systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14

crixel · 03.02.2014, 22:04

Hi, nachdem heute mindestens zum zweiten Mal ungefragt so ein doofes Tabfenster hochkam mit Werbung von systweak und Regclean Pro

habe ich zu suchen angefangen und diesen Thread hier gefunden:
http://www.trojaner-board.de/149126-...firefox-2.html

Analog dazu bin ich die einzelnen Schritte durchgegangen.

Mein Avast hat bisher nichts gefunden.

Mit FRST kam das:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Christian (administrator) on STANDPC on 03-02-2014 20:45:17
Running from D:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [VIAxHCUtl] - C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-01] (AVAST Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2014-01-17] (Sony Corporation)
HKU\S-1-5-21-1523883789-3797667583-3398338233-1001\...\MountPoints2: {ceefeeda-7e79-11e3-af2f-0019db67d5e3} - H:\Startme.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x094B2A30E45BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash and Video Download - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-01-23]
FF Extension: Color Management - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\color_management@seanhayes.name.xpi [2013-05-28]
FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-28]
FF Extension: Adblock Edge - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-11]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-01] (AVAST Software)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-17] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:30 - 2014-02-03 20:32 - 00000000 ____D () C:\AdwCleaner
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:23 - 2014-02-03 20:45 - 00000000 ____D () C:\FRST
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-15 14:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:06 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware
2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker
2014-01-07 12:10 - 2014-02-03 20:28 - 00012288 ___SH () C:\Users\Christian\Thumbs.db
2014-01-07 11:50 - 2014-01-07 12:00 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk
2014-01-07 11:49 - 2014-01-07 12:00 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16
2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState
2014-01-07 11:39 - 2014-01-29 20:38 - 00000000 ____D () C:\Perl64

==================== One Month Modified Files and Folders =======

2014-02-03 20:45 - 2014-02-03 20:23 - 00000000 ____D () C:\FRST
2014-02-03 20:44 - 2013-05-29 07:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 20:44 - 2013-05-28 21:33 - 01588395 _____ () C:\Windows\WindowsUpdate.log
2014-02-03 20:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 20:44 - 2009-07-14 05:51 - 00055935 _____ () C:\Windows\setupact.log
2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-02-03 20:40 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat
2014-02-03 20:40 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat
2014-02-03 20:40 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:32 - 2014-02-03 20:30 - 00000000 ____D () C:\AdwCleaner
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:30 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda
2014-02-03 20:28 - 2014-01-07 12:10 - 00012288 ___SH () C:\Users\Christian\Thumbs.db
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 20:13 - 2013-05-29 07:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 20:03 - 2013-05-29 13:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-02-03 15:22 - 2013-05-29 13:40 - 00000000 ____D () C:\Users\Rebekka\Documents\Schule
2014-02-02 21:03 - 2013-05-29 07:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-31 21:57 - 2010-11-21 04:47 - 00092038 _____ () C:\Windows\PFRO.log
2014-01-31 20:32 - 2013-05-03 16:49 - 00027793 _____ () C:\Users\Christian\Documents\todo_cs.odt
2014-01-29 20:38 - 2014-01-07 11:39 - 00000000 ____D () C:\Perl64
2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 07:56 - 2013-10-18 15:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-23 07:56 - 2013-05-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-16 18:47 - 2013-05-29 14:07 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-01-16 18:36 - 2013-05-28 21:49 - 00065208 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 18:34 - 2013-05-29 06:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-01-16 18:33 - 2013-05-29 13:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-16 18:33 - 2013-05-29 13:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 18:33 - 2013-05-29 13:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-16 07:45 - 2009-07-14 05:45 - 04862872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 22:17 - 2013-08-06 17:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 22:16 - 2013-05-29 13:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-15 20:13 - 2013-08-03 11:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-01-11 08:55 - 2013-05-28 21:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Paint.NET
2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware
2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker
2014-01-07 12:10 - 2013-05-28 21:33 - 00000000 ____D () C:\Users\Christian
2014-01-07 12:00 - 2014-01-07 11:50 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk
2014-01-07 12:00 - 2014-01-07 11:49 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16
2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState
2014-01-04 13:55 - 2013-05-29 17:00 - 00000000 ____D () C:\Users\Liane\Documents\Arbeitszeit

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-31 17:07

==================== End Of Log ============================

Dann habe ich adwcleaner laufen lassen:

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 03/02/2014 um 20:32:27
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Christian - STANDPC
# Gestartet von : D:\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\prefs.js ]


[ Datei : C:\Users\Rebekka\AppData\Roaming\Mozilla\Firefox\Profiles\oyef4b8j.default\prefs.js ]


[ Datei : C:\Users\Ricarda\AppData\Roaming\Mozilla\Firefox\Profiles\x85dedtl.default\prefs.js ]


[ Datei : C:\Users\Liane\AppData\Roaming\Mozilla\Firefox\Profiles\f5bskm1p.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1298 octets] - [03/02/2014 20:30:32]
AdwCleaner[S0].txt - [1221 octets] - [03/02/2014 20:32:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1281 octets] ##########

Dann JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Christian on 03.02.2014 at 20:35:13,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\plxuprsp.default\minidumps [19 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.02.2014 at 20:41:28,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und nochmal FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Christian (administrator) on STANDPC on 03-02-2014 20:45:17
Running from D:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [VIAxHCUtl] - C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-01] (AVAST Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2014-01-17] (Sony Corporation)
HKU\S-1-5-21-1523883789-3797667583-3398338233-1001\...\MountPoints2: {ceefeeda-7e79-11e3-af2f-0019db67d5e3} - H:\Startme.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x094B2A30E45BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash and Video Download - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-01-23]
FF Extension: Color Management - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\color_management@seanhayes.name.xpi [2013-05-28]
FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-28]
FF Extension: Adblock Edge - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-11]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-01] (AVAST Software)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-17] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:30 - 2014-02-03 20:32 - 00000000 ____D () C:\AdwCleaner
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:23 - 2014-02-03 20:45 - 00000000 ____D () C:\FRST
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-15 14:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:06 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware
2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker
2014-01-07 12:10 - 2014-02-03 20:28 - 00012288 ___SH () C:\Users\Christian\Thumbs.db
2014-01-07 11:50 - 2014-01-07 12:00 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk
2014-01-07 11:49 - 2014-01-07 12:00 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16
2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState
2014-01-07 11:39 - 2014-01-29 20:38 - 00000000 ____D () C:\Perl64

==================== One Month Modified Files and Folders =======

2014-02-03 20:45 - 2014-02-03 20:23 - 00000000 ____D () C:\FRST
2014-02-03 20:44 - 2013-05-29 07:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 20:44 - 2013-05-28 21:33 - 01588395 _____ () C:\Windows\WindowsUpdate.log
2014-02-03 20:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 20:44 - 2009-07-14 05:51 - 00055935 _____ () C:\Windows\setupact.log
2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-02-03 20:40 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat
2014-02-03 20:40 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat
2014-02-03 20:40 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:32 - 2014-02-03 20:30 - 00000000 ____D () C:\AdwCleaner
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:30 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda
2014-02-03 20:28 - 2014-01-07 12:10 - 00012288 ___SH () C:\Users\Christian\Thumbs.db
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 20:13 - 2013-05-29 07:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 20:03 - 2013-05-29 13:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-02-03 15:22 - 2013-05-29 13:40 - 00000000 ____D () C:\Users\Rebekka\Documents\Schule
2014-02-02 21:03 - 2013-05-29 07:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-31 21:57 - 2010-11-21 04:47 - 00092038 _____ () C:\Windows\PFRO.log
2014-01-31 20:32 - 2013-05-03 16:49 - 00027793 _____ () C:\Users\Christian\Documents\todo_cs.odt
2014-01-29 20:38 - 2014-01-07 11:39 - 00000000 ____D () C:\Perl64
2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 07:56 - 2013-10-18 15:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-23 07:56 - 2013-05-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-16 18:47 - 2013-05-29 14:07 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-01-16 18:36 - 2013-05-28 21:49 - 00065208 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 18:34 - 2013-05-29 06:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-01-16 18:33 - 2013-05-29 13:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-16 18:33 - 2013-05-29 13:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 18:33 - 2013-05-29 13:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-16 07:45 - 2009-07-14 05:45 - 04862872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 22:17 - 2013-08-06 17:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 22:16 - 2013-05-29 13:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-15 20:13 - 2013-08-03 11:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-01-11 08:55 - 2013-05-28 21:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Paint.NET
2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware
2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker
2014-01-07 12:10 - 2013-05-28 21:33 - 00000000 ____D () C:\Users\Christian
2014-01-07 12:00 - 2014-01-07 11:50 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk
2014-01-07 12:00 - 2014-01-07 11:49 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16
2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState
2014-01-04 13:55 - 2013-05-29 17:00 - 00000000 ____D () C:\Users\Liane\Documents\Arbeitszeit

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-31 17:07

==================== End Of Log ============================

Ich habe dann gewagt diese Datei zu löschen:
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe

Davor oder danach habe ich auch MBAM laufen lassen:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Christian :: STANDPC [Administrator]

Schutz: Aktiviert

03.02.2014 20:59:12
mbam-log-2014-02-03 (20-59-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 280824
Laufzeit: 1 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Also nix gefunden.

ESET habe ich auch laufen lassen, der findet einen html/scrinject.b.gen.
Da aber hier im Forum das als halb so wild eingestuft wird, habe ich da nix gemacht.
http://www.trojaner-board.de/127174-...ect-b-gen.html

Als nächstes werde ich TFC laufen lassen. Ich hoffe damit das Problem losgeworden zu sein. Was mich frustriert ist, dass auf meinem Rechner noscript läuft und auch AdblockEdge und trotzdem so ein Mist drauf kommt.

schrauber · 03.02.2014, 22:31

Hast Du denn nach all den Aktionen noch Probleme?

crixel · 03.02.2014, 22:39

Gute Frage. Ich habe das mit dem Hochpoppen des Tabs nicht jeden Tag gehabt, von daher weiss ich nicht ob es jetzt alles weg ist. Frage mich auch was die Quarantine.exe da gemacht hat. Nach all dem ganzen und auch noch TFC habe ich den Rechner neu gestartet und im Explorer hatte er nun meine Standardeinstellung dass Erweiterungen angezeigt werden vergessen. Sonst scheint alles normal.

schrauber · 04.02.2014, 17:13

die Quarantine.exe im Temp Ordner gehlrt zu JRT.

crixel · 04.02.2014, 20:44

Ah, Danke, eine Sorge weniger :-)

schrauber · 05.02.2014, 13:21

So bin ich

wadd haben wir sonst noch für Sorgen wo ich dran schrauben kann?

crixel · 09.02.2014, 15:54

Leider war es heute wieder soweit:
Kurz nach dem Einloggen in Ebay und etwas suchen kam wieder das Fenster von SYSTWEAK hoch mit Beschleunigen Sie blabla

FRST-Log

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014
Ran by Christian (administrator) on STANDPC on 09-02-2014 15:17:04
Running from D:\Lauf 5-Februar
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [VIAxHCUtl] - C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-09] (AVAST Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2014-01-17] (Sony Corporation)
HKU\S-1-5-21-1523883789-3797667583-3398338233-1001\...\MountPoints2: {ceefeeda-7e79-11e3-af2f-0019db67d5e3} - H:\Startme.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x094B2A30E45BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF SelectedSearchEngine: Google
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF Keyword.URL: https://www.google.com/search
FF NewTab: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash and Video Download - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-01-23]
FF Extension: Color Management - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\color_management@seanhayes.name.xpi [2013-05-28]
FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-28]
FF Extension: Adblock Edge - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-11]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-17] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-09] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-09 11:29 - 2014-02-09 11:29 - 00003584 _____ () C:\Users\Ricarda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-04 21:56 - 2014-02-04 21:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-03 22:17 - 2014-02-03 22:17 - 00020646 _____ () C:\Users\Liane\bookmarks-2014-02-03.json
2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes
2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:30 - 2014-02-09 14:54 - 00000000 ____D () C:\AdwCleaner
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:23 - 2014-02-09 15:17 - 00000000 ____D () C:\FRST
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-01-29 19:29 - 2014-02-09 13:52 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 20:13 - 2014-02-04 06:58 - 00001545 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-15 14:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:06 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-09 15:17 - 2014-02-03 20:23 - 00000000 ____D () C:\FRST
2014-02-09 15:16 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat
2014-02-09 15:16 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat
2014-02-09 15:16 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 15:14 - 2013-05-29 07:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-09 15:13 - 2013-05-29 07:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-09 15:11 - 2013-05-28 22:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-09 15:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 15:11 - 2009-07-14 05:51 - 00056159 _____ () C:\Windows\setupact.log
2014-02-09 15:10 - 2013-05-28 21:33 - 01768758 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 15:03 - 2013-05-29 13:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 14:54 - 2014-02-03 20:30 - 00000000 ____D () C:\AdwCleaner
2014-02-09 13:52 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-09 13:51 - 2014-01-01 16:26 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-09 13:51 - 2013-05-29 07:13 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-09 13:51 - 2013-05-29 07:13 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-09 13:51 - 2013-05-29 07:13 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-09 13:51 - 2013-05-29 07:13 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-09 13:51 - 2013-05-29 07:13 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-09 13:51 - 2013-05-29 07:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-09 11:29 - 2014-02-09 11:29 - 00003584 _____ () C:\Users\Ricarda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 11:28 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda\AppData\Local\VirtualStore
2014-02-06 10:03 - 2013-05-29 13:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-06 10:03 - 2013-05-29 13:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-06 10:03 - 2013-05-29 13:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:57 - 2014-02-04 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-04 20:45 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 20:45 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 06:58 - 2014-01-15 20:13 - 00001545 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-02-04 06:58 - 2013-05-28 21:33 - 00000000 ____D () C:\Users\Christian
2014-02-03 22:29 - 2010-11-21 04:47 - 00092616 _____ () C:\Windows\PFRO.log
2014-02-03 22:17 - 2014-02-03 22:17 - 00020646 _____ () C:\Users\Liane\bookmarks-2014-02-03.json
2014-02-03 22:17 - 2013-05-28 22:30 - 00000000 ____D () C:\Users\Liane
2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes
2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:30 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda
2014-02-03 20:28 - 2014-01-07 12:10 - 00012288 ___SH () C:\Users\Christian\Thumbs.db
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-02-03 15:22 - 2013-05-29 13:40 - 00000000 ____D () C:\Users\Rebekka\Documents\Schule
2014-01-31 20:32 - 2013-05-03 16:49 - 00027793 _____ () C:\Users\Christian\Documents\todo_cs.odt
2014-01-29 20:38 - 2014-01-07 11:39 - 00000000 ____D () C:\Perl64
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 07:56 - 2013-10-18 15:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-23 07:56 - 2013-05-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-16 18:47 - 2013-05-29 14:07 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-01-16 18:36 - 2013-05-28 21:49 - 00065208 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 18:34 - 2013-05-29 06:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-01-16 07:45 - 2009-07-14 05:45 - 04862872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 22:17 - 2013-08-06 17:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 22:16 - 2013-05-29 13:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 20:13 - 2013-08-03 11:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-01-11 08:55 - 2013-05-28 21:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Paint.NET

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 12:40

==================== End Of Log ============================

--- --- ---

Malware:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.09.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Christian :: STANDPC [Administrator]

Schutz: Deaktiviert

09.02.2014 15:24:51
mbam-log-2014-02-09 (15-24-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 282264
Laufzeit: 1 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ADWcleaner:

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 09/02/2014 um 15:32:01
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Christian - STANDPC
# Gestartet von : D:\Lauf 5-Februar\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\prefs.js ]


[ Datei : C:\Users\Rebekka\AppData\Roaming\Mozilla\Firefox\Profiles\oyef4b8j.default\prefs.js ]


[ Datei : C:\Users\Ricarda\AppData\Roaming\Mozilla\Firefox\Profiles\x85dedtl.default\prefs.js ]


[ Datei : C:\Users\Liane\AppData\Roaming\Mozilla\Firefox\Profiles\f5bskm1p.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1298 octets] - [03/02/2014 20:30:32]
AdwCleaner[R1].txt - [1250 octets] - [09/02/2014 14:54:10]
AdwCleaner[R2].txt - [1283 octets] - [09/02/2014 15:30:31]
AdwCleaner[S0].txt - [1361 octets] - [03/02/2014 20:32:27]
AdwCleaner[S1].txt - [1204 octets] - [09/02/2014 15:32:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1264 octets] ##########

Avast aus und JRT:

Code:

ATTFilter

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by Christian on 09.02.2014 at 15:37:24,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\plxuprsp.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2014 at 15:43:48,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und zuletzt FRST wieder:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014
Ran by Christian (administrator) on STANDPC on 09-02-2014 15:45:43
Running from D:\Lauf 5-Februar
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [VIAxHCUtl] - C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-09] (AVAST Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2014-01-17] (Sony Corporation)
HKU\S-1-5-21-1523883789-3797667583-3398338233-1001\...\MountPoints2: {ceefeeda-7e79-11e3-af2f-0019db67d5e3} - H:\Startme.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x094B2A30E45BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default
FF NewTab: www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: https://www.google.com/search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Color Management - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\color_management@seanhayes.name.xpi [2013-05-28]
FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-28]
FF Extension: Adblock Edge - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-11]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-17] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-09] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-09 11:29 - 2014-02-09 11:29 - 00003584 _____ () C:\Users\Ricarda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-04 21:56 - 2014-02-04 21:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-03 22:17 - 2014-02-03 22:17 - 00020646 _____ () C:\Users\Liane\bookmarks-2014-02-03.json
2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes
2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:30 - 2014-02-09 15:36 - 00000000 ____D () C:\AdwCleaner
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:23 - 2014-02-09 15:45 - 00000000 ____D () C:\FRST
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-01-29 19:29 - 2014-02-09 13:52 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 20:13 - 2014-02-04 06:58 - 00001545 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-15 14:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:06 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-09 15:45 - 2014-02-03 20:23 - 00000000 ____D () C:\FRST
2014-02-09 15:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 15:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-09 15:37 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat
2014-02-09 15:37 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat
2014-02-09 15:37 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 15:36 - 2014-02-03 20:30 - 00000000 ____D () C:\AdwCleaner
2014-02-09 15:33 - 2013-05-29 07:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-09 15:32 - 2013-05-28 21:33 - 01774928 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 15:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 15:32 - 2009-07-14 05:51 - 00056215 _____ () C:\Windows\setupact.log
2014-02-09 15:14 - 2013-05-29 07:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-09 15:11 - 2013-05-28 22:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-09 15:03 - 2013-05-29 13:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 13:52 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-09 13:51 - 2014-01-01 16:26 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-09 13:51 - 2013-05-29 07:13 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-09 13:51 - 2013-05-29 07:13 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-09 13:51 - 2013-05-29 07:13 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-09 13:51 - 2013-05-29 07:13 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-09 13:51 - 2013-05-29 07:13 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-09 13:51 - 2013-05-29 07:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-09 11:29 - 2014-02-09 11:29 - 00003584 _____ () C:\Users\Ricarda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 11:28 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda\AppData\Local\VirtualStore
2014-02-06 10:03 - 2013-05-29 13:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-06 10:03 - 2013-05-29 13:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-06 10:03 - 2013-05-29 13:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:57 - 2014-02-04 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-04 06:58 - 2014-01-15 20:13 - 00001545 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-02-04 06:58 - 2013-05-28 21:33 - 00000000 ____D () C:\Users\Christian
2014-02-03 22:29 - 2010-11-21 04:47 - 00092616 _____ () C:\Windows\PFRO.log
2014-02-03 22:17 - 2014-02-03 22:17 - 00020646 _____ () C:\Users\Liane\bookmarks-2014-02-03.json
2014-02-03 22:17 - 2013-05-28 22:30 - 00000000 ____D () C:\Users\Liane
2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Malwarebytes
2014-02-03 20:54 - 2014-02-03 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:30 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda
2014-02-03 20:28 - 2014-01-07 12:10 - 00012288 ___SH () C:\Users\Christian\Thumbs.db
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-02-03 15:22 - 2013-05-29 13:40 - 00000000 ____D () C:\Users\Rebekka\Documents\Schule
2014-01-31 20:32 - 2013-05-03 16:49 - 00027793 _____ () C:\Users\Christian\Documents\todo_cs.odt
2014-01-29 20:38 - 2014-01-07 11:39 - 00000000 ____D () C:\Perl64
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 07:56 - 2013-10-18 15:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-23 07:56 - 2013-05-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-16 18:47 - 2013-05-29 14:07 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-01-16 18:36 - 2013-05-28 21:49 - 00065208 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 18:34 - 2013-05-29 06:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-01-16 07:45 - 2009-07-14 05:45 - 04862872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 22:17 - 2013-08-06 17:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 22:16 - 2013-05-29 13:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 20:13 - 2013-08-03 11:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-01-11 08:55 - 2013-05-28 21:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Paint.NET

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 12:40

==================== End Of Log ============================

--- --- ---

Für mich sieht das so aus als ob die Ursache nicht gefunden wurde/wird.
Entweder ist ein Programm auf dem Rechner das dies bei Benutzung wieder verbiegt oder???
Frustriert...

schrauber · 10.02.2014, 10:14

Man muss unterscheiden zwischen aktiver Malware auf dem system und durch Malware zerschossene Browser.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

03.02.2014, 22:31	#2
schrauber /// the machine /// TB-Ausbilder	systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 Hast Du denn nach all den Aktionen noch Probleme? __________________ __________________

04.02.2014, 17:13	#4
schrauber /// the machine /// TB-Ausbilder	systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 die Quarantine.exe im Temp Ordner gehlrt zu JRT. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

05.02.2014, 13:21	#6
schrauber /// the machine /// TB-Ausbilder	systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14 So bin ich wadd haben wir sonst noch für Sorgen wo ich dran schrauben kann? __________________ --> systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14

systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14

Log-Analyse und Auswertung: systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14