win 7 browserumleitung

wagner123 · 30.01.2015, 19:29

hallo liebe leute,

firefox, opera und steambrowser werden beim klicken auf links auf eine pornoseite umgeleitet. ich bitte um hilfe.

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:49:52, on 30.01.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!

FIREFOX: 35.0.1 (x86 de)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
C:\Users\test\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [StartCCC] "g:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Origin Client Service - Electronic Arts - G:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RadeonPro Support Service - Mr. John aka japamd - g:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9909 bytes

--- --- ---

------

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 30.01.2015
Suchlauf-Zeit: 18:26:00
Logdatei:
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.30.06
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: test

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 337576
Verstrichene Zeit: 7 Min, 26 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)

(end)

hier die wohl relevanteren infos:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:12 on 30/01/2015 (test)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU

AEMON Tools Lite -> Removed

Checking for services/drivers...

-=E.O.F=-

-------
FRST Logfile:

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by test at 2015-01-30 19:15:08
Running from C:\Users\test\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will no

==================== Restore Points  =========================

= 

Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 29%
Total physical RAM: 8150.22 MB
Available physical RAM: 5767.43 MB
Total Pagefile: 16298.62 MB
Available Pagefile: 13478.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:90.67 GB) (Free:29.41 GB) NTFS
Drive d: (00058) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive e: (QUARANTÄNE) (Fixed) (Total:352.46 GB) (Free:119.4 GB) NTFS
Drive f: (DATEN) (Fixed) (Total:195.31 GB) (Free:194.67 GB) NTFS
Drive g: (PROGRAMME) (Fixed) (Total:292.97 GB) (Free:83.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FE3331A9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=90.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=352.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=488.3 GB) - (Type=OF Extended)

==================== End Of Log ============================

--- --- ---
GMER Logfile:

Code:

ATTFilter

GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2015-01-30 19:25:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HUA722010CLA331 rev.JP4OA3NH 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\test\AppData\Local\Temp\pxldipow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448                                                                                                                                                                fffff800031f8000 49 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 498                                                                                                                                                                fffff800031f8032 13 bytes [2E, 0A, A0, F8, FF, FF, 01, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                              0000000075371465 2 bytes [37, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                             00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                                                                                               * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                                                                           0000000072df1a22 2 bytes [DF, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                                                                           0000000072df1ad0 2 bytes [DF, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                                                                           0000000072df1b08 2 bytes [DF, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                                                                           0000000072df1bba 2 bytes [DF, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                                                                           0000000072df1bda 2 bytes [DF, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                    0000000075371465 2 bytes [37, 75]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                   00000000753714bb 2 bytes [37, 75]
.text     ...                                                                                                                                                                                                                               * 2
---- Processes - GMER 2.1 ----

Library   C:\Users\test\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUObserver37.gadget\GPUStatusReader.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [2076] (GPUStatusReader/Orbmu2k)(2013-02-20 13:04:30)  0000000060e90000

---- EOF - GMER 2.1 ----

--- --- ---

schrauber · 30.01.2015, 21:36

Hi,

poste jetzt bitte das komplette FRST Log, zur Nor aufteilen.

wagner123 · 30.01.2015, 21:42

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by test (administrator) on TEST on 30-01-2015 19:14:40
Running from C:\Users\test\Downloads
Loaded Profiles: test (Available profiles: test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Mr. John aka japamd) G:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Advanced Micro Devices Inc.) G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(ATI Technologies Inc.) G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Malwarebytes Corporation) G:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5119600 2012-05-11] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [StartCCC] => g:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1142954268-2013824982-1841893323-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1142954268-2013824982-1841893323-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\g7lafnru.default-1415268361285
FF Homepage: https://www.startpage.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> g:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> g:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1142954268-2013824982-1841893323-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPMyrMus.dll (Myriad Software.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-26] () [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 Origin Client Service; G:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-20] ()
R2 RadeonPro Support Service; g:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-10] (DT Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-02-19] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation)
R3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [48640 2010-11-23] (--)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 aswMBR; \??\C:\Users\test\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\test\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 19:14 - 2015-01-30 19:14 - 02130432 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2015-01-30 19:14 - 2015-01-30 19:14 - 00013884 _____ () C:\Users\test\Downloads\FRST.txt
2015-01-30 19:14 - 2015-01-30 19:14 - 00000000 ____D () C:\FRST
2015-01-30 19:12 - 2015-01-30 19:12 - 00050477 _____ () C:\Users\test\Downloads\Defogger.exe
2015-01-30 19:12 - 2015-01-30 19:12 - 00000540 _____ () C:\Users\test\Downloads\defogger_disable.log
2015-01-30 19:12 - 2015-01-30 19:12 - 00000168 _____ () C:\Users\test\defogger_reenable
2015-01-30 19:11 - 2015-01-30 19:11 - 00000000 _____ () C:\Users\test\Desktop\trojanerb.txt
2015-01-30 18:49 - 2015-01-30 18:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\test\Downloads\HijackThis.exe
2015-01-30 18:49 - 2015-01-30 18:49 - 00009910 _____ () C:\Users\test\Downloads\hijackthis.log
2015-01-30 18:46 - 2015-01-30 18:46 - 00002319 _____ () C:\Users\test\Desktop\aswMBR.txt
2015-01-30 18:46 - 2015-01-30 18:46 - 00000512 _____ () C:\Users\test\Desktop\MBR.dat
2015-01-30 18:44 - 2015-01-30 18:44 - 05198336 _____ (AVAST Software) C:\Users\test\Downloads\aswMBR.exe
2015-01-30 18:42 - 2015-01-30 18:42 - 00122142 _____ () C:\Users\test\Downloads\OTL.Txt
2015-01-30 18:42 - 2015-01-30 18:42 - 00090644 _____ () C:\Users\test\Downloads\Extras.Txt
2015-01-30 18:34 - 2015-01-30 18:34 - 00602112 _____ (OldTimer Tools) C:\Users\test\Downloads\OTL.exe
2015-01-30 18:33 - 2015-01-30 18:33 - 00001205 _____ () C:\Users\test\Desktop\mawarebytes.txt
2015-01-30 18:26 - 2015-01-30 18:51 - 00074528 _____ () C:\Users\test\Desktop\malwarebytes.txt
2015-01-30 18:25 - 2015-01-30 18:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 18:25 - 2015-01-30 18:25 - 00000790 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-30 18:25 - 2015-01-30 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-30 18:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 18:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 18:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 01:48 - 2015-01-30 11:27 - 00000882 _____ () C:\Windows\PFRO.log
2015-01-30 01:48 - 2015-01-30 11:27 - 00000168 _____ () C:\Windows\setupact.log
2015-01-30 01:48 - 2015-01-30 01:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-29 17:58 - 2015-01-30 01:48 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-01-29 17:58 - 2015-01-29 19:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-29 17:58 - 2015-01-29 19:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 17:58 - 2015-01-29 17:58 - 00003876 _____ () C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-01-27 18:25 - 2015-01-28 11:28 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422379552
2015-01-27 18:25 - 2015-01-27 18:25 - 00017029 _____ () C:\Users\test\Desktop\Opera 12 Notes.html
2015-01-27 18:25 - 2015-01-27 18:25 - 00001133 _____ () C:\Users\Public\Desktop\Opera 27.lnk
2015-01-27 18:25 - 2015-01-27 18:25 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 27.lnk
2015-01-27 18:25 - 2015-01-27 18:25 - 00000000 ____D () C:\Users\test\AppData\Roaming\Opera Software
2015-01-27 18:25 - 2015-01-27 18:25 - 00000000 ____D () C:\Users\test\AppData\Local\Opera Software
2015-01-23 14:43 - 2015-01-23 14:45 - 00011585 _____ () C:\Users\test\Desktop\X.odt
2015-01-22 16:41 - 2015-01-22 16:41 - 00001163 _____ () C:\Users\Public\Desktop\Theme Hospital.lnk
2015-01-22 16:41 - 2015-01-22 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theme Hospital
2015-01-22 16:33 - 2015-01-22 16:34 - 00556290 _____ () C:\Users\test\Desktop\OpenDocument Text (neu).odt
2015-01-16 20:31 - 2015-01-19 09:53 - 00002821 _____ () C:\Users\test\Desktop\XX 1.txt
2015-01-15 06:24 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:40 - 2014-12-03 13:41 - 00000699 _____ () C:\Users\test\Desktop\X.txt
2015-01-14 08:45 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:45 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:45 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:45 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:45 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 08:44 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:44 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:44 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:44 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:44 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:44 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:44 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 09:45 - 2015-01-13 09:54 - 00003947 _____ () C:\Users\test\Desktop\spiele.txt
2014-12-31 19:42 - 2014-12-31 19:51 - 176706928 _____ () C:\Users\test\Downloads\X.mp4
2014-12-31 17:53 - 2015-01-28 17:03 - 00001010 _____ () C:\Users\test\Desktop\Neues Textdokument.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 19:12 - 2013-02-18 18:42 - 00000000 ____D () C:\Users\test
2015-01-30 19:09 - 2014-11-24 10:19 - 01264327 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 17:11 - 2013-05-09 15:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-30 12:31 - 2013-02-25 13:37 - 00000000 ____D () C:\Users\test\AppData\Roaming\vlc
2015-01-30 11:35 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 11:35 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 11:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 00:31 - 2013-02-18 20:17 - 00000000 ____D () C:\ProgramData\Origin
2015-01-30 00:29 - 2014-01-24 17:38 - 00000000 ____D () C:\Users\test\AppData\Local\Battle.net
2015-01-29 19:07 - 2014-06-22 19:14 - 00000000 ____D () C:\Users\test\AppData\Local\Adobe
2015-01-29 11:02 - 2013-05-16 23:22 - 00000000 ____D () C:\Windows\Minidump
2015-01-29 09:08 - 2013-02-18 21:12 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-28 19:00 - 2014-05-31 17:17 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-28 19:00 - 2013-10-04 20:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-28 17:53 - 2013-12-29 15:52 - 00000000 ____D () C:\Users\test\Desktop\Y
2015-01-28 12:40 - 2013-04-12 10:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 11:51 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-01-28 11:51 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-01-28 11:51 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 22:59 - 2013-10-04 20:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-24 15:27 - 2014-02-12 12:49 - 00000000 ____D () C:\Users\test\Desktop\desktop 7 2014
2015-01-22 16:41 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-14 10:32 - 2014-04-25 17:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 10:30 - 2014-04-25 17:55 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-05-03 17:00 - 2013-05-05 11:24 - 0000100 _____ () C:\Users\test\AppData\Roaming\Camdata.ini
2013-05-03 17:00 - 2013-05-05 11:24 - 0000408 _____ () C:\Users\test\AppData\Roaming\CamLayout.ini
2013-05-03 17:00 - 2013-05-05 11:24 - 0000408 _____ () C:\Users\test\AppData\Roaming\CamShapes.ini
2013-05-03 17:00 - 2013-05-05 11:24 - 0004542 _____ () C:\Users\test\AppData\Roaming\CamStudio.cfg
2013-08-10 13:10 - 2013-08-10 13:10 - 0000133 _____ () C:\Users\test\AppData\Roaming\mbam.context.scan
2014-04-13 15:19 - 2014-04-13 15:19 - 0010240 _____ () C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-21 13:56 - 2013-02-21 13:56 - 0007597 _____ () C:\Users\test\AppData\Local\Resmon.ResmonCfg
2013-02-22 21:29 - 2013-02-22 21:29 - 21748128 _____ () C:\Users\test\AppData\Local\TempFullTiltPokerEuSetup.exe

Some content of TEMP:
====================
C:\Users\test\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 16:38

==================== End Of Log ============================

--- --- ---

schrauber · 31.01.2015, 11:50

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

wagner123 · 31.01.2015, 12:13

danke für deine hilfe. ich musste avira deinstallieren, um combofix starten zu können.

Code:

ATTFilter

ComboFix 15-01-29.01 - test 31.01.2015  11:57:10.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8150.5910 [GMT 1:00]
ausgeführt von:: c:\users\test\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\test\AppData\Local\TempFullTiltPokerEuSetup.exe
c:\windows\ST6UNST.000
E:\setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-28 bis 2015-01-31  ))))))))))))))))))))))))))))))
.
.
2015-01-31 11:01 . 2015-01-31 11:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-30 18:14 . 2015-01-30 18:15	--------	d-----w-	C:\FRST
2015-01-30 17:25 . 2015-01-30 17:25	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-30 17:25 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-01-30 17:25 . 2014-11-21 05:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-30 17:25 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-01-30 10:32 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C9CD3-51E7-42C5-9133-74BE9225D8EC}\mpengine.dll
2015-01-29 16:58 . 2015-01-29 18:07	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-29 16:58 . 2015-01-29 18:07	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-28 11:40 . 2015-01-28 11:40	73840	----a-w-	c:\program files (x86)\Mozilla Firefox\wow_helper.exe
2015-01-27 17:25 . 2015-01-27 17:25	--------	d-----w-	c:\users\test\AppData\Local\Opera Software
2015-01-27 17:25 . 2015-01-27 17:25	--------	d-----w-	c:\users\test\AppData\Roaming\Opera Software
2015-01-15 05:24 . 2014-12-19 01:46	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2015-01-14 07:45 . 2014-12-19 03:06	210432	----a-w-	c:\windows\system32\profsvc.dll
2015-01-14 07:45 . 2014-12-11 17:47	52736	----a-w-	c:\windows\system32\TSWbPrxy.exe
2015-01-14 07:45 . 2014-12-06 04:17	303616	----a-w-	c:\windows\system32\nlasvc.dll
2015-01-14 07:45 . 2014-12-06 03:50	52224	----a-w-	c:\windows\SysWow64\nlaapi.dll
2015-01-14 07:45 . 2014-12-06 03:50	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2015-01-14 07:44 . 2014-12-12 05:35	5553592	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-01-14 07:44 . 2014-12-12 05:11	3971512	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 07:44 . 2014-12-12 05:11	3916728	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 07:44 . 2014-12-12 05:31	503808	----a-w-	c:\windows\system32\srcore.dll
2015-01-14 07:44 . 2014-12-12 05:31	50176	----a-w-	c:\windows\system32\srclient.dll
2015-01-14 07:44 . 2014-12-12 05:31	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-01-14 07:44 . 2014-12-12 05:07	43008	----a-w-	c:\windows\SysWow64\srclient.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-28 18:00 . 2014-05-31 16:17	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2015-01-28 18:00 . 2013-10-04 19:18	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2015-01-27 21:59 . 2013-10-04 19:18	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2015-01-14 09:30 . 2014-04-25 16:55	113365784	----a-w-	c:\windows\system32\MRT.exe
2015-01-06 03:36 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-20 18:47 . 2013-10-04 19:18	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2014-11-24 22:12 . 2014-12-11 09:42	17874432	----a-w-	c:\windows\system32\mshtml.dll
2014-11-24 21:59 . 2014-12-11 09:42	448512	----a-w-	c:\windows\system32\html.iec
2014-11-24 21:54 . 2014-12-11 09:42	10921984	----a-w-	c:\windows\system32\ieframe.dll
2014-11-24 21:53 . 2014-12-11 09:42	2339840	----a-w-	c:\windows\system32\jscript9.dll
2014-11-24 21:47 . 2014-12-11 09:42	1388032	----a-w-	c:\windows\system32\urlmon.dll
2014-11-24 21:47 . 2014-12-11 09:42	1392128	----a-w-	c:\windows\system32\wininet.dll
2014-11-24 21:45 . 2014-12-11 09:42	1494016	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-24 21:45 . 2014-12-11 09:42	237056	----a-w-	c:\windows\system32\url.dll
2014-11-24 21:45 . 2014-12-11 09:42	86016	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-24 21:44 . 2014-12-11 09:42	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2014-11-24 21:44 . 2014-12-11 09:42	599040	----a-w-	c:\windows\system32\vbscript.dll
2014-11-24 21:44 . 2014-12-11 09:42	2157056	----a-w-	c:\windows\system32\iertutil.dll
2014-11-24 21:44 . 2014-12-11 09:42	816640	----a-w-	c:\windows\system32\jscript.dll
2014-11-24 21:44 . 2014-12-11 09:42	729088	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-24 21:44 . 2014-12-11 09:42	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-24 21:44 . 2014-12-11 09:42	282112	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-24 21:44 . 2014-12-11 09:42	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-11-24 21:44 . 2014-12-11 09:42	11264	----a-w-	c:\windows\system32\msfeedssync.exe
2014-11-24 21:43 . 2014-12-11 09:42	96768	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-24 21:43 . 2014-12-11 09:42	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-24 21:43 . 2014-12-11 09:42	12800	----a-w-	c:\windows\system32\mshta.exe
2014-11-24 21:42 . 2014-12-11 09:42	248320	----a-w-	c:\windows\system32\ieui.dll
2014-11-24 20:44 . 2014-12-11 09:42	367104	----a-w-	c:\windows\SysWow64\html.iec
2014-11-24 20:40 . 2014-12-11 09:42	1810944	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-24 20:35 . 2014-12-11 09:42	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-24 20:34 . 2014-12-11 09:42	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-24 20:33 . 2014-12-11 09:42	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-11-24 20:33 . 2014-12-11 09:42	421376	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-24 20:32 . 2014-12-11 09:42	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2014-11-24 20:32 . 2014-12-11 09:42	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-13 11:18 . 2014-11-13 11:18	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-11 03:09 . 2014-12-11 09:42	1190912	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 10:10	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 10:10	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 09:42	1011200	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 10:10	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 10:10	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 09:42	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 09:41	2048	----a-w-	c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 09:41	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2009-09-27 07:39	369152	--sh--w-	c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31	32256	--sh--w-	c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 08:11	719872	--sh--w-	c:\windows\SysWOW64\devil.dll
2004-01-24 22:00	70656	--sh--w-	c:\windows\SysWOW64\i420vfw.dll
2004-01-24 22:00	70656	--sh--w-	c:\windows\SysWOW64\yv12vfw.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-11 5119600]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"StartCCC"="g:\program files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 Origin Client Service;Origin Client Service;g:\program files (x86)\Origin\OriginClientService.exe;g:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 RadeonPro Support Service;RadeonPro Support Service;g:\program files (x86)\RadeonPro\RadeonProSupport.exe;g:\program files (x86)\RadeonPro\RadeonProSupport.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrackPro.sys [x]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\USBMAC64.SYS;c:\windows\SYSNATIVE\DRIVERS\USBMAC64.SYS [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-31 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_296_pepper.exe [2015-01-29 16:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\test\AppData\Roaming\Mozilla\Firefox\Profiles\g7lafnru.default-1415268361285\
FF - prefs.js: browser.startup.homepage - hxxps://www.startpage.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-BattlEye for OA - c:\program files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\UnInstallBE.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1142954268-2013824982-1841893323-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1142954268-2013824982-1841893323-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-31  12:02:47
ComboFix-quarantined-files.txt  2015-01-31 11:02
.
Vor Suchlauf: 13 Verzeichnis(se), 31.907.659.776 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 31.632.396.288 Bytes frei
.
- - End Of File - - 563B405373E7D2D19CAEBBFED7FEE30A
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 31.01.2015, 15:59

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

wagner123 · 31.01.2015, 16:32

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 31.01.2015
Suchlauf-Zeit: 16:06:50
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.31.03
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: test

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 355182
Verstrichene Zeit: 7 Min, 54 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 31/01/2015 um 16:18:25
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : test - TEST
# Gestartet von : C:\Users\test\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Better-Surf

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Chromium v


-\\ Opera v27.0.1689.54


*************************

AdwCleaner[R0].txt - [1913 octets] - [19/07/2014 10:58:49]
AdwCleaner[R1].txt - [1973 octets] - [19/07/2014 11:01:27]
AdwCleaner[R2].txt - [961 octets] - [12/11/2014 17:12:12]
AdwCleaner[R3].txt - [1085 octets] - [24/11/2014 10:24:02]
AdwCleaner[R4].txt - [1222 octets] - [31/01/2015 16:17:33]
AdwCleaner[S0].txt - [1984 octets] - [19/07/2014 11:03:36]
AdwCleaner[S1].txt - [1021 octets] - [12/11/2014 17:15:58]
AdwCleaner[S2].txt - [1144 octets] - [31/01/2015 16:18:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1204 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by test on 31.01.2015 at 16:23:13,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\g7lafnru.default-1415268361285\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.01.2015 at 16:25:19,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by test (administrator) on TEST on 31-01-2015 16:27:14
Running from C:\Users\test\Downloads
Loaded Profiles: test (Available profiles: test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Mr. John aka japamd) G:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5119600 2012-05-11] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [StartCCC] => g:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1142954268-2013824982-1841893323-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1142954268-2013824982-1841893323-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1142954268-2013824982-1841893323-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\g7lafnru.default-1415268361285
FF Homepage: https://www.startpage.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> g:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> g:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1142954268-2013824982-1841893323-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPMyrMus.dll (Myriad Software.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-26] () [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 Origin Client Service; G:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-20] ()
R2 RadeonPro Support Service; g:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-10] (DT Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-02-19] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [187912 2010-12-07] (Avid Technology, Inc.)
R3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [48640 2010-11-23] (--)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 16:26 - 2015-01-31 16:26 - 00000000 ____D () C:\Users\test\Downloads\FRST-OlderVersion
2015-01-31 16:25 - 2015-01-31 16:25 - 00000902 _____ () C:\Users\test\Desktop\JRT.txt
2015-01-31 16:23 - 2015-01-31 16:23 - 00000000 ____D () C:\Windows\ERUNT
2015-01-31 16:22 - 2015-01-31 16:22 - 01707939 _____ (Thisisu) C:\Users\test\Downloads\JRT.exe
2015-01-31 16:16 - 2015-01-31 16:16 - 02194432 _____ () C:\Users\test\Desktop\AdwCleaner_4.109.exe
2015-01-31 16:16 - 2015-01-31 16:16 - 00001198 _____ () C:\Users\test\Desktop\mbam.txt
2015-01-31 12:26 - 2015-01-31 12:25 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-31 12:24 - 2015-01-31 12:24 - 00000000 ____D () C:\Users\test\AppData\Roaming\Avira
2015-01-31 12:24 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-31 12:24 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-31 12:24 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-31 12:03 - 2015-01-31 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 12:03 - 2015-01-31 12:24 - 00000000 ____D () C:\ProgramData\Avira
2015-01-31 12:03 - 2015-01-31 12:03 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\test\Downloads\avira_de_av_5818677670__ws.exe
2015-01-31 12:03 - 2015-01-31 12:03 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 12:02 - 2015-01-31 12:02 - 00017086 _____ () C:\ComboFix.txt
2015-01-31 11:52 - 2015-01-31 12:02 - 00000000 ____D () C:\Qoobox
2015-01-31 11:52 - 2015-01-31 12:01 - 00000000 ____D () C:\Windows\erdnt
2015-01-31 11:52 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-31 11:52 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-31 11:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-31 11:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-31 11:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-31 11:52 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-31 11:52 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-31 11:52 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-31 11:51 - 2015-01-31 11:51 - 05611408 ____R (Swearware) C:\Users\test\Desktop\ComboFix.exe
2015-01-30 19:25 - 2015-01-30 19:25 - 00004215 _____ () C:\Users\test\Desktop\gmer.txt
2015-01-30 19:17 - 2015-01-30 19:17 - 00380416 _____ () C:\Users\test\Downloads\Gmer-19357.exe
2015-01-30 19:15 - 2015-01-30 19:15 - 00027803 _____ () C:\Users\test\Downloads\Addition.txt
2015-01-30 19:14 - 2015-01-31 16:27 - 00014054 _____ () C:\Users\test\Downloads\FRST.txt
2015-01-30 19:14 - 2015-01-31 16:27 - 00000000 ____D () C:\FRST
2015-01-30 19:14 - 2015-01-31 16:26 - 02130944 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2015-01-30 19:12 - 2015-01-30 19:12 - 00050477 _____ () C:\Users\test\Downloads\Defogger.exe
2015-01-30 19:12 - 2015-01-30 19:12 - 00000540 _____ () C:\Users\test\Downloads\defogger_disable.log
2015-01-30 19:12 - 2015-01-30 19:12 - 00000168 _____ () C:\Users\test\defogger_reenable
2015-01-30 19:11 - 2015-01-31 16:18 - 00074061 _____ () C:\Users\test\Desktop\trojanerb.txt
2015-01-30 18:49 - 2015-01-30 18:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\test\Downloads\HijackThis.exe
2015-01-30 18:49 - 2015-01-30 18:49 - 00009910 _____ () C:\Users\test\Downloads\hijackthis.log
2015-01-30 18:46 - 2015-01-30 18:46 - 00002319 _____ () C:\Users\test\Desktop\aswMBR.txt
2015-01-30 18:46 - 2015-01-30 18:46 - 00000512 _____ () C:\Users\test\Desktop\MBR.dat
2015-01-30 18:44 - 2015-01-30 18:44 - 05198336 _____ (AVAST Software) C:\Users\test\Downloads\aswMBR.exe
2015-01-30 18:42 - 2015-01-30 18:42 - 00122142 _____ () C:\Users\test\Downloads\OTL.Txt
2015-01-30 18:42 - 2015-01-30 18:42 - 00090644 _____ () C:\Users\test\Downloads\Extras.Txt
2015-01-30 18:34 - 2015-01-30 18:34 - 00602112 _____ (OldTimer Tools) C:\Users\test\Downloads\OTL.exe
2015-01-30 18:33 - 2015-01-30 18:33 - 00001205 _____ () C:\Users\test\Desktop\mawarebytes.txt
2015-01-30 18:26 - 2015-01-30 18:51 - 00074528 _____ () C:\Users\test\Desktop\malwarebytes.txt
2015-01-30 18:25 - 2015-01-31 16:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 18:25 - 2015-01-30 18:25 - 00000790 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-30 18:25 - 2015-01-30 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-30 18:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 18:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 18:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 01:48 - 2015-01-31 16:19 - 00136820 _____ () C:\Windows\PFRO.log
2015-01-30 01:48 - 2015-01-31 16:19 - 00000336 _____ () C:\Windows\setupact.log
2015-01-30 01:48 - 2015-01-30 01:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-29 17:58 - 2015-01-31 15:31 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-01-29 17:58 - 2015-01-29 19:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-29 17:58 - 2015-01-29 19:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 17:58 - 2015-01-29 17:58 - 00003876 _____ () C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-01-27 18:25 - 2015-01-28 11:28 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422379552
2015-01-27 18:25 - 2015-01-27 18:25 - 00017029 _____ () C:\Users\test\Desktop\Opera 12 Notes.html
2015-01-27 18:25 - 2015-01-27 18:25 - 00001133 _____ () C:\Users\Public\Desktop\Opera 27.lnk
2015-01-27 18:25 - 2015-01-27 18:25 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 27.lnk
2015-01-27 18:25 - 2015-01-27 18:25 - 00000000 ____D () C:\Users\test\AppData\Roaming\Opera Software
2015-01-27 18:25 - 2015-01-27 18:25 - 00000000 ____D () C:\Users\test\AppData\Local\Opera Software
2015-01-23 14:43 - 2015-01-23 14:45 - 00011585 _____ () C:\Users\test\Desktop\zähler.odt
2015-01-22 16:41 - 2015-01-22 16:41 - 00001163 _____ () C:\Users\Public\Desktop\Theme Hospital.lnk
2015-01-22 16:41 - 2015-01-22 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theme Hospital
2015-01-22 16:33 - 2015-01-22 16:34 - 00556290 _____ () C:\Users\test\Desktop\OpenDocument Text (neu).odt
2015-01-16 20:31 - 2015-01-19 09:53 - 00002821 _____ () C:\Users\test\Desktop\jazzwerkstatt 1.txt
2015-01-15 06:24 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:40 - 2014-12-03 13:41 - 00000699 _____ () C:\Users\test\Desktop\2014.txt
2015-01-14 08:45 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:45 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:45 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:45 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:45 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 08:44 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:44 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:44 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:44 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:44 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:44 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:44 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 09:45 - 2015-01-13 09:54 - 00003947 _____ () C:\Users\test\Desktop\spiele.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 16:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 16:18 - 2014-11-24 10:19 - 01344292 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 16:18 - 2014-07-19 10:58 - 00000000 ____D () C:\AdwCleaner
2015-01-31 12:40 - 2013-05-09 15:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-31 12:26 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 12:26 - 2009-07-14 05:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 12:24 - 2013-02-18 20:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 12:03 - 2013-10-04 20:17 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 12:01 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-31 00:42 - 2014-01-24 17:38 - 00000000 ____D () C:\Users\test\AppData\Local\Battle.net
2015-01-30 19:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-30 19:12 - 2013-02-18 18:42 - 00000000 ____D () C:\Users\test
2015-01-30 12:31 - 2013-02-25 13:37 - 00000000 ____D () C:\Users\test\AppData\Roaming\vlc
2015-01-30 00:31 - 2013-02-18 20:17 - 00000000 ____D () C:\ProgramData\Origin
2015-01-29 19:07 - 2014-06-22 19:14 - 00000000 ____D () C:\Users\test\AppData\Local\Adobe
2015-01-29 11:02 - 2013-05-16 23:22 - 00000000 ____D () C:\Windows\Minidump
2015-01-29 09:08 - 2013-02-18 21:12 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-28 19:00 - 2014-05-31 17:17 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-28 19:00 - 2013-10-04 20:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-28 17:53 - 2013-12-29 15:52 - 00000000 ____D () C:\Users\test\Desktop\xxx
2015-01-28 17:03 - 2014-12-31 17:53 - 00001010 _____ () C:\Users\test\Desktop\Neues Textdokument.txt
2015-01-28 12:40 - 2013-04-12 10:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 11:51 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-01-28 11:51 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-01-28 11:51 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 22:59 - 2013-10-04 20:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-24 15:27 - 2014-02-12 12:49 - 00000000 ____D () C:\Users\test\Desktop\desktop 7 2014
2015-01-22 16:41 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-14 10:32 - 2014-04-25 17:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 10:30 - 2014-04-25 17:55 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-05-03 17:00 - 2013-05-05 11:24 - 0000100 _____ () C:\Users\test\AppData\Roaming\Camdata.ini
2013-05-03 17:00 - 2013-05-05 11:24 - 0000408 _____ () C:\Users\test\AppData\Roaming\CamLayout.ini
2013-05-03 17:00 - 2013-05-05 11:24 - 0000408 _____ () C:\Users\test\AppData\Roaming\CamShapes.ini
2013-05-03 17:00 - 2013-05-05 11:24 - 0004542 _____ () C:\Users\test\AppData\Roaming\CamStudio.cfg
2013-08-10 13:10 - 2013-08-10 13:10 - 0000133 _____ () C:\Users\test\AppData\Roaming\mbam.context.scan
2014-04-13 15:19 - 2014-04-13 15:19 - 0010240 _____ () C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-21 13:56 - 2013-02-21 13:56 - 0007597 _____ () C:\Users\test\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\test\AppData\Local\Temp\avgnt.exe
C:\Users\test\AppData\Local\Temp\Quarantine.exe
C:\Users\test\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 16:38

==================== End Of Log ============================

--- --- ---

schrauber · 31.01.2015, 21:27

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

30.01.2015, 21:36	#2
schrauber /// the machine /// TB-Ausbilder	win 7 browserumleitung Hi, poste jetzt bitte das komplette FRST Log, zur Nor aufteilen. __________________ __________________

win 7 browserumleitung

Log-Analyse und Auswertung: win 7 browserumleitung