Trojaner-Board - Rechner lahm gelegt durch Pop-Ups, Werbefenster, Browserfenster

hey schrauber,

hier ein frisches FRST log:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015

Ran by ALFIR (administrator) on ALFIR-PC on 06-01-2015 13:21:16

Running from C:\Users\ALFIR\Desktop\Trojanerboard

Loaded Profile: ALFIR (Available profiles: ALFIR)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(AMD) C:\Windows\System32\atieclxx.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001\...\Run: [Google+ Auto Backup] => "C:\Users\ALFIR\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()

BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1400514259&from=tugs&uid=WDCXWD7500BPVT-24HXZT1_WD-WX71E31XK112XK112&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome

URLSearchHook: HKLM-x32 - (No Name) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - No File

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001 -> DefaultScope {F9860CF9-83A5-4094-B0DA-BAA0B8DB18CD} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B012DE80003D20131127&p={SearchTerms}

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001 -> {F9860CF9-83A5-4094-B0DA-BAA0B8DB18CD} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B012DE80003D20131127&p={SearchTerms}

BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - No Name - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.4.1
 

FireFox:

========

FF ProfilePath: C:\Users\ALFIR\AppData\Roaming\Mozilla\Firefox\Profiles\cos93n12.default-1420494905558

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4

FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-06-27]

FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack

FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2012-06-27]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-11-27]

FF HKU\S-1-5-21-4139373105-4022997019-1243156706-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 

Chrome: 

=======

CHR Profile: C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default

CHR Extension: (Google Präsentationen) - C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]

CHR Extension: (Google Docs) - C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]

CHR Extension: (Google Drive) - C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05]

CHR Extension: (YouTube) - C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]

CHR Extension: (Google-Suche) - C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]

CHR Extension: (Google Tabellen) - C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]

CHR Extension: (AVG Safe Search) - C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2015-01-05]

CHR Extension: (AVG Do Not Track) - C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-01-05]

CHR Extension: (Google Wallet) - C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]

CHR Extension: (Google Mail) - C:\Users\ALFIR\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-05]

CHR HKU\S-1-5-21-4139373105-4022997019-1243156706-1001\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\ALFIR\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path

CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-04-05]

CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\ALFIR\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-11-13] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

S2 0198671420490249mcinstcleanup; C:\windows\TEMP\019867~1.EXE -cleanup -nolog [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )

R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)

R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)

R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)

S3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()

S3 FUS2BASE; C:\Windows\System32\DRIVERS\fus2base.sys [696832 2009-06-10] (AVM Berlin)

R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228736 2010-12-13] (Vimicro Corporation)

R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)

U3 BcmSqlStartupSvc; No ImagePath

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

U2 CLKMSVC10_3A60B698; No ImagePath

U2 CLKMSVC10_C3B3B687; No ImagePath

U2 DriverService; No ImagePath

U2 IAStorDataMgrSvc; No ImagePath

U2 iATAgentService; No ImagePath

U2 idealife Update Service; No ImagePath

U3 IGRS; No ImagePath

U2 IviRegMgr; No ImagePath

U2 nvUpdatusService; No ImagePath

U2 Oasis2Service; No ImagePath

U2 PCCarerService; No ImagePath

U2 ReadyComm.DirectRouter; No ImagePath

U2 RichVideo; No ImagePath

U2 RtLedService; No ImagePath

U2 SeaPort; No ImagePath

U2 SoftwareService; No ImagePath

U3 SQLWriter; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-05 23:18 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll

2015-01-05 23:18 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll

2015-01-05 23:18 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll

2015-01-05 23:18 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe

2015-01-05 23:18 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe

2015-01-05 23:18 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll

2015-01-05 23:18 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll

2015-01-05 23:18 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe

2015-01-05 23:18 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe

2015-01-05 23:18 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll

2015-01-05 22:55 - 2015-01-05 22:55 - 00000000 ____D () C:\Users\ALFIR\Desktop\Alte Firefox-Daten

2015-01-05 22:50 - 2015-01-05 22:50 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-01-05 22:50 - 2015-01-05 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-05 22:48 - 2015-01-05 22:48 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-05 22:48 - 2015-01-05 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-05 22:45 - 2015-01-05 22:45 - 00244264 _____ () C:\Users\ALFIR\Downloads\Firefox Setup Stub 34.0.5.exe

2015-01-05 22:09 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2015-01-05 22:09 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2015-01-05 22:09 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2015-01-05 22:09 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2015-01-05 22:09 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2015-01-05 22:09 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2015-01-05 22:09 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2015-01-05 22:09 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2015-01-05 22:09 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2015-01-05 22:09 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2015-01-05 22:09 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2015-01-05 22:09 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2015-01-05 22:09 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2015-01-05 22:09 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2015-01-05 22:09 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2015-01-05 22:09 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2015-01-05 22:09 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2015-01-05 22:09 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2015-01-05 22:09 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2015-01-05 22:09 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2015-01-05 22:09 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2015-01-05 22:09 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2015-01-05 22:09 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2015-01-05 22:09 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2015-01-05 22:09 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2015-01-05 22:09 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2015-01-05 22:09 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2015-01-05 22:09 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2015-01-05 22:09 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2015-01-05 22:09 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2015-01-05 22:09 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2015-01-05 22:09 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2015-01-05 22:09 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2015-01-05 22:09 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2015-01-05 22:09 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2015-01-05 22:09 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2015-01-05 22:09 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2015-01-05 22:09 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2015-01-05 22:09 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2015-01-05 22:09 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2015-01-05 22:09 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2015-01-05 22:09 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-01-05 22:09 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2015-01-05 22:09 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2015-01-05 22:09 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2015-01-05 22:09 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2015-01-05 22:09 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2015-01-05 22:09 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2015-01-05 22:09 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2015-01-05 22:09 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2015-01-05 22:09 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2015-01-05 22:09 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2015-01-05 22:09 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2015-01-05 22:09 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2015-01-05 22:09 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2015-01-05 22:09 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2015-01-05 22:09 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2015-01-05 22:09 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll

2015-01-05 22:09 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys

2015-01-05 22:09 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll

2015-01-05 22:09 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2015-01-05 22:09 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2015-01-05 22:09 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll

2015-01-05 22:09 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll

2015-01-05 22:09 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2015-01-05 22:09 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll

2015-01-05 22:09 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll

2015-01-05 22:09 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll

2015-01-05 22:08 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2015-01-05 22:08 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll

2015-01-05 22:08 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2015-01-05 22:08 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll

2015-01-05 22:08 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe

2015-01-05 22:08 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe

2015-01-05 22:08 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2015-01-05 22:08 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2015-01-05 22:08 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2015-01-05 22:08 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2015-01-05 22:08 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll

2015-01-05 22:08 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll

2015-01-05 22:08 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll

2015-01-05 22:08 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll

2015-01-05 22:08 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll

2015-01-05 22:08 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll

2015-01-05 22:08 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll

2015-01-05 22:08 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll

2015-01-05 22:08 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL

2015-01-05 22:08 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL

2015-01-05 22:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2015-01-05 22:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2015-01-05 22:07 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll

2015-01-05 22:07 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll

2015-01-05 22:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll

2015-01-05 22:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll

2015-01-05 22:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll

2015-01-05 22:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll

2015-01-05 22:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe

2015-01-05 22:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll

2015-01-05 22:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll

2015-01-05 22:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll

2015-01-05 22:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll

2015-01-05 22:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

2015-01-05 22:07 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2015-01-05 22:07 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2015-01-05 22:07 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2015-01-05 22:07 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2015-01-05 22:07 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2015-01-05 22:07 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2015-01-05 22:06 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll

2015-01-05 22:06 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll

2015-01-05 22:06 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll

2015-01-05 22:06 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll

2015-01-05 22:06 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2015-01-05 22:04 - 2015-01-05 22:04 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-05 22:04 - 2015-01-05 22:03 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2015-01-05 22:03 - 2015-01-05 22:03 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2015-01-05 22:03 - 2015-01-05 22:03 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2015-01-05 22:03 - 2015-01-05 22:03 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-05 22:03 - 2015-01-05 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-01-05 21:53 - 2015-01-05 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-06 13:21 - 2014-10-19 16:25 - 00000000 ___DC () C:\FRST

2015-01-06 13:21 - 2014-10-19 16:23 - 00000000 ____D () C:\Users\ALFIR\Desktop\Trojanerboard

2015-01-06 13:21 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-06 13:21 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-06 13:17 - 2011-08-25 10:51 - 00295522 _____ () C:\windows\system32\fastboot.set

2015-01-06 13:16 - 2011-10-25 18:22 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-06 13:16 - 2011-08-25 10:49 - 03153877 ____C () C:\FaceProv.log

2015-01-06 13:15 - 2013-04-22 22:43 - 00067904 _____ () C:\windows\setupact.log

2015-01-06 13:15 - 2011-08-25 10:43 - 00416384 _____ () C:\windows\system32\TPHDLOG0.LOG

2015-01-06 13:15 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2015-01-06 13:15 - 2009-07-14 05:45 - 00337808 _____ () C:\windows\system32\FNTCACHE.DAT

2015-01-06 13:13 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions

2015-01-06 13:12 - 2013-04-30 13:49 - 00423764 _____ () C:\windows\PFRO.log

2015-01-05 23:37 - 2011-08-25 10:05 - 02072581 _____ () C:\windows\WindowsUpdate.log

2015-01-05 23:36 - 2011-10-25 20:38 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-01-05 23:27 - 2013-08-15 02:02 - 00000000 ____D () C:\windows\system32\MRT

2015-01-05 23:24 - 2011-10-25 18:22 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-05 23:08 - 2011-08-25 10:43 - 03419584 _____ () C:\windows\system32\TPAPSLOG.LOG

2015-01-05 23:08 - 2011-08-23 22:42 - 12322526 _____ () C:\windows\system32\perfh007.dat

2015-01-05 23:08 - 2011-08-23 22:42 - 03908842 _____ () C:\windows\system32\perfc007.dat

2015-01-05 23:08 - 2009-07-14 06:13 - 00006308 _____ () C:\windows\system32\PerfStringBackup.INI

2015-01-05 22:50 - 2012-11-27 04:36 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-01-05 22:48 - 2011-08-25 11:00 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-05 22:40 - 2013-06-05 17:23 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2015-01-05 22:30 - 2014-04-25 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer

2015-01-05 22:28 - 2010-02-22 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2015-01-05 22:19 - 2011-10-25 18:22 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-05 22:19 - 2011-10-25 18:22 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-05 22:18 - 2014-05-19 16:44 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2015-01-05 22:15 - 2009-07-14 04:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy

2015-01-05 22:10 - 2011-12-16 17:40 - 00000000 ____D () C:\Users\ALFIR\AppData\Local\Adobe

2015-01-05 22:09 - 2013-06-05 17:23 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2015-01-05 22:09 - 2012-06-07 16:44 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2015-01-05 22:09 - 2012-01-22 22:59 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-05 22:03 - 2012-02-04 17:13 - 00000000 ____D () C:\Program Files (x86)\Java
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-11-04 03:00
 

==================== End Of Log ============================

--- --- ---

abgesehen davon, dass firefox mit leichter verzögerung startet läufts wieder (das kann abe auch am rechner an sich liegen).

lieber gruß und thx

hey schrauber,
erst einmal schonmal vielen Dank.
Bevor wir den Thread schliessen und ich noch einiges an Lob loswerden kann, folgendes:

Ich habe die oben von Dir genannten Sicherheitstips gelesen und die entsprechenden Tools innstalliert.

Ich hab dann einfach mal Malwarebytes durchlaufen lassen und er fand zahlreiche schadsoftware. Ich habe alle markiert und aktion durchführen gedrückt um die daten in quarantäne zu stellen.

Obwohl bei diesem Suchlauf einiges gefunden wurde und einige datein in qurantäe sind, ist die log dieses suchlaufes leer.

Hier ein frisches FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015

Ran by dieserRechner (administrator) on dieserRechner-PC on 08-01-2015 22:36:37

Running from C:\Users\dieserRechner\Desktop\Trojanerboard

Loaded Profiles: dieserRechner &  (Available profiles: dieserRechner)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001\...\Run: [Google+ Auto Backup] => "C:\Users\dieserRechner\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google+ Auto Backup] => "C:\Users\dieserRechner\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Google+ Auto Backup] => "C:\Users\dieserRechner\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome

URLSearchHook: HKLM-x32 - (No Name) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - No File

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001 -> DefaultScope {F9860CF9-83A5-4094-B0DA-BAA0B8DB18CD} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B012DE80003D20131127&p={SearchTerms}

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001 -> {F9860CF9-83A5-4094-B0DA-BAA0B8DB18CD} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B012DE80003D20131127&p={SearchTerms}

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {F9860CF9-83A5-4094-B0DA-BAA0B8DB18CD} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B012DE80003D20131127&p={SearchTerms}

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F9860CF9-83A5-4094-B0DA-BAA0B8DB18CD} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B012DE80003D20131127&p={SearchTerms}

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {F9860CF9-83A5-4094-B0DA-BAA0B8DB18CD} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B012DE80003D20131127&p={SearchTerms}

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN

SearchScopes: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {F9860CF9-83A5-4094-B0DA-BAA0B8DB18CD} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B012DE80003D20131127&p={SearchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

Toolbar: HKLM-x32 - No Name - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File

Toolbar: HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.4.1
 

FireFox:

========

FF ProfilePath: C:\Users\dieserRechner\AppData\Roaming\Mozilla\Firefox\Profiles\cos93n12.default-1420494905558

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File

FF Extension: WOT - C:\Users\dieserRechner\AppData\Roaming\Mozilla\Firefox\Profiles\cos93n12.default-1420494905558\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-01-07]

FF Extension: NoScript - C:\Users\dieserRechner\AppData\Roaming\Mozilla\Firefox\Profiles\cos93n12.default-1420494905558\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-07]

FF Extension: Adblock Plus - C:\Users\dieserRechner\AppData\Roaming\Mozilla\Firefox\Profiles\cos93n12.default-1420494905558\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07]
 

Chrome: 

=======

CHR Profile: C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default

CHR Extension: (Google Präsentationen) - C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]

CHR Extension: (Google Docs) - C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]

CHR Extension: (Google Drive) - C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05]

CHR Extension: (YouTube) - C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]

CHR Extension: (Google-Suche) - C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]

CHR Extension: (Google Tabellen) - C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]

CHR Extension: (AVG Safe Search) - C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2015-01-05]

CHR Extension: (AVG Do Not Track) - C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-01-05]

CHR Extension: (Google Wallet) - C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]

CHR Extension: (Google Mail) - C:\Users\dieserRechner\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKU\S-1-5-21-4139373105-4022997019-1243156706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\dieserRechner\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)

S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)

S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)

S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)

S2 0040561420585751mcinstcleanup; C:\Users\dieserRechner\AppData\Local\Temp\004056~1.EXE -cleanup -nolog [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)

R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)

S3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()

U0 dywbo; C:\Windows\System32\drivers\xldjhd.sys [79064 2015-01-08] (Malwarebytes Corporation)

S3 FUS2BASE; C:\Windows\System32\DRIVERS\fus2base.sys [696832 2009-06-10] (AVM Berlin)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-08] (Malwarebytes Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)

R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228736 2010-12-13] (Vimicro Corporation)

R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)

U3 BcmSqlStartupSvc; No ImagePath

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

U2 CLKMSVC10_3A60B698; No ImagePath

U2 CLKMSVC10_C3B3B687; No ImagePath

U2 DriverService; No ImagePath

U2 IAStorDataMgrSvc; No ImagePath

U2 iATAgentService; No ImagePath

U2 idealife Update Service; No ImagePath

U3 IGRS; No ImagePath

U2 IviRegMgr; No ImagePath

U2 nvUpdatusService; No ImagePath

U2 Oasis2Service; No ImagePath

U2 PCCarerService; No ImagePath

U2 ReadyComm.DirectRouter; No ImagePath

U2 RichVideo; No ImagePath

U2 RtLedService; No ImagePath

U2 SeaPort; No ImagePath

U2 SoftwareService; No ImagePath

U3 SQLWriter; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-08 22:34 - 2015-01-08 22:36 - 00000000 ___DC () C:\FRST

2015-01-08 22:32 - 2015-01-08 22:32 - 00000000 __SHD () C:\Users\dieserRechner\AppData\Local\EmieBrowserModeList

2015-01-08 22:24 - 2015-01-08 22:24 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\xldjhd.sys

2015-01-08 22:24 - 2015-01-08 22:24 - 00001550 _____ () C:\windows\SysWOW64\ajkdase

2015-01-07 22:32 - 2015-01-07 22:32 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

2015-01-07 22:31 - 2015-01-07 22:31 - 05490752 _____ (Secunia) C:\Users\dieserRechner\Downloads\PSISetup10004(1).exe

2015-01-07 17:49 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2015-01-07 17:49 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2015-01-07 01:36 - 2015-01-07 01:37 - 01528320 _____ () C:\Users\dieserRechner\Downloads\msxml6.msi

2015-01-07 01:05 - 2015-01-07 01:05 - 00448512 _____ (OldTimer Tools) C:\Users\dieserRechner\Downloads\TFC.exe

2015-01-07 00:56 - 2015-01-07 00:57 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2015-01-07 00:56 - 2015-01-07 00:56 - 00001083 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk

2015-01-07 00:56 - 2015-01-07 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2015-01-07 00:56 - 2015-01-07 00:56 - 00000000 ____D () C:\ProgramData\Licenses

2015-01-07 00:56 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL

2015-01-07 00:55 - 2015-01-07 00:55 - 04095448 _____ (BrightFort LLC ) C:\Users\dieserRechner\Downloads\spywareblastersetup50.exe

2015-01-07 00:51 - 2015-01-07 00:51 - 00700980 _____ () C:\Users\dieserRechner\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi

2015-01-07 00:48 - 2015-01-07 00:48 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk

2015-01-07 00:43 - 2015-01-07 00:43 - 00000000 ____D () C:\Users\dieserRechner\AppData\Roaming\WinRAR

2015-01-07 00:42 - 2015-01-07 00:42 - 00000000 ____D () C:\Users\dieserRechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-01-07 00:42 - 2015-01-07 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-01-07 00:42 - 2015-01-07 00:38 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys

2015-01-07 00:41 - 2015-01-07 00:49 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-07 00:41 - 2015-01-07 00:42 - 00000000 ____D () C:\Program Files\WinRAR

2015-01-07 00:38 - 2015-01-07 00:38 - 02060888 _____ () C:\Users\dieserRechner\Downloads\winrar-x64-520d.exe

2015-01-07 00:37 - 2015-01-07 00:37 - 00000000 ____D () C:\Users\dieserRechner\Documents\Add-in Express

2015-01-07 00:37 - 2015-01-07 00:37 - 00000000 ____D () C:\Users\dieserRechner\AppData\Roaming\Avira

2015-01-07 00:34 - 2015-01-07 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-01-07 00:34 - 2015-01-07 00:34 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2015-01-07 00:32 - 2015-01-07 00:48 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-01-07 00:32 - 2015-01-07 00:41 - 00000000 ____D () C:\ProgramData\Avira

2015-01-07 00:32 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys

2015-01-07 00:32 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys

2015-01-07 00:32 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys

2015-01-07 00:24 - 2015-01-07 00:27 - 154051656 _____ () C:\Users\dieserRechner\Downloads\avira_free_antivirus468_de.exe

2015-01-07 00:21 - 2015-01-07 00:21 - 00000000 ____D () C:\Users\dieserRechner\AppData\Roaming\WinPatrol

2015-01-07 00:21 - 2015-01-07 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

2015-01-07 00:21 - 2015-01-07 00:21 - 00000000 ____D () C:\ProgramData\InstallMate

2015-01-07 00:21 - 2015-01-07 00:21 - 00000000 ____D () C:\Program Files (x86)\Ruiware

2015-01-07 00:20 - 2015-01-07 00:20 - 01156136 _____ (Ruiware) C:\Users\dieserRechner\Downloads\wpsetup.exe

2015-01-07 00:19 - 2015-01-07 00:19 - 02617344 _____ () C:\Users\dieserRechner\Downloads\msxml6_x64.msi

2015-01-07 00:17 - 2015-01-08 22:34 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-07 00:17 - 2015-01-07 01:33 - 00001310 _____ () C:\windows\SecuniaPackage.log

2015-01-07 00:16 - 2015-01-07 00:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\dieserRechner\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-07 00:16 - 2015-01-07 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-07 00:16 - 2015-01-07 00:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-07 00:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2015-01-07 00:16 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2015-01-07 00:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2015-01-07 00:13 - 2015-01-07 22:32 - 00000000 ____D () C:\Program Files (x86)\Secunia

2015-01-07 00:13 - 2015-01-07 00:13 - 05490752 _____ (Secunia) C:\Users\dieserRechner\Downloads\PSISetup10004.exe

2015-01-07 00:13 - 2015-01-07 00:13 - 00000000 ____D () C:\Users\dieserRechner\AppData\Local\Secunia PSI

2015-01-07 00:08 - 2015-01-07 00:08 - 00000000 ____D () C:\Program Files\McAfee

2015-01-07 00:00 - 2015-01-07 00:02 - 00000543 ____C () C:\DelFix.txt

2015-01-05 23:18 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll

2015-01-05 23:18 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll

2015-01-05 23:18 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll

2015-01-05 23:18 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe

2015-01-05 23:18 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe

2015-01-05 23:18 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll

2015-01-05 23:18 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll

2015-01-05 23:18 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe

2015-01-05 23:18 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe

2015-01-05 23:18 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll

2015-01-05 22:55 - 2015-01-05 22:55 - 00000000 ____D () C:\Users\dieserRechner\Desktop\Alte Firefox-Daten

2015-01-05 22:50 - 2015-01-05 22:50 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-01-05 22:50 - 2015-01-05 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-05 22:48 - 2015-01-05 22:48 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-05 22:48 - 2015-01-05 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-05 22:45 - 2015-01-05 22:45 - 00244264 _____ () C:\Users\dieserRechner\Downloads\Firefox Setup Stub 34.0.5.exe

2015-01-05 22:09 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2015-01-05 22:09 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2015-01-05 22:09 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2015-01-05 22:09 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2015-01-05 22:09 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2015-01-05 22:09 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2015-01-05 22:09 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2015-01-05 22:09 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2015-01-05 22:09 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2015-01-05 22:09 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2015-01-05 22:09 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2015-01-05 22:09 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2015-01-05 22:09 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2015-01-05 22:09 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2015-01-05 22:09 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2015-01-05 22:09 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2015-01-05 22:09 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2015-01-05 22:09 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2015-01-05 22:09 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2015-01-05 22:09 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2015-01-05 22:09 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2015-01-05 22:09 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2015-01-05 22:09 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2015-01-05 22:09 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2015-01-05 22:09 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2015-01-05 22:09 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2015-01-05 22:09 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2015-01-05 22:09 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2015-01-05 22:09 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2015-01-05 22:09 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2015-01-05 22:09 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2015-01-05 22:09 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2015-01-05 22:09 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2015-01-05 22:09 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2015-01-05 22:09 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2015-01-05 22:09 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2015-01-05 22:09 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2015-01-05 22:09 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2015-01-05 22:09 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2015-01-05 22:09 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-01-05 22:09 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2015-01-05 22:09 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2015-01-05 22:09 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2015-01-05 22:09 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2015-01-05 22:09 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2015-01-05 22:09 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2015-01-05 22:09 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2015-01-05 22:09 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2015-01-05 22:09 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2015-01-05 22:09 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2015-01-05 22:09 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2015-01-05 22:09 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2015-01-05 22:09 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2015-01-05 22:09 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2015-01-05 22:09 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2015-01-05 22:09 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll

2015-01-05 22:09 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys

2015-01-05 22:09 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll

2015-01-05 22:09 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2015-01-05 22:09 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2015-01-05 22:09 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll

2015-01-05 22:09 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll

2015-01-05 22:09 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll

2015-01-05 22:09 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll

2015-01-05 22:09 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll

2015-01-05 22:09 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll

2015-01-05 22:08 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2015-01-05 22:08 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll

2015-01-05 22:08 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2015-01-05 22:08 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll

2015-01-05 22:08 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe

2015-01-05 22:08 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe

2015-01-05 22:08 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2015-01-05 22:08 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2015-01-05 22:08 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2015-01-05 22:08 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2015-01-05 22:08 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll

2015-01-05 22:08 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll

2015-01-05 22:08 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll

2015-01-05 22:08 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll

2015-01-05 22:08 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll

2015-01-05 22:08 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll

2015-01-05 22:08 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll

2015-01-05 22:08 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll

2015-01-05 22:08 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL

2015-01-05 22:08 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL

2015-01-05 22:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2015-01-05 22:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2015-01-05 22:07 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll

2015-01-05 22:07 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll

2015-01-05 22:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll

2015-01-05 22:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll

2015-01-05 22:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll

2015-01-05 22:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll

2015-01-05 22:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe

2015-01-05 22:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll

2015-01-05 22:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll

2015-01-05 22:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll

2015-01-05 22:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll

2015-01-05 22:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe

2015-01-05 22:07 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2015-01-05 22:07 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2015-01-05 22:07 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2015-01-05 22:07 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2015-01-05 22:07 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2015-01-05 22:07 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2015-01-05 22:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2015-01-05 22:06 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll

2015-01-05 22:06 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll

2015-01-05 22:06 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll

2015-01-05 22:06 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll

2015-01-05 22:06 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2015-01-05 22:04 - 2015-01-05 22:04 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-05 22:04 - 2015-01-05 22:03 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2015-01-05 22:03 - 2015-01-05 22:03 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2015-01-05 22:03 - 2015-01-05 22:03 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2015-01-05 22:03 - 2015-01-05 22:03 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-05 22:03 - 2015-01-05 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-01-05 21:53 - 2015-01-05 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-08 22:36 - 2014-10-19 16:23 - 00000000 ____D () C:\Users\dieserRechner\Desktop\Trojanerboard

2015-01-08 22:31 - 2011-08-25 10:05 - 01240458 _____ () C:\windows\WindowsUpdate.log

2015-01-08 22:24 - 2014-05-19 16:53 - 00000000 ____D () C:\Users\dieserRechner\AppData\Local\com

2015-01-08 22:24 - 2011-10-25 18:22 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-08 22:24 - 2011-10-25 18:22 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-08 22:24 - 2011-08-23 22:42 - 12397386 _____ () C:\windows\system32\perfh007.dat

2015-01-08 22:24 - 2011-08-23 22:42 - 03933422 _____ () C:\windows\system32\perfc007.dat

2015-01-08 22:24 - 2009-07-14 06:13 - 00006308 _____ () C:\windows\system32\PerfStringBackup.INI

2015-01-08 22:20 - 2013-06-05 17:23 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2015-01-08 22:20 - 2011-08-25 10:49 - 03163115 ____C () C:\FaceProv.log

2015-01-08 22:20 - 2011-08-25 10:43 - 00419072 _____ () C:\windows\system32\TPHDLOG0.LOG

2015-01-07 22:50 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-07 22:50 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-07 22:41 - 2011-12-16 17:38 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

2015-01-07 22:41 - 2011-12-16 17:36 - 00000000 ____D () C:\ProgramData\Adobe

2015-01-07 22:28 - 2011-08-25 10:43 - 03420864 _____ () C:\windows\system32\TPAPSLOG.LOG

2015-01-07 17:31 - 2011-08-25 10:51 - 00227544 _____ () C:\windows\system32\fastboot.set

2015-01-07 17:30 - 2013-04-30 13:49 - 00581000 _____ () C:\windows\PFRO.log

2015-01-07 17:30 - 2013-04-22 22:43 - 00068072 _____ () C:\windows\setupact.log

2015-01-07 17:30 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2015-01-07 01:00 - 2011-08-25 10:43 - 00000000 ____D () C:\ProgramData\Temp

2015-01-07 00:32 - 2012-06-27 13:45 - 00000000 ____D () C:\ProgramData\MFAData

2015-01-07 00:17 - 2013-06-05 17:23 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2015-01-07 00:17 - 2012-06-07 16:44 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2015-01-07 00:17 - 2012-01-22 22:59 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-07 00:08 - 2011-10-25 17:39 - 00088968 _____ () C:\Users\dieserRechner\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-07 00:08 - 2011-08-25 10:35 - 00000000 ____D () C:\ProgramData\McAfee

2015-01-07 00:07 - 2011-10-25 17:47 - 00000000 ____D () C:\Users\dieserRechner\AppData\Local\Google

2015-01-07 00:07 - 2011-08-25 11:00 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-07 00:00 - 2014-10-30 01:54 - 00000000 ____D () C:\windows\ERUNT

2015-01-06 23:55 - 2014-10-22 22:16 - 00000000 ____D () C:\windows\erdnt

2015-01-06 14:19 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache

2015-01-06 13:15 - 2009-07-14 05:45 - 00337808 _____ () C:\windows\system32\FNTCACHE.DAT

2015-01-06 13:13 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions

2015-01-05 23:36 - 2011-10-25 20:38 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-01-05 23:32 - 2013-08-15 02:02 - 00000000 ____D () C:\windows\system32\MRT

2015-01-05 22:50 - 2012-11-27 04:36 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-01-05 22:30 - 2014-04-25 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer

2015-01-05 22:28 - 2010-02-22 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2015-01-05 22:19 - 2011-10-25 18:22 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-05 22:19 - 2011-10-25 18:22 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-05 22:18 - 2014-05-19 16:44 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2015-01-05 22:15 - 2009-07-14 04:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy

2015-01-05 22:10 - 2011-12-16 17:40 - 00000000 ____D () C:\Users\dieserRechner\AppData\Local\Adobe

2015-01-05 22:03 - 2012-02-04 17:13 - 00000000 ____D () C:\Program Files (x86)\Java
 

Some content of TEMP:

====================

C:\Users\dieserRechner\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-06 14:11
 

==================== End Of Log ============================

--- --- ---

Wieso habe ich jetzt immernoch/schon wieder malware?

Lieber Gruß