DHL Mail bekommen, Link geklickt und jetzt

Juerk · 07.03.2015, 15:32

Hat alles geklappt, keine besonderen Vorkommnisse.

Hier die ComboFix.txt

Code:

ATTFilter

ComboFix 15-03-01.01 - sgzoll 07.03.2015  15:08:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1213 [GMT 1:00]
ausgeführt von:: c:\users\sgzoll\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sgzoll\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\system32\AF15BDAEX.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-07 bis 2015-03-07  ))))))))))))))))))))))))))))))
.
.
2015-03-06 16:46 . 2015-03-06 16:46	--------	d-----w-	C:\TDSSKiller_Quarantine
2015-03-06 11:44 . 2015-01-29 09:49	9041640	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{203C6F64-EE05-4B4E-8820-A8327B3499C7}\mpengine.dll	ERROR(0x00000005)
2015-03-05 14:20 . 2015-03-05 14:52	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-05 14:18 . 2015-03-05 14:48	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-04 14:26 . 2015-03-04 14:29	--------	d-----w-	C:\FRST
2015-02-26 19:48 . 2015-02-26 20:03	--------	d-----w-	c:\program files\Mozilla Thunderbird
2015-02-19 10:43 . 2014-11-26 02:05	564224	----a-w-	c:\windows\system32\oleaut32.dll
2015-02-19 10:43 . 2015-01-09 00:20	2063360	----a-w-	c:\windows\system32\win32k.sys
2015-02-19 10:42 . 2015-01-13 01:39	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-02-19 10:40 . 2015-01-15 04:13	440760	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-02-19 10:39 . 2014-12-08 01:59	306176	----a-w-	c:\windows\system32\scesrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-04 13:40 . 2013-03-23 20:13	136216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-03-04 13:40 . 2013-03-23 20:13	105864	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-02-24 02:23 . 2010-03-04 11:04	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-02-05 18:27 . 2012-04-16 17:32	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-02-05 18:27 . 2011-06-09 17:50	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-29 09:49 . 2008-12-08 16:44	9041640	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll	ERROR(0x00000005)
2014-12-19 00:25 . 2015-01-16 17:45	115200	----a-w-	c:\windows\system32\drivers\mrxdav.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HP ENVY 4500 series (NET)"="c:\program files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" [2014-03-06 2427400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31087200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-03-04 703280]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2015-02-12 127792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\users\sgzoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-08 21:20	41056	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2008-11-03 13:14	217088	----a-w-	c:\program files\BisonCam\BsMnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 03:40	218032	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2008-11-14 21:02	218408	------w-	c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-11-21 21:07	13601312	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36	50472	------w-	c:\program files\HomeCinema\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-10-31 12:06	6609440	----a-w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-11-14 21:02	218408	------w-	c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-01-04 10:02	222504	------w-	c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe GE
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
HPService	REG_MULTI_SZ   	HPSLPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 12:21	1084744	----a-w-	c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 18:27]
.
2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-25 19:36]
.
2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-25 19:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.sgzoll-hamburg.de/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF - ExtSQL: !HIDDEN! 2009-09-21 19:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-03-07 15:22
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,8e,b0,30,fd,97,de,4e,b1,48,46,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,8e,b0,30,fd,97,de,4e,b1,48,46,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-07  15:28:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-03-07 14:28
.
Vor Suchlauf: 9 Verzeichnis(se), 197.255.110.656 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 197.203.304.448 Bytes frei
.
- - End Of File - - 9EB206D9C63368CE6E51BA03E5D367A9
5C616939100B85E558DA92B899A0FC36

schrauber · 08.03.2015, 08:27

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Juerk · 08.03.2015, 11:54

Hier die mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 08.03.2015 10:52:47, SYSTEM, SGZOLL-PC, Protection, Malware Protection, Starting, 
Protection, 08.03.2015 10:52:47, SYSTEM, SGZOLL-PC, Protection, Malware Protection, Started, 
Protection, 08.03.2015 10:52:47, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Starting, 
Update, 08.03.2015 10:52:51, SYSTEM, SGZOLL-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 08.03.2015 10:52:51, SYSTEM, SGZOLL-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.25.1, 
Update, 08.03.2015 10:53:07, SYSTEM, SGZOLL-PC, Manual, Malware Database, 2014.11.20.6, 2015.3.8.4, 
Protection, 08.03.2015 10:53:07, SYSTEM, SGZOLL-PC, Protection, Refresh, Starting, 
Protection, 08.03.2015 10:53:07, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Started, 
Protection, 08.03.2015 10:53:07, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 08.03.2015 10:53:07, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 08.03.2015 10:53:16, SYSTEM, SGZOLL-PC, Protection, Refresh, Success, 
Protection, 08.03.2015 10:53:16, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Starting, 
Protection, 08.03.2015 10:53:16, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Started, 
Protection, 08.03.2015 11:23:48, SYSTEM, SGZOLL-PC, Protection, Malware Protection, Starting, 
Protection, 08.03.2015 11:23:50, SYSTEM, SGZOLL-PC, Protection, Malware Protection, Started, 
Protection, 08.03.2015 11:23:50, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Starting, 
Protection, 08.03.2015 11:27:11, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Started, 

(end)

Als nächstes die AdwCleaner[Sx].txt.

Code:

ATTFilter

# AdwCleaner v4.111 - Bericht erstellt 08/03/2015 um 11:34:53
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : sgzoll - SGZOLL-PC
# Gestarted von : C:\Users\sgzoll\Downloads\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Datei Gelöscht : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Datei Gelöscht : C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar

***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.6001.19600


-\\ Mozilla Firefox v36.0.1 (x86 de)

[f60h71s2.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Search Results");
[f60h71s2.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Search Results");
[f60h71s2.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");

-\\ Google Chrome v40.0.2214.115

[C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
[C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Homepage] : hxxp://www.searchnu.com/410

*************************

AdwCleaner[R0].txt - [2768 Bytes] - [08/03/2015 11:31:30]
AdwCleaner[S0].txt - [2717 Bytes] - [08/03/2015 11:34:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2776  Bytes] ##########

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by sgzoll on 08.03.2015 at 11:42:39,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\sgzoll\AppData\Roaming\mozilla\firefox\profiles\f60h71s2.default\minidumps [167 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.03.2015 at 11:46:40,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und eine neue FRST.log

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015
Ran by sgzoll (administrator) on SGZOLL-PC on 08-03-2015 11:47:02
Running from C:\Users\sgzoll\Downloads
Loaded Profiles: sgzoll (Available profiles: sgzoll & JK)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1111336 2008-05-08] (Synaptics, Inc.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2427400 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-08-21] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\sgzoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1793512333-3686394424-291459576-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default
FF Homepage: hxxp://www.sgzoll-hamburg.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\abs@avira.com [2015-02-02]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Adblock Plus - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-25]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]
CHR Extension: (Google Drive) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]
CHR Extension: (YouTube) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Google Search) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-29]
CHR Extension: (Gmail) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 resetWinService; C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [70656 2008-10-29] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-28] () [File not signed]
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435016 2013-12-11] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1051976 2010-05-10] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [306816 2010-02-13] (AfaTech                  )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1461032 2008-12-04] (Bison Electronics. Inc. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-23] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S3 WINIO; C:\Windows\system32\WinIo.sys [9336 2008-12-09] () [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 11:46 - 2015-03-08 11:46 - 00000769 _____ () C:\Users\sgzoll\Desktop\JRT.txt
2015-03-08 11:42 - 2015-03-08 11:42 - 01388333 _____ (Thisisu) C:\Users\sgzoll\Downloads\JRT.exe
2015-03-08 11:31 - 2015-03-08 11:34 - 00000000 ____D () C:\AdwCleaner
2015-03-08 11:30 - 2015-03-08 11:30 - 02126848 _____ () C:\Users\sgzoll\Downloads\AdwCleaner_4.111.exe
2015-03-08 11:29 - 2015-03-08 11:29 - 00001767 _____ () C:\mbam.txt
2015-03-08 10:46 - 2015-03-08 10:46 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-08 10:46 - 2015-03-08 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-08 10:46 - 2015-03-08 10:46 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-08 10:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-08 10:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 10:45 - 2015-03-08 10:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\sgzoll\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-07 15:28 - 2015-03-07 15:28 - 00015026 _____ () C:\ComboFix.txt
2015-03-07 15:05 - 2015-03-07 15:28 - 00000000 ____D () C:\ComboFix
2015-03-07 15:05 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-07 15:05 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-07 15:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-07 15:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-07 15:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-07 15:05 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-07 15:05 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-07 15:05 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-07 15:03 - 2015-03-07 15:28 - 00000000 ____D () C:\Qoobox
2015-03-07 15:02 - 2015-03-07 15:26 - 00000000 ____D () C:\Windows\erdnt
2015-03-07 15:02 - 2015-03-07 15:02 - 05612482 ____R (Swearware) C:\Users\sgzoll\Downloads\ComboFix.exe
2015-03-06 17:46 - 2015-03-06 17:46 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-06 13:07 - 2015-03-06 13:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-05 15:20 - 2015-03-08 11:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-05 15:20 - 2015-03-08 10:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-05 15:20 - 2015-03-05 16:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-05 15:18 - 2015-03-05 16:14 - 00000000 ____D () C:\Users\sgzoll\Desktop\mbar
2015-03-05 15:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-05 15:17 - 2015-03-05 15:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\sgzoll\Downloads\mbar-1.09.1.1004.exe
2015-03-05 15:11 - 2015-03-05 15:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\sgzoll\Downloads\tdsskiller.exe
2015-03-04 15:54 - 2015-03-04 15:54 - 00380416 _____ () C:\Users\sgzoll\Downloads\Gmer-19357.exe
2015-03-04 15:47 - 2015-03-04 15:47 - 319602229 _____ () C:\Windows\MEMORY.DMP
2015-03-04 15:47 - 2015-03-04 15:47 - 00143616 _____ () C:\Windows\Minidump\Mini030415-01.dmp
2015-03-04 15:38 - 2015-03-04 15:38 - 00380416 _____ () C:\Users\sgzoll\Downloads\cgo96936.exe
2015-03-04 15:35 - 2015-03-04 15:35 - 00000725 _____ () C:\Users\sgzoll\Desktop\Addition_04-03-2015_15-29-44 - Verknüpfung.lnk
2015-03-04 15:35 - 2015-03-04 15:35 - 00000705 _____ () C:\Users\sgzoll\Desktop\FRST_04-03-2015_15-29-44 - Verknüpfung.lnk
2015-03-04 15:27 - 2015-03-04 15:29 - 00034880 _____ () C:\Users\sgzoll\Downloads\Addition.txt
2015-03-04 15:26 - 2015-03-08 11:47 - 00018509 _____ () C:\Users\sgzoll\Downloads\FRST.txt
2015-03-04 15:26 - 2015-03-08 11:47 - 00000000 ____D () C:\FRST
2015-03-04 15:24 - 2015-03-04 15:24 - 01132032 _____ (Farbar) C:\Users\sgzoll\Downloads\FRST.exe
2015-03-04 15:22 - 2015-03-04 16:07 - 00000474 _____ () C:\Users\sgzoll\Downloads\defogger_disable.log
2015-03-04 15:22 - 2015-03-04 15:22 - 00000000 _____ () C:\Users\sgzoll\defogger_reenable
2015-03-04 15:09 - 2015-03-04 15:09 - 00050477 _____ () C:\Users\sgzoll\Downloads\Defogger.exe
2015-02-26 20:48 - 2015-02-26 21:03 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-19 11:43 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-19 11:43 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-19 11:42 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-19 11:40 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-19 11:39 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-19 11:37 - 2015-02-03 12:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-19 11:37 - 2015-02-03 12:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-19 11:37 - 2015-02-03 12:57 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-19 11:37 - 2015-02-03 12:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-19 11:37 - 2015-02-03 12:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-02-19 11:37 - 2015-02-03 12:53 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-02-19 11:37 - 2015-02-03 12:52 - 06004736 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-19 11:37 - 2015-02-03 12:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-19 11:37 - 2015-02-03 12:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-19 11:37 - 2015-02-03 12:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-19 11:37 - 2015-02-03 12:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 11084288 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-19 11:37 - 2015-02-03 12:51 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-19 11:37 - 2015-02-03 12:49 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-19 11:37 - 2015-02-03 12:49 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-19 11:37 - 2015-02-03 12:49 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-02-19 11:37 - 2015-02-03 11:13 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-19 11:37 - 2015-02-03 09:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-19 11:37 - 2015-02-03 09:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-19 11:37 - 2015-02-03 09:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-19 11:37 - 2015-02-03 09:26 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-15 20:58 - 2015-02-15 21:02 - 00000068 _____ () C:\Windows\setupact.log
2015-02-15 20:58 - 2015-02-15 20:58 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 11:42 - 2009-02-21 10:52 - 01683364 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 11:41 - 2015-01-29 19:02 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Skype
2015-03-08 11:41 - 2013-06-25 20:36 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 11:40 - 2014-06-03 20:58 - 00000000 ___RD () C:\Users\sgzoll\Dropbox
2015-03-08 11:40 - 2014-06-03 20:54 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Dropbox
2015-03-08 11:40 - 2009-12-31 13:17 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-08 11:38 - 2013-06-25 20:36 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 11:38 - 2008-12-15 05:47 - 00235230 _____ () C:\ProgramData\nvModes.001
2015-03-08 11:36 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 11:36 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 11:36 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 11:35 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-08 11:27 - 2013-01-22 16:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 11:23 - 2015-02-03 16:34 - 00002468 _____ () C:\Windows\PFRO.log
2015-03-08 11:23 - 2008-12-15 05:37 - 00235230 _____ () C:\ProgramData\nvModes.dat
2015-03-07 15:28 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-03-07 15:28 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-03-07 15:21 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-07 15:18 - 2012-05-07 11:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-05 15:14 - 2014-08-05 10:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 15:13 - 2013-03-23 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 15:13 - 2013-03-23 21:13 - 00000000 ____D () C:\Program Files\Avira
2015-03-04 15:47 - 2014-05-23 12:29 - 00000000 ____D () C:\Windows\Minidump
2015-03-04 15:22 - 2009-02-21 11:13 - 00000000 ____D () C:\Users\sgzoll
2015-03-04 14:40 - 2013-03-23 21:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 14:40 - 2013-03-23 21:13 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-27 13:18 - 2011-10-09 19:39 - 00000000 ____D () C:\Program Files\StarMoney 6.0 S-Edition
2015-02-27 13:10 - 2006-11-02 11:33 - 01715172 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 03:23 - 2010-03-04 12:04 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-21 11:38 - 2009-02-25 19:15 - 00002631 _____ () C:\Users\sgzoll\Desktop\Microsoft Office Word 2007.lnk
2015-02-20 13:30 - 2013-06-25 20:36 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 12:00 - 2006-11-02 13:47 - 00314408 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-19 11:52 - 2013-07-13 10:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-19 11:44 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-19 11:43 - 2008-12-09 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-19 09:44 - 2014-06-03 20:58 - 00000965 _____ () C:\Users\sgzoll\Desktop\Dropbox.lnk
2015-02-19 09:44 - 2014-06-03 20:56 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2009-09-21 17:42 - 2009-09-21 17:42 - 0031007 _____ () C:\Users\sgzoll\AppData\Roaming\UserTile.png
2009-02-21 11:21 - 2012-11-29 21:56 - 0007868 _____ () C:\Users\sgzoll\AppData\Roaming\wklnhst.dat
2011-01-18 21:36 - 2011-01-18 21:36 - 0000680 _____ () C:\Users\sgzoll\AppData\Local\d3d9caps.dat
2009-10-26 20:31 - 2014-07-18 19:25 - 0017920 _____ () C:\Users\sgzoll\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-24 17:04 - 2014-10-24 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-11-09 19:55 - 2014-04-26 10:38 - 0012983 _____ () C:\ProgramData\hpzinstall.log
2008-12-15 05:47 - 2015-03-08 11:38 - 0235230 _____ () C:\ProgramData\nvModes.001
2008-12-15 05:37 - 2015-03-08 11:23 - 0235230 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\sgzoll\AppData\Local\Temp\avgnt.exe
C:\Users\sgzoll\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe2yqbj.dll
C:\Users\sgzoll\AppData\Local\Temp\Quarantine.exe
C:\Users\sgzoll\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 11:46

==================== End Of Log ============================

--- --- ---

schrauber · 08.03.2015, 19:01

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Juerk · 08.03.2015, 22:09

Hier die log.txt...

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=85abdf96ba746341be673d75b1fe210d
# engine=22812
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-08 08:40:25
# local_time=2015-03-08 09:40:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 204471 263379953 0 0
# scanned=231067
# found=0
# cleaned=0
# scan_time=5026

...und hier die checkup.txt

Code:

ATTFilter

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

Und zum Schluß nochmals die FRST.log

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2015 03
Ran by sgzoll (administrator) on SGZOLL-PC on 08-03-2015 21:59:37
Running from C:\Users\sgzoll\Downloads
Loaded Profiles: sgzoll (Available profiles: sgzoll & JK)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1111336 2008-05-08] (Synaptics, Inc.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2427400 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-08-21] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\sgzoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1793512333-3686394424-291459576-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-09] (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-09] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1793512333-3686394424-291459576-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default
FF Homepage: hxxp://www.sgzoll-hamburg.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-08-06] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\abs@avira.com [2015-02-02]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Adblock Plus - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-25]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR Profile: C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]
CHR Extension: (Google Drive) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]
CHR Extension: (YouTube) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Google Search) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-29]
CHR Extension: (Gmail) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 resetWinService; C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [70656 2008-10-29] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-28] () [File not signed]
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435016 2013-12-11] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1051976 2010-05-10] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [306816 2010-02-13] (AfaTech                  )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1461032 2008-12-04] (Bison Electronics. Inc. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-23] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S3 WINIO; C:\Windows\system32\WinIo.sys [9336 2008-12-09] () [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 21:59 - 2015-03-08 21:59 - 00000000 ____D () C:\Users\sgzoll\Downloads\FRST-OlderVersion
2015-03-08 21:49 - 2015-03-08 21:49 - 00852604 _____ () C:\Users\sgzoll\Downloads\SecurityCheck.exe
2015-03-08 20:13 - 2015-03-08 20:14 - 02347384 _____ (ESET) C:\Users\sgzoll\Downloads\esetsmartinstaller_deu.exe
2015-03-08 11:46 - 2015-03-08 11:46 - 00000769 _____ () C:\Users\sgzoll\Desktop\JRT.txt
2015-03-08 11:42 - 2015-03-08 11:42 - 01388333 _____ (Thisisu) C:\Users\sgzoll\Downloads\JRT.exe
2015-03-08 11:31 - 2015-03-08 11:34 - 00000000 ____D () C:\AdwCleaner
2015-03-08 11:30 - 2015-03-08 11:30 - 02126848 _____ () C:\Users\sgzoll\Downloads\AdwCleaner_4.111.exe
2015-03-08 11:29 - 2015-03-08 11:29 - 00001767 _____ () C:\mbam.txt
2015-03-08 10:46 - 2015-03-08 10:46 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-08 10:46 - 2015-03-08 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-08 10:46 - 2015-03-08 10:46 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-08 10:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-08 10:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 10:45 - 2015-03-08 10:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\sgzoll\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-07 15:28 - 2015-03-07 15:28 - 00015026 _____ () C:\ComboFix.txt
2015-03-07 15:05 - 2015-03-07 15:28 - 00000000 ____D () C:\ComboFix
2015-03-07 15:05 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-07 15:05 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-07 15:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-07 15:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-07 15:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-07 15:05 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-07 15:05 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-07 15:05 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-07 15:03 - 2015-03-07 15:28 - 00000000 ____D () C:\Qoobox
2015-03-07 15:02 - 2015-03-07 15:26 - 00000000 ____D () C:\Windows\erdnt
2015-03-07 15:02 - 2015-03-07 15:02 - 05612482 ____R (Swearware) C:\Users\sgzoll\Downloads\ComboFix.exe
2015-03-06 17:46 - 2015-03-06 17:46 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-06 13:07 - 2015-03-06 13:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-05 15:20 - 2015-03-08 18:34 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-05 15:20 - 2015-03-08 10:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-05 15:20 - 2015-03-05 16:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-05 15:18 - 2015-03-05 16:14 - 00000000 ____D () C:\Users\sgzoll\Desktop\mbar
2015-03-05 15:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-05 15:17 - 2015-03-05 15:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\sgzoll\Downloads\mbar-1.09.1.1004.exe
2015-03-05 15:11 - 2015-03-05 15:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\sgzoll\Downloads\tdsskiller.exe
2015-03-04 15:54 - 2015-03-04 15:54 - 00380416 _____ () C:\Users\sgzoll\Downloads\Gmer-19357.exe
2015-03-04 15:47 - 2015-03-04 15:47 - 319602229 _____ () C:\Windows\MEMORY.DMP
2015-03-04 15:47 - 2015-03-04 15:47 - 00143616 _____ () C:\Windows\Minidump\Mini030415-01.dmp
2015-03-04 15:38 - 2015-03-04 15:38 - 00380416 _____ () C:\Users\sgzoll\Downloads\cgo96936.exe
2015-03-04 15:35 - 2015-03-04 15:35 - 00000725 _____ () C:\Users\sgzoll\Desktop\Addition_04-03-2015_15-29-44 - Verknüpfung.lnk
2015-03-04 15:35 - 2015-03-04 15:35 - 00000705 _____ () C:\Users\sgzoll\Desktop\FRST_04-03-2015_15-29-44 - Verknüpfung.lnk
2015-03-04 15:27 - 2015-03-04 15:29 - 00034880 _____ () C:\Users\sgzoll\Downloads\Addition.txt
2015-03-04 15:26 - 2015-03-08 21:59 - 00018814 _____ () C:\Users\sgzoll\Downloads\FRST.txt
2015-03-04 15:26 - 2015-03-08 21:59 - 00000000 ____D () C:\FRST
2015-03-04 15:24 - 2015-03-08 21:59 - 01134592 _____ (Farbar) C:\Users\sgzoll\Downloads\FRST.exe
2015-03-04 15:22 - 2015-03-04 16:07 - 00000474 _____ () C:\Users\sgzoll\Downloads\defogger_disable.log
2015-03-04 15:22 - 2015-03-04 15:22 - 00000000 _____ () C:\Users\sgzoll\defogger_reenable
2015-03-04 15:09 - 2015-03-04 15:09 - 00050477 _____ () C:\Users\sgzoll\Downloads\Defogger.exe
2015-02-26 20:48 - 2015-02-26 21:03 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-19 11:43 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-19 11:43 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-19 11:42 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-19 11:40 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-19 11:39 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-19 11:37 - 2015-02-03 12:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-19 11:37 - 2015-02-03 12:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-19 11:37 - 2015-02-03 12:57 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-19 11:37 - 2015-02-03 12:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-19 11:37 - 2015-02-03 12:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-02-19 11:37 - 2015-02-03 12:53 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-02-19 11:37 - 2015-02-03 12:52 - 06004736 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-19 11:37 - 2015-02-03 12:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-19 11:37 - 2015-02-03 12:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-19 11:37 - 2015-02-03 12:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-19 11:37 - 2015-02-03 12:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 11084288 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-19 11:37 - 2015-02-03 12:51 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-19 11:37 - 2015-02-03 12:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-19 11:37 - 2015-02-03 12:49 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-19 11:37 - 2015-02-03 12:49 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-19 11:37 - 2015-02-03 12:49 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-02-19 11:37 - 2015-02-03 11:13 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-19 11:37 - 2015-02-03 09:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-19 11:37 - 2015-02-03 09:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-19 11:37 - 2015-02-03 09:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-19 11:37 - 2015-02-03 09:26 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-15 20:58 - 2015-02-15 21:02 - 00000068 _____ () C:\Windows\setupact.log
2015-02-15 20:58 - 2015-02-15 20:58 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 21:41 - 2013-06-25 20:36 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 21:34 - 2015-01-29 19:02 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Skype
2015-03-08 21:27 - 2013-01-22 16:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 21:03 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 21:03 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 11:42 - 2009-02-21 10:52 - 01683364 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 11:40 - 2014-06-03 20:58 - 00000000 ___RD () C:\Users\sgzoll\Dropbox
2015-03-08 11:40 - 2014-06-03 20:54 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Dropbox
2015-03-08 11:40 - 2009-12-31 13:17 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-08 11:38 - 2013-06-25 20:36 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 11:38 - 2008-12-15 05:47 - 00235230 _____ () C:\ProgramData\nvModes.001
2015-03-08 11:36 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 11:35 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-08 11:23 - 2015-02-03 16:34 - 00002468 _____ () C:\Windows\PFRO.log
2015-03-08 11:23 - 2008-12-15 05:37 - 00235230 _____ () C:\ProgramData\nvModes.dat
2015-03-07 15:28 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-03-07 15:28 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-03-07 15:21 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-07 15:18 - 2012-05-07 11:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-05 15:14 - 2014-08-05 10:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 15:13 - 2013-03-23 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 15:13 - 2013-03-23 21:13 - 00000000 ____D () C:\Program Files\Avira
2015-03-04 15:47 - 2014-05-23 12:29 - 00000000 ____D () C:\Windows\Minidump
2015-03-04 15:22 - 2009-02-21 11:13 - 00000000 ____D () C:\Users\sgzoll
2015-03-04 14:40 - 2013-03-23 21:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 14:40 - 2013-03-23 21:13 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-27 13:18 - 2011-10-09 19:39 - 00000000 ____D () C:\Program Files\StarMoney 6.0 S-Edition
2015-02-27 13:10 - 2006-11-02 11:33 - 01715172 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 03:23 - 2010-03-04 12:04 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-21 11:38 - 2009-02-25 19:15 - 00002631 _____ () C:\Users\sgzoll\Desktop\Microsoft Office Word 2007.lnk
2015-02-20 13:30 - 2013-06-25 20:36 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 12:00 - 2006-11-02 13:47 - 00314408 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-19 11:52 - 2013-07-13 10:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-19 11:44 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-19 11:43 - 2008-12-09 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-19 09:44 - 2014-06-03 20:58 - 00000965 _____ () C:\Users\sgzoll\Desktop\Dropbox.lnk
2015-02-19 09:44 - 2014-06-03 20:56 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2009-09-21 17:42 - 2009-09-21 17:42 - 0031007 _____ () C:\Users\sgzoll\AppData\Roaming\UserTile.png
2009-02-21 11:21 - 2012-11-29 21:56 - 0007868 _____ () C:\Users\sgzoll\AppData\Roaming\wklnhst.dat
2011-01-18 21:36 - 2011-01-18 21:36 - 0000680 _____ () C:\Users\sgzoll\AppData\Local\d3d9caps.dat
2009-10-26 20:31 - 2014-07-18 19:25 - 0017920 _____ () C:\Users\sgzoll\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-24 17:04 - 2014-10-24 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-11-09 19:55 - 2014-04-26 10:38 - 0012983 _____ () C:\ProgramData\hpzinstall.log
2008-12-15 05:47 - 2015-03-08 11:38 - 0235230 _____ () C:\ProgramData\nvModes.001
2008-12-15 05:37 - 2015-03-08 11:23 - 0235230 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\sgzoll\AppData\Local\Temp\avgnt.exe
C:\Users\sgzoll\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe2yqbj.dll
C:\Users\sgzoll\AppData\Local\Temp\Quarantine.exe
C:\Users\sgzoll\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 11:46

==================== End Of Log ============================

--- --- ---

Gruß Juerk

schrauber · 09.03.2015, 13:03

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

DHL Mail bekommen, Link geklickt und jetzt

Log-Analyse und Auswertung: DHL Mail bekommen, Link geklickt und jetzt