windows\Minidump
2014-01-09 17:50 - 2012-11-02 16:24 - 00000000 ____D C:\Users\Schwuso\eBay
2014-01-09 17:05 - 2012-03-31 14:19 - 00000000 ____D C:\Users\Schwuso\AppData\Roaming\Tobit
2014-01-09 15:21 - 2012-02-04 00:48 - 00000925 _____ C:\Users\Schwuso\Desktop\Dropbox.lnk
2014-01-09 15:21 - 2012-02-04 00:46 - 00000000 ____D C:\Users\Schwuso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-02 17:55 - 2014-01-02 17:55 - 00143376 _____ C:\Windows\Minidump\Mini010214-01.dmp
2014-01-01 21:23 - 2012-03-03 18:26 - 00000000 ____D C:\Users\Schwuso\AppData\Roaming\Skype
2013-12-24 16:57 - 2012-02-03 22:38 - 00000000 ____D C:\Users\Schwuso
2013-12-21 22:30 - 2012-05-03 20:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-20 15:05 - 2013-12-20 15:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-18 18:13 - 2012-02-04 02:37 - 00019456 _____ C:\Users\Schwuso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-18 16:38 - 2013-04-17 22:54 - 00000000 ____D C:\Users\Schwuso\AppData\Roaming\PhotoScape
2013-12-18 15:28 - 2013-04-02 08:10 - 00038912 ____H C:\Users\Schwuso\Desktop\photothumb.db
2013-12-18 11:57 - 2013-08-06 11:53 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 11:57 - 2013-08-06 11:53 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-17 20:07 - 2006-11-02 13:52 - 00110966 _____ C:\Windows\setupact.log
Some content of TEMP:
====================
C:\Users\Schwuso\AppData\Local\temp\avgnt.exe
C:\Users\Schwuso\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-14 17:47
==================== End Of Log ============================
--- --- ---
--- --- ---