Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hohe Pc auslastung(ram) ohne Programme geöffnet zu haben (https://www.trojaner-board.de/162274-hohe-pc-auslastung-ram-ohne-programme-geoeffnet-haben.html)

Nicola. 29.12.2014 22:32
Hohe Pc auslastung(ram) ohne Programme geöffnet zu haben
 
Guten Tag ,
Ich gebe es zu, wollte so schlau sein und mir Programme kostenlos besorgen...(Alles ausnahmslos gelöscht,soweit es mir möglich war). Beim installieren usw. kam mir nichts komisch vor aber nach dem deinstallieren ist die auslastung meines pc`s unnormal hoch. cpu ist meistens auf 10% und ram meistens über 35% laut taskmanager. Ohne Programme ofefn zu haben.
Außerdem sind 71! Prozesse offen was mir sehr komisch erscheint.
Habe alle scans nach anweisung gemacht. Avira findet keine schadprogramme was ja nichts heißen muss anscheinend.

Hoffe mir kann jemand helfen .

Gruß Nicola

cosinus 29.12.2014 22:34
Hi und :hallo:

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Nicola. 29.12.2014 22:38
danke für die schnelle antwort ,

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-29 22:20:17
Windows 6.1.7600 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Nicola\AppData\Local\Temp\kwriqpog.sys


---- System - GMER 2.1 ----

SSDT            BFD19896                                  ZwCreateSection
SSDT            BFD198A0                                  ZwRequestWaitReplyPort
SSDT            BFD1989B                                  ZwSetContextThread
SSDT            BFD198A5                                  ZwSetSecurityObject
SSDT            BFD198AA                                  ZwSystemDebugControl
SSDT            BFD19837                                  ZwTerminateProcess

INT 0x51        ?                                        B214C558
INT 0x61        ?                                        B41BC7D8
INT 0x71        ?                                        B41BCA58
INT 0x72        ?                                        B214C058
INT 0x82        ?                                        B41BCCD8
INT 0x92        ?                                        B214CA58
INT 0xA0        ?                                        B41BC558
INT 0xB1        ?                                        B214CCD8
INT 0xB2        ?                                        B214C7D8

---- Kernel code sections - GMER 2.1 ----

.text          ntkrlICE.exe!ZwSaveKeyEx + 13AD          E3A51599 1 Byte  [06]
.text          ntkrlICE.exe!KiDispatchInterrupt + 5A2    E3A75F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrlICE.exe!RtlSidHashLookup + 340      E3A7D850 4 Bytes  [96, 98, D1, BF]
.text          ntkrlICE.exe!RtlSidHashLookup + 69C      E3A7DBAC 4 Bytes  [A0, 98, D1, BF]
.text          ntkrlICE.exe!RtlSidHashLookup + 6E0      E3A7DBF0 4 Bytes  [9B, 98, D1, BF]
.text          ntkrlICE.exe!RtlSidHashLookup + 75C      E3A7DC6C 4 Bytes  [A5, 98, D1, BF]
.text          ntkrlICE.exe!RtlSidHashLookup + 7B0      E3A7DCC0 4 Bytes  [AA, 98, D1, BF]
.text          ...                                     
.text          C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0xC6404000, 0x2BFBF0, 0xE8000020]
?              system32\DRIVERS\GEARAspiWDM.sys          Das System kann den angegebenen Pfad nicht finden. !

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                    unknown MBR code

---- EOF - GMER 2.1 ----
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Nicola (administrator) on NICOLASPC on 29-12-2014 21:59:40
Running from C:\Users\Nicola\Desktop
Loaded Profiles: Nicola & Anja & Master JTB & DerChef (Available profiles: Nicola & Anja & Master JTB & DerChef)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(hxxp://libusb-win32.sourceforge.net) C:\Windows\System32\libusbd-nt.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2009-12-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\MountPoints2: {20304b84-716c-11e4-b731-002220098197} - Z:\sources\sperr32.exe x64
HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\MountPoints2: {320aaf65-6007-11e4-b561-002220098197} - V:\autorun.exe
HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\MountPoints2: {35b7d565-60d8-11e4-817e-002220098197} - Z:\autorun.exe
HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\MountPoints2: {640892d5-aff1-11e1-8d8d-00222009a622} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\MountPoints2: {85bf2114-3917-11e4-a6b6-002220098197} - F:\autorun.exe
HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\MountPoints2: {9fb5f549-9a2d-11e2-bbdd-002220098197} - F:\setup.exe
HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\MountPoints2: {aceae3d1-aaa3-11e3-9274-002220098197} - F:\setup_postal_2_complete.exe
HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\MountPoints2: {db131159-4962-11e4-9fb4-002220098197} - F:\autorun.exe
HKU\S-1-5-21-475739983-909637174-1650467225-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-475739983-909637174-1650467225-1001\...\MountPoints2: {9fb5f549-9a2d-11e2-bbdd-002220098197} - F:\setup.exe
HKU\S-1-5-21-475739983-909637174-1650467225-1001\...\MountPoints2: {db131159-4962-11e4-9fb4-002220098197} - F:\autorun.exe
HKU\S-1-5-21-475739983-909637174-1650467225-1002\...\MountPoints2: {f10d6895-d4d1-11e0-814d-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-475739983-909637174-1650467225-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-475739983-909637174-1650467225-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKU\S-1-5-21-475739983-909637174-1650467225-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-475739983-909637174-1650467225-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-21-475739983-909637174-1650467225-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-475739983-909637174-1650467225-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKU\S-1-5-21-475739983-909637174-1650467225-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-475739983-909637174-1650467225-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-475739983-909637174-1650467225-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKU\S-1-5-21-475739983-909637174-1650467225-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-475739983-909637174-1650467225-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-21-475739983-909637174-1650467225-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-475739983-909637174-1650467225-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKU\S-1-5-21-475739983-909637174-1650467225-1005\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: HKU\S-1-5-21-475739983-909637174-1650467225-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-475739983-909637174-1650467225-1000 -> {3910A343-9F4E-49BB-98E1-AFEDFE16A9F5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-475739983-909637174-1650467225-1000 -> {F0854AE1-377E-4A6D-B187-1DF8761497CD} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=3F414F19-DA8D-4BA0-8C7A-DBAD885039A6&apn_sauid=D1A71173-86DB-4DA6-BF36-4AF6AA1CDCFD
SearchScopes: HKU\S-1-5-21-475739983-909637174-1650467225-1001 -> {57129540-9A9E-4B4B-A2E0-984AE3EDF03B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-475739983-909637174-1650467225-1002 -> {5E0869AE-9A4F-452E-8386-243848C1BEA7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-475739983-909637174-1650467225-1002 -> {E527E428-C0F2-4EA8-A8BE-BACEBCCC90A6} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=3F414F19-DA8D-4BA0-8C7A-DBAD885039A6&apn_sauid=D1A71173-86DB-4DA6-BF36-4AF6AA1CDCFD
SearchScopes: HKU\S-1-5-21-475739983-909637174-1650467225-1005 -> {D75C4C35-8F69-4ECF-A198-3BB3ACE31C8C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-475739983-909637174-1650467225-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-475739983-909637174-1650467225-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-475739983-909637174-1650467225-1001 -> No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
Toolbar: HKU\S-1-5-21-475739983-909637174-1650467225-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-475739983-909637174-1650467225-1002 -> No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\8mik79mc.default
FF NetworkProxy: "backup.ftp", "119.235.21.14"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "119.235.21.14"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "119.235.21.14"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "119.235.21.14"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "119.235.21.14"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "119.235.21.14"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "119.235.21.14"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type",
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-475739983-909637174-1650467225-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF user.js: detected! => C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\8mik79mc.default\user.js
FF Extension: Avira Browser Safety - C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\8mik79mc.default\Extensions\abs@avira.com [2014-10-12]
FF Extension: Amazon-Icon - C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\8mik79mc.default\Extensions\amazon-icon@giga.de [2014-09-09]
FF Extension: iMacros for Firefox - C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\8mik79mc.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-05-28]
FF Extension: DownloadHelper - C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\8mik79mc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-09]
FF Extension: User Agent RG - C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\8mik79mc.default\Extensions\useragentrg@mozilla.org.xpi [2014-07-02]
FF Extension: Adblock Plus - C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\8mik79mc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-28]
FF Extension: User Agent Switcher - C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\8mik79mc.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-07-02]
FF Extension: Adblock Edge - C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\8mik79mc.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-17]
FF HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
FF HKU\S-1-5-21-475739983-909637174-1650467225-1002\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF HKU\S-1-5-21-475739983-909637174-1650467225-1002\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Delta Toolbar) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\DeltaChromeToolbar.dll No File
CHR Plugin: (BrowserProtect) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05]
CHR Extension: (Web Assistant) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-07-22]
CHR Extension: (Avira Browserschutz) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-12]
CHR Extension: (AdBlock) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-19]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87992 2012-09-07] (Nero AG)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-23] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [115808 2011-06-19] (SysProgs.org)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [33024 2013-05-05] (Scarlet.Crush Productions)
S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-09-24] (Avira GmbH)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [X]
S1 sjbodtli; \??\C:\Windows\system32\drivers\sjbodtli.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 XDva390; \??\C:\Windows\system32\XDva390.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [X]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [X]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [X]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [X]
S3 XDva415; \??\C:\Windows\system32\XDva415.sys [X]
S3 XDva421; \??\C:\Windows\system32\XDva421.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:59 - 2014-12-29 22:00 - 00025200 _____ () C:\Users\Nicola\Desktop\FRST.txt
2014-12-29 21:59 - 2014-12-29 21:59 - 00000000 ____D () C:\FRST
2014-12-29 21:58 - 2014-12-29 21:58 - 01114624 _____ (Farbar) C:\Users\Nicola\Downloads\FRST.exe
2014-12-29 21:58 - 2014-12-29 21:58 - 01114624 _____ (Farbar) C:\Users\Nicola\Desktop\FRST.exe
2014-12-29 21:56 - 2014-12-29 21:56 - 00000474 _____ () C:\Users\Nicola\Downloads\defogger_disable.log
2014-12-29 21:56 - 2014-12-29 21:56 - 00000000 _____ () C:\Users\Nicola\defogger_reenable
2014-12-29 21:55 - 2014-12-29 21:55 - 00050477 _____ () C:\Users\Nicola\Downloads\Defogger.exe
2014-12-29 21:37 - 2014-12-29 21:38 - 27806772 _____ () C:\Users\Nicola\Downloads\detekt.exe
2014-12-29 20:57 - 2014-12-29 20:57 - 00000020 _____ () C:\Windows\´ú‰
2014-12-27 08:27 - 2014-12-27 08:27 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-27 08:27 - 2014-12-27 08:27 - 00000000 ___RD () C:\Program Files\Skype
2014-12-27 08:27 - 2014-12-27 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-27 08:27 - 2014-12-27 08:27 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-12-26 15:48 - 2014-12-26 15:48 - 00000000 ____D () C:\Users\Nicola\AppData\Local\FLT
2014-12-26 15:47 - 2014-12-26 15:47 - 00001841 _____ () C:\Users\Nicola\Desktop\Don't Starve v1.86492.lnk
2014-12-26 15:47 - 2014-12-26 15:47 - 00001841 _____ () C:\Users\Master JTB\Desktop\Don't Starve v1.86492.lnk
2014-12-26 15:47 - 2014-12-26 15:47 - 00001841 _____ () C:\Users\DerChef\Desktop\Don't Starve v1.86492.lnk
2014-12-26 15:47 - 2014-12-26 15:47 - 00001841 _____ () C:\Users\Anja\Desktop\Don't Starve v1.86492.lnk
2014-12-21 06:36 - 2014-12-21 06:36 - 00001115 _____ () C:\ProgramData\hpzinstall.log
2014-12-09 16:23 - 2014-12-09 16:23 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-30 02:04 - 2014-12-25 06:14 - 00001782 _____ () C:\Windows\Sandboxie.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:56 - 2011-09-01 20:45 - 00000000 ____D () C:\Users\Nicola
2014-12-29 21:54 - 2011-09-01 20:44 - 01219792 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 21:53 - 2011-10-22 17:23 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-29 21:41 - 2013-07-19 22:07 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 21:39 - 2012-05-01 12:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 21:24 - 2014-04-20 19:11 - 00000000 ____D () C:\Games
2014-12-29 21:20 - 2011-09-01 20:47 - 00000000 ____D () C:\Users\Nicola\Desktop\ordner
2014-12-29 21:03 - 2013-01-02 15:29 - 00000000 ____D () C:\Users\Nicola\AppData\Local\TeamSpeak 3 Client
2014-12-29 21:00 - 2010-01-20 16:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-29 20:57 - 2010-01-21 04:13 - 00000000 ____D () C:\Program Files\Windows Live
2014-12-29 20:56 - 2010-01-21 04:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-12-29 20:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-29 20:52 - 2014-05-08 20:13 - 00000000 ____D () C:\Program Files\Midway Games
2014-12-29 20:51 - 2014-04-12 06:17 - 00000256 _____ () C:\Windows\Wininit.ini
2014-12-29 20:51 - 2014-04-12 01:01 - 00000000 ____D () C:\Windows\uninstall
2014-12-29 20:50 - 2014-05-01 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-12-29 20:46 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-29 20:45 - 2014-03-12 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-12-29 20:42 - 2013-09-21 20:58 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-12-29 20:42 - 2013-09-21 20:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-29 20:34 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 20:34 - 2009-07-14 05:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 20:31 - 2013-07-19 22:07 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 20:25 - 2014-03-26 10:22 - 00051991 _____ () C:\Windows\setupact.log
2014-12-29 20:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 19:49 - 2014-01-13 10:44 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-475739983-909637174-1650467225-1000UA.job
2014-12-29 18:26 - 2011-10-03 17:46 - 00000000 ____D () C:\Users\Nicola\AppData\Roaming\Skype
2014-12-29 10:49 - 2014-01-13 10:44 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-475739983-909637174-1650467225-1000Core.job
2014-12-29 09:02 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-27 08:27 - 2011-09-23 16:45 - 00000000 ____D () C:\ProgramData\Skype
2014-12-27 07:38 - 2010-01-20 13:49 - 01621306 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 06:38 - 2014-03-26 10:22 - 01338306 _____ () C:\Windows\PFRO.log
2014-12-21 06:38 - 2009-07-14 05:33 - 00425480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-21 06:33 - 2014-10-13 19:09 - 00000000 ____D () C:\Users\Nicola\AppData\Local\Glyph
2014-12-21 06:33 - 2014-10-13 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-21 06:32 - 2014-06-13 18:09 - 00000000 ____D () C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-12-21 06:24 - 2011-10-26 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
2014-12-21 06:20 - 2014-11-05 20:59 - 00000000 ____D () C:\Windows\CryptoGuard
2014-12-21 06:18 - 2014-05-12 12:29 - 00117928 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-12-21 06:08 - 2014-01-23 11:52 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-12-21 05:47 - 2014-09-09 22:51 - 00000000 ____D () C:\Users\Nicola\AppData\Roaming\uTorrent
2014-12-14 20:51 - 2010-01-21 04:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 03:03 - 2013-06-24 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-10 15:21 - 2013-06-23 22:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 03:17 - 2013-07-17 09:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:03 - 2010-01-21 04:23 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 01:39 - 2012-05-01 12:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 01:39 - 2011-09-10 12:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 16:23 - 2014-10-12 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-09 16:23 - 2014-10-12 12:41 - 00000000 ____D () C:\Program Files\Avira
2014-12-09 16:23 - 2013-07-21 15:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-02 20:50 - 2014-01-23 11:52 - 00000000 ____D () C:\Users\Nicola\AppData\Local\Battle.net

Some content of TEMP:
====================
C:\Users\Anja\AppData\Local\Temp\AskSLib.dll
C:\Users\Anja\AppData\Local\Temp\avgnt.exe
C:\Users\Anja\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Anja\AppData\Local\Temp\MotoCast_Installer_2.0031.exe
C:\Users\Anja\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Anja\AppData\Local\Temp\update-0.9.exe
C:\Users\DerChef\AppData\Local\Temp\AskSLib.dll
C:\Users\DerChef\AppData\Local\Temp\avgnt.exe
C:\Users\Master JTB\AppData\Local\Temp\AskSLib.dll
C:\Users\Master JTB\AppData\Local\Temp\avgnt.exe
C:\Users\Master JTB\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Nicola\AppData\Local\Temp\13-9-legacy_vista_win7_32_dd_ccc_whql.exe
C:\Users\Nicola\AppData\Local\Temp\amazonicon_v10.exe
C:\Users\Nicola\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Nicola\AppData\Local\Temp\aoe3trial.exe
C:\Users\Nicola\AppData\Local\Temp\AstroburnLite180-0182.exe
C:\Users\Nicola\AppData\Local\Temp\avgnt.exe
C:\Users\Nicola\AppData\Local\Temp\bdfilters.dll
C:\Users\Nicola\AppData\Local\Temp\bitool.dll
C:\Users\Nicola\AppData\Local\Temp\CloudBackup4383.exe
C:\Users\Nicola\AppData\Local\Temp\DRPCUNLR.dll
C:\Users\Nicola\AppData\Local\Temp\HitmanPro.exe
C:\Users\Nicola\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Nicola\AppData\Local\Temp\Quarantine.exe
C:\Users\Nicola\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Nicola\AppData\Local\Temp\sdapskill.exe
C:\Users\Nicola\AppData\Local\Temp\sdaspwn.exe
C:\Users\Nicola\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nicola\AppData\Local\Temp\Uninst.exe
C:\Users\Nicola\AppData\Local\Temp\Uninstall.exe
C:\Users\Nicola\AppData\Local\Temp\wcduninst.exe
C:\Users\Nicola\AppData\Local\Temp\_is16B4.exe
C:\Users\Nicola\AppData\Local\Temp\_is9748.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-12-25 19:43

==================== End Of Log ============================
--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-12-2014
Ran by Nicola at 2014-12-29 22:00:51
Running from C:\Users\Nicola\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
B110 (Version: 140.0.283.000 - Hewlett-Packard) Hidden
Battlefield Heroes (HKU\S-1-5-21-475739983-909637174-1650467225-1000\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LibUSB-Win32-0.1.10.1 (HKLM\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32)
Livestreamer 1.10.2 (HKLM\...\Livestreamer) (Version:  - )
Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires II: The Conquerors Expansion (HKLM\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotoCast (HKLM\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (Version: 1.9.0002.0 - Motorola) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA PhysX (HKLM\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PS_AIO_07_B110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden
Python 3.3.2 (HKLM\...\{92389DE9-939E-341B-A076-1D52D7DBCA71}) (Version: 3.3.2150 - Python Software Foundation)
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6010 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0129 - REALTEK Semiconductor Corp.)
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

29-12-2014 20:38:40 Removed iTunes
29-12-2014 20:46:08 Removed Microsoft Games for Windows Marketplace
29-12-2014 20:47:46 Removed Microsoft Games for Windows - LIVE Redistributable
29-12-2014 20:48:58 Removed Microsoft XNA Framework Redistributable 4.0
29-12-2014 20:51:41 Entfernt Rise and Fall
29-12-2014 20:58:15 Removed Rome - Total War(TM)
29-12-2014 21:00:01 Entfernt Rome Total War - patch 1.3
29-12-2014 21:11:10 Removed Windows Live ID Sign-in Assistant

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {001C4669-CDCC-4E70-92DC-BC7235855A40} - System32\Tasks\{07B889CA-F6E4-4C87-BBB8-D01A9964D557} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120.259&amp;LastError=12002
Task: {1D996303-A3F9-43F6-9E05-7223DF1B5F8F} - System32\Tasks\{91616048-2F2F-45F7-8F71-E66C23C8D56A} => pcalua.exe -a "C:\Program Files\RocketDock\unins000.exe"
Task: {29C5C50B-E09E-4BB4-AFBF-EEE47AA173D9} - System32\Tasks\{21C33A42-6298-4F6D-85BD-5C63427BF177} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120.259&amp;LastError=12002
Task: {2DC8C30E-7309-4C44-8998-4F9C8014B073} - System32\Tasks\{DE9BA82A-43DF-445A-9EB2-D063FA265900} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120.259&amp;LastError=12002
Task: {2EDE6A1C-0393-45FF-A0BF-19E6337483CD} - System32\Tasks\{A67B49FA-5615-4169-9754-27EF56C46A5B} => pcalua.exe -a C:\Windows\unasetup.exe
Task: {539A42C7-1EAE-4082-9EA3-B168A6B9E1A5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-475739983-909637174-1650467225-1000UA => C:\Users\Nicola\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {56377ABB-A01A-46FF-A852-8158FF49A80C} - System32\Tasks\{BF7255DF-6DAF-42C8-8BC0-16D95AB685FD} => C:\Program Files\GamersFirst\APB Reloaded\Launcher\APBLauncher.exe
Task: {69FA6CE0-242F-4FB5-B12C-831E69D248EC} - System32\Tasks\MotoCast Update => C:\Program Files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe
Task: {6EE2B83D-9A04-4F50-8D2D-A088033B588C} - System32\Tasks\{18DFCB6A-FE14-4354-928C-430F506A34B9} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/go/help.faq.installer?LastError=1641
Task: {80236A9B-E401-4B5A-B09E-249ABAC8758D} - System32\Tasks\{1FB253B9-30C9-4165-802A-F88BAAF9BBD1} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=12002
Task: {8D8E130D-DA45-4BB6-8416-D6873118EA63} - System32\Tasks\{CB4AABEB-C271-4254-B9E4-4326726FD69C} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.120.259/de/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=12007&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {8F5388CA-C70F-4CFB-871B-082DBD84879C} - System32\Tasks\{95E1CE44-A698-478D-86AF-4EB98B45D925} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/abandoninstall?page=tsMain
Task: {95509A31-E182-435B-BF04-4EBB68AF9B99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-19] (Google Inc.)
Task: {959907FE-E12C-4269-9739-D2A67955A681} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {A9EDE944-5401-4B4D-B524-9AA304E5D996} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {AC5FAFE1-216F-4873-AE4F-530EFDC3DDFF} - System32\Tasks\{1D10F69E-9437-4FBE-8A1F-2706C4DC67D3} => pcalua.exe -a C:\Users\Nicola\Downloads\dxwebsetup(1).exe -d "C:\Program Files\Mozilla Firefox"
Task: {B0E3EE33-FDDA-4E4D-93E8-863606DA540D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-475739983-909637174-1650467225-1000Core => C:\Users\Nicola\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {C1966C96-7635-4D31-B579-716B621646A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-19] (Google Inc.)
Task: {CDDEB4EA-D048-446B-A826-8F2D6A8EF69C} - System32\Tasks\{A155A322-8A2F-4CDE-B397-863B1C53D773} => pcalua.exe -a "C:\Program Files\EA Games\Battlefield Heroes\uninstaller.exe" -c "C:\Program Files\EA Games\Battlefield Heroes\Uninstall.xml"
Task: {F858F6F8-6046-48DE-8877-7F5B0E156FFE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FCD49877-C4C3-466D-87C4-E523096FE5E9} - System32\Tasks\{8BBB9DB6-CFD5-45A1-A378-E57B88BE0848} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.120.259/de/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=12002&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-475739983-909637174-1650467225-1000Core.job => C:\Users\Nicola\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-475739983-909637174-1650467225-1000UA.job => C:\Users\Nicola\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-07 21:35 - 2012-09-07 21:35 - 00128960 _____ () C:\Program Files\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00024496 _____ () C:\Program Files\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 21:37 - 2012-09-07 21:37 - 00466256 _____ () C:\Program Files\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00045992 _____ () C:\Program Files\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00034752 _____ () C:\Program Files\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2014-06-13 18:25 - 2014-11-23 16:28 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2010-01-22 04:12 - 2009-10-02 13:18 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-03-04 11:54 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files\RocketDock\RocketDock.dll
2012-03-04 11:54 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files\RocketDock\RocketDock.exe
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-12 06:44 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 06:44 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 06:44 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 06:44 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 06:44 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\startupfolder: C:^Users^Nicola^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Nicola^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Nicola^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk => C:\Windows\pss\PowerMenu.lnk.Startup
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

========================= Accounts: ==========================

Administrator (S-1-5-21-475739983-909637174-1650467225-500 - Administrator - Disabled)
Anja (S-1-5-21-475739983-909637174-1650467225-1001 - Administrator - Enabled) => C:\Users\Anja
DerChef (S-1-5-21-475739983-909637174-1650467225-1005 - Administrator - Enabled) => C:\Users\DerChef
Gast (S-1-5-21-475739983-909637174-1650467225-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-475739983-909637174-1650467225-1004 - Limited - Enabled)
Master JTB (S-1-5-21-475739983-909637174-1650467225-1002 - Limited - Enabled) => C:\Users\Master JTB
Nicola (S-1-5-21-475739983-909637174-1650467225-1000 - Administrator - Enabled) => C:\Users\Nicola

==================== Faulty Device Manager Devices =============

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 09:44:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/29/2014 09:11:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/29/2014 09:00:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/29/2014 08:58:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/29/2014 08:51:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/29/2014 08:48:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/29/2014 08:47:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/29/2014 08:46:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/28/2014 02:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_upnphost, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0013ad65
ID des fehlerhaften Prozesses: 0xab0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_upnphost0
Pfad der fehlerhaften Anwendung: svchost.exe_upnphost1
Pfad des fehlerhaften Moduls: svchost.exe_upnphost2
Berichtskennung: svchost.exe_upnphost3

Error: (12/25/2014 07:47:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (12/29/2014 09:53:52 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.86192.168.137.0255.255.255.0

Error: (12/29/2014 09:53:49 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.46192.168.137.0255.255.255.0

Error: (12/29/2014 09:53:47 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/29/2014 08:43:56 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.46192.168.137.0255.255.255.0

Error: (12/29/2014 08:43:47 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/29/2014 08:27:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/29/2014 08:27:05 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.86192.168.137.0255.255.255.0

Error: (12/29/2014 08:27:05 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (12/29/2014 08:27:01 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/29/2014 08:25:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎29.‎12.‎2014 um 20:23:04 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (12/29/2014 09:44:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Users\Nicola\AppData\Local\Temp\_MEI32122\detekt.exe.manifest

Error: (12/29/2014 09:11:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/29/2014 09:00:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/29/2014 08:58:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/29/2014 08:51:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/29/2014 08:48:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/29/2014 08:47:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/29/2014 08:46:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/28/2014 02:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_upnphost6.1.7600.163854a5bc100ole32.dll6.1.7601.175144ce7b96fc00000050013ad65ab001d02279e780fa6dC:\Windows\system32\svchost.exeC:\Windows\system32\ole32.dll848c8b8e-8e95-11e4-9621-002220098197

Error: (12/25/2014 07:47:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\WinCDEmu\vmnt64.exe


CodeIntegrity Errors:
===================================
  Date: 2014-12-21 05:36:11.262
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-21 05:14:33.473
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 19:34:48.652
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 18:52:41.293
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 08:41:31.127
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-19 15:15:03.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-19 01:33:52.444
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-19 01:13:29.721
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-19 00:10:29.292
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-18 22:11:16.464
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 59%
Total physical RAM: 4084.56 MB
Available physical RAM: 1638.71 MB
Total Pagefile: 8167.4 MB
Available Pagefile: 5763.63 MB
Total Virtual: 2799.88 MB
Available Virtual: 2639.52 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:361.02 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:31.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F98D6E74)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

cosinus 29.12.2014 22:42
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Nicola. 29.12.2014 23:17
Code:
ComboFix 14-12-25.01 - Nicola 29.12.2014  22:50:20.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7600.1.1252.49.1031.18.4085.2233 [GMT 1:00]
ausgeführt von:: c:\users\Nicola\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1397309183.bdinstall.bin
c:\programdata\1413111975.bdinstall.bin
c:\programdata\1413112294.bdinstall.bin
c:\programdata\1413115757.bdinstall.bin
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\DerChef\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Master JTB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
c:\users\Master JTB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal
c:\users\Master JTB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage
c:\users\Master JTB\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
c:\users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage
c:\users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Nicola\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Nicola\AppData\Roaming\Ezopax
c:\users\Nicola\AppData\Roaming\Ezopax\ukrut.yvn
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-11-28 bis 2014-12-29  ))))))))))))))))))))))))))))))
.
.
2014-12-29 22:06 . 2014-12-29 22:06        8782        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2014-12-29 22:06 . 2014-12-29 22:06        7271        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2014-12-29 22:06 . 2014-12-29 22:06        51852        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2014-12-29 22:06 . 2014-12-29 22:06        23327        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2014-12-29 22:06 . 2014-12-29 22:06        20719        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2014-12-29 22:01 . 2014-12-29 22:01        --------        d-----w-        c:\users\Master JTB\AppData\Local\temp
2014-12-29 22:01 . 2014-12-29 22:01        --------        d-----w-        c:\users\DerChef\AppData\Local\temp
2014-12-29 22:01 . 2014-12-29 22:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-12-29 22:01 . 2014-12-29 22:01        --------        d-----w-        c:\users\Anja\AppData\Local\temp
2014-12-29 22:01 . 2014-12-29 22:08        --------        d-----w-        c:\users\Nicola\AppData\Local\temp
2014-12-29 20:59 . 2014-12-29 21:02        --------        d-----w-        C:\FRST
2014-12-27 07:27 . 2014-12-27 07:27        --------        d-----w-        c:\program files\Common Files\Skype
2014-12-27 07:27 . 2014-12-27 07:27        --------        d-----r-        c:\program files\Skype
2014-12-26 14:48 . 2014-12-26 14:48        --------        d-----w-        c:\users\Nicola\AppData\Local\FLT
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 00:39 . 2012-05-01 11:40        701104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-12-10 00:39 . 2011-09-10 11:53        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-23 15:28 . 2014-11-23 15:28        139904        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2014-11-23 15:28 . 2014-06-13 17:25        76152        ----a-w-        c:\windows\system32\PnkBstrA.exe
2014-11-23 15:28 . 2013-12-13 14:13        347464        ----a-w-        c:\windows\system32\PnkBstrB.exe
2014-11-23 15:28 . 2011-12-18 15:07        347464        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2014-10-14 11:35 . 2014-10-14 11:36        37384        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-10-11 12:48 . 2014-11-13 15:14        745608        ----a-w-        c:\windows\system32\drivers\VBoxDrv.sys
2014-10-11 12:46 . 2014-11-13 15:14        105472        ----a-w-        c:\windows\system32\drivers\VBoxUSBMon.sys
2014-10-11 12:46 . 2014-10-11 12:46        175976        ------w-        c:\windows\system32\VBoxNetFltNobj.dll
2014-10-11 12:46 . 2014-10-11 12:46        117272        ----a-w-        c:\windows\system32\drivers\VBoxNetAdp.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-22 8120864]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2009-12-22 678432]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-14 1549608]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Nicola^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Nicola^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Nicola^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
path=c:\users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
backup=c:\windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 10:20        30877280        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 sjbodtli;sjbodtli;c:\windows\system32\drivers\sjbodtli.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-06-19 115808]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 174592]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-10-11 117272]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x]
R3 XDva398;XDva398;c:\windows\system32\XDva398.sys [x]
R3 XDva399;XDva399;c:\windows\system32\XDva399.sys [x]
R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
R3 XDva404;XDva404;c:\windows\system32\XDva404.sys [x]
R3 XDva415;XDva415;c:\windows\system32\XDva415.sys [x]
R3 XDva421;XDva421;c:\windows\system32\XDva421.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-12-16 992560]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-09-24 37352]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-12-16 431920]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-11-20 166192]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2012-09-07 87992]
S2 Ds3Service;SCP DS3 Service;c:\program files\Scarlet.Crush Productions\bin\ScpService.exe [2013-05-05 388352]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys [2013-05-05 33024]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService        REG_MULTI_SZ          HPSLPSVC
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 05:42        1087816        ----a-w-        c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 00:39]
.
2014-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-19 21:07]
.
2014-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-19 21:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\Nicola\AppData\Local\Temp\ie_script.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe
MSConfigStartUp-DAEMON Tools Ultra Agent - c:\program files\DAEMON Tools Ultra\DTAgent.exe
MSConfigStartUp-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-Livestreamer - c:\program files\Livestreamer\uninstall-livestreamer.exe
AddRemove-{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} - c:\program files\EA Games\Battlefield Heroes\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1064)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-29  23:15:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-12-29 22:15
.
Vor Suchlauf: 10 Verzeichnis(se), 387.867.586.560 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 392.857.567.232 Bytes frei
.
- - End Of File - - 724482A0A978775D9204CDE75AB7E9E0
4624822E540EC83CD0819525C65846BA
beim neustart kam die fehlermeldung die sie geschrieben haben. läuft aber nun alles wieder

cosinus 29.12.2014 23:26
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Alle Zeitangaben in WEZ +1. Es ist jetzt 03:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19