Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "Binkiland" Virus... (https://www.trojaner-board.de/164351-binkiland-virus.html)

Alpinist 23.02.2015 03:55
"Binkiland" Virus...
 
Hallo,

ich wollte mir ein Videoschneidprogramm herunterladen.

Die habe ich über software.net

hxxp://www.soft-ware.net/downloads/video-bearbeitung-programm

Ich habe den Videopad Edirot (mit dem gelben Stern), da ich den früher einmal hatte.

Seit ich diesen installiert hat sich binkiland breit gemacht, in der Suchmaschine in den Brwosern.
Ausserdem kann ich derzeit keine Ordner (weder Papierkorb noch C: Programme öffnen).

Alles lädt ewig aber es passiert nichts.

Antimalwarebyte hat schon 7 Funde.

Was kann ich tun?

Vielen Dank für die Hilfe,

Grüsse Philipp

----------------------------

Entschuldige, dass ich hier nochmals antworte, ich wollte nur kurz mal noch den neuesten Stand durchgeben:

Ich habe Antimalwarebytes und den Adw-cleaner durchlaufen lassen, der einiges entfernt hatte (auch Rest von Foxydeal).

Auf Rat meines Mitbewohners habe ich noch "HitmanPro" installiert und ebenfalls durchlaufen lassen.

Jetzt läuft noch der Virenscanner (er hat schon 1 Bedrohung entdeckt).
Ordner etc. lassen sich mittlerweile wieder öffnen.

Vielen Dank schonmal für die grosszügige Hilfe!

PS: Bitte nicht böse sein, dass ich hier antworte, ich möchte keinen Stress machen. :kaffee:

Da ich vor ein paar Wochen schonmal was hatte (das ist jetzt mein 2. Virus/Trojaner seit Beginn überhaupt und gleich beide in einem monat...), da ging es mit FRST und ADDITION los... wäre dies auch wieder nötig? Das folgt dann schliesslich als nächstes.

Ich unternehme ab jetzt keine eigene Schritte mehr und folge nur noch den Anweisungen hier.

Vielen Dank schonmal.

Freundliche Grüsse
Philipp

schrauber 23.02.2015 06:33
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Binkiland entfernen - so geht's - Anleitungen

Alpinist 23.02.2015 12:55
Hallo,

FRST:



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by Vista32 (administrator) on VISTA32-PC on 23-02-2015 12:47:37
Running from C:\Users\Vista32\Desktop
Loaded Profiles: Vista32 (Available profiles: Vista32)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [122880 2009-03-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-10] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-107438096-1250777658-1232194404-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173
FF Homepage: hxxp://abload.de/img/dsc04370azdyq.jpg
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-107438096-1250777658-1232194404-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: YouTube Unblocker - C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173\Extensions\youtubeunblocker@unblocker.yt [2015-02-23]
FF Extension: DownloadHelper - C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-23]
FF Extension: Adblock Plus - C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzutDtDtByEtAtA0EyCzy0EyCzz0A0C0C0BtN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEtA0BtBtBzz0BtG0DyC0ByBtGtD0DtA0EtGyCyEyDyBtGyD0D0E0CtB0DyDtCtAyBtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyEtC0A0EyDzztGyC0Fzy0DtGyEtBtDtCtGzyyC0CyEtGyD0FtAyB0EzyyD0FtB0CyByE2QtN1B2Z1V1T1S1NzuyDtByC&cr=669139260&ir=
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzutDtDtByEtAtA0EyCzy0EyCzz0A0C0C0BtN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEtA0BtBtBzz0BtG0DyC0ByBtGtD0DtA0EtGyCyEyDyBtGyD0D0E0CtB0DyDtCtAyBtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyEtC0A0EyDzztGyC0Fzy0DtGyEtBtDtCtGzyyC0CyEtGyD0FtAyB0EzyyD0FtB0CyByE2QtN1B2Z1V1T1S1NzuyDtByC&cr=669139260&ir=", "hxxp://abload.de/img/dsc04386g2u7d.jpg"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-15]
CHR Extension: (Google Docs) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-15]
CHR Extension: (Google Drive) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15]
CHR Extension: (YouTube) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-15]
CHR Extension: (Google Search) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-22]
CHR Extension: (Google Sheets) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-22]
CHR Extension: (AdBlock) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-15]
CHR Extension: (Google Mail Checker) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-10-15]
CHR Extension: (Google Wallet) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Gmail) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-10] (AVG Technologies CZ, s.r.o.)
R2 DisplayFusionService; C:\Program Files\DisplayFusion\DisplayFusionService.exe [5278064 2014-09-09] (Binary Fortress Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-10] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsl7f19ed31; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{182DF9CB-04F5-4473-9AEB-430883041359}\MpKsl7f19ed31.sys [39464 2015-02-23] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Vista32\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 12:47 - 2015-02-23 12:48 - 00015177 _____ () C:\Users\Vista32\Desktop\FRST.txt
2015-02-23 12:45 - 2015-02-23 12:45 - 01126912 _____ (Farbar) C:\Users\Vista32\Desktop\FRST.exe
2015-02-23 04:44 - 2015-02-23 04:44 - 00001529 _____ () C:\Users\Vista32\Desktop\AdwCleaner[S4].txt
2015-02-23 02:43 - 2015-02-23 02:43 - 00000000 ____D () C:\Windows\pss
2015-02-23 02:17 - 2015-02-23 02:17 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-23 02:16 - 2015-02-23 02:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-23 02:05 - 2015-02-23 02:05 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\dlg
2015-02-23 01:18 - 2015-02-23 12:47 - 00000000 ____D () C:\FRST
2015-02-23 00:56 - 2015-02-23 00:56 - 00002419 _____ () C:\Users\Vista32\tuss.vpj
2015-02-23 00:44 - 2015-02-23 00:44 - 00000000 ____D () C:\Users\Vista32\Documents\VideoPad Projects
2015-02-23 00:27 - 2015-02-23 00:57 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\NCH Software
2015-02-23 00:27 - 2015-02-23 00:27 - 00000000 ____D () C:\ProgramData\NCH Software
2015-02-23 00:27 - 2015-02-23 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-02-23 00:26 - 2015-02-23 00:26 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2015-02-23 00:25 - 2015-02-23 00:25 - 00000000 ____D () C:\Program Files\NCH Software
2015-02-23 00:17 - 2015-02-23 00:17 - 00000000 ____D () C:\Users\Vista32\AppData\Local\Setup39301129
2015-02-23 00:16 - 2015-02-23 00:19 - 00000000 ____D () C:\Users\Vista32\AppData\Local\rita
2015-02-23 00:16 - 2015-02-23 00:15 - 04156842 _____ () C:\Users\Vista32\Downloads\vppsetup [1].exe
2015-02-15 15:17 - 2015-02-23 00:00 - 00000000 ____D () C:\Users\Vista32\Desktop\desse
2015-02-12 20:01 - 2015-02-12 20:03 - 49396917 _____ () C:\Users\Vista32\Desktop\Ti_sto_-_Wasted_Official_Video.mp4
2015-02-12 18:49 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 18:49 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 03:09 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 03:08 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 03:08 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 03:04 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 03:02 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:46 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:46 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 12:46 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:46 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:46 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:46 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:46 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:46 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 12:46 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-10 16:45 - 2015-02-10 16:45 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-04 01:03 - 2015-02-23 01:51 - 00000000 ____D () C:\Users\Vista32\Desktop\611
2015-02-03 10:47 - 2015-02-03 10:47 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2015-02-01 23:17 - 2015-02-01 23:17 - 00000000 __RSH () C:\MSDOS.SYS
2015-02-01 23:17 - 2015-02-01 23:17 - 00000000 __RSH () C:\IO.SYS
2015-02-01 14:32 - 2015-02-01 14:32 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2015-02-01 14:32 - 2015-02-01 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-02-01 14:32 - 2015-02-01 14:32 - 00000000 ____D () C:\Program Files\Glarysoft
2015-02-01 14:27 - 2015-02-01 14:27 - 00001826 _____ () C:\sc-cleaner.txt
2015-02-01 13:50 - 2015-02-23 03:27 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\WinPatrol
2015-02-01 13:49 - 2015-02-01 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-02-01 13:49 - 2015-02-01 13:49 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-01 13:49 - 2015-02-01 13:49 - 00000000 ____D () C:\Program Files\Ruiware
2015-02-01 13:17 - 2015-02-23 04:52 - 00000000 ____D () C:\AdwCleaner
2015-02-01 02:37 - 2015-02-01 02:37 - 00001462 _____ () C:\DelFix.txt
2015-02-01 01:49 - 2015-02-01 02:35 - 00000000 ____D () C:\uninstall.exe
2015-02-01 00:01 - 2015-02-01 02:49 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-01 00:00 - 2015-02-01 00:05 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-01 00:00 - 2015-02-01 00:00 - 00000000 ____D () C:\Program Files\Adobe
2015-01-30 19:26 - 2015-02-01 02:37 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 13:58 - 2015-01-30 14:13 - 00000000 ____D () C:\Windows\erdnt
2015-01-30 01:16 - 2015-02-23 12:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 22:31 - 2015-01-29 22:31 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-01-29 17:26 - 2015-01-29 17:29 - 06000640 _____ () C:\Program Files\GUTFC97.tmp
2015-01-29 17:26 - 2015-01-29 17:29 - 00000000 ____D () C:\Program Files\GUMFC96.tmp
2015-01-29 16:21 - 2015-01-29 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-29 16:02 - 2015-02-23 12:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 16:00 - 2015-01-29 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 15:59 - 2015-01-29 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 15:59 - 2015-01-29 15:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-29 15:59 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 15:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 15:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 12:03 - 2015-02-06 23:17 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-25 03:06 - 2015-02-22 23:07 - 00000000 ____D () C:\Users\Vista32\Desktop\irgendwelche memos

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 12:43 - 2014-10-06 01:49 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-23 12:40 - 2014-10-06 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-23 12:35 - 2008-01-21 02:35 - 01734095 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 12:32 - 2014-09-22 21:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 12:31 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 12:31 - 2006-11-02 13:47 - 00005328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-23 12:31 - 2006-11-02 13:47 - 00005328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-23 04:55 - 2014-09-22 18:06 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-23 04:55 - 2014-09-22 10:26 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\vlc
2015-02-23 04:55 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-23 03:56 - 2014-09-22 21:42 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-23 03:29 - 2014-10-14 20:19 - 00014158 _____ () C:\Windows\PFRO.log
2015-02-23 03:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-23 01:28 - 2014-10-18 20:20 - 00004810 _____ () C:\Windows\setupact.log
2015-02-23 00:56 - 2014-02-10 11:35 - 00000000 ____D () C:\Users\Vista32
2015-02-23 00:17 - 2014-11-03 20:20 - 00000000 ____D () C:\Users\Vista32\AppData\Local\CrashDumps
2015-02-23 00:03 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 00:00 - 2015-01-20 16:51 - 00000000 ___RD () C:\Users\Vista32\Desktop\Neu
2015-02-21 00:28 - 2014-09-22 17:48 - 00000000 ___RD () C:\Users\Vista32\Desktop\Ablage
2015-02-20 23:06 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Vista32\Desktop\Bahnbilder
2015-02-12 18:21 - 2006-11-02 13:47 - 00315384 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:21 - 2014-02-10 15:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:10 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 03:08 - 2014-09-30 01:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 03:04 - 2014-02-10 14:22 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-02-12 03:04 - 2014-02-10 14:21 - 00001832 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 03:03 - 2014-02-10 14:20 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 02:42 - 2014-11-28 03:41 - 00000000 ___RD () C:\Users\Vista32\Desktop\mugg
2015-02-11 22:25 - 2014-02-10 11:35 - 00002032 _____ () C:\Users\Vista32\AppData\Local\d3d9caps.dat
2015-02-06 23:19 - 2014-09-22 23:56 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\DVDVideoSoft
2015-02-06 23:18 - 2014-09-22 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-06 23:18 - 2014-09-22 23:57 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-06 23:17 - 2014-09-22 23:57 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-06 13:16 - 2014-09-22 20:17 - 00000000 ____D () C:\Users\Vista32\AppData\Local\Adobe
2015-02-06 13:15 - 2014-10-05 22:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 13:15 - 2014-10-05 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 01:04 - 2014-09-30 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-01 02:32 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 00:04 - 2014-09-22 20:17 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\Adobe
2015-02-01 00:00 - 2014-09-22 20:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-31 00:36 - 2014-10-01 12:34 - 00022528 _____ () C:\Users\Vista32\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-30 14:16 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-30 14:16 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-29 18:53 - 2014-09-22 21:42 - 00000000 ____D () C:\Users\Vista32\AppData\Local\Google
2015-01-29 16:20 - 2014-10-14 20:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-27 11:35 - 2014-02-10 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 17:54 - 2014-10-06 14:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 03:21 - 2014-10-26 15:11 - 00000000 ____D () C:\Users\Vista32\AppData\Local\DisplayFusion

==================== Files in the root of some directories =======

2015-01-29 17:26 - 2015-01-29 17:29 - 6000640 _____ () C:\Program Files\GUTFC97.tmp
2014-02-10 11:35 - 2015-02-11 22:25 - 0002032 _____ () C:\Users\Vista32\AppData\Local\d3d9caps.dat
2014-10-01 12:34 - 2015-01-31 00:36 - 0022528 _____ () C:\Users\Vista32\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Vista32\AppData\Local\temp\0005.exe
C:\Users\Vista32\AppData\Local\temp\aacenc3.exe
C:\Users\Vista32\AppData\Local\temp\BNKStubSetup.exe
C:\Users\Vista32\AppData\Local\temp\FreeYouTubeDownload.exe
C:\Users\Vista32\AppData\Local\temp\ICReinstall_vppsetup.exe
C:\Users\Vista32\AppData\Local\temp\SpOrder.dll
C:\Users\Vista32\AppData\Local\temp\sqlite3.exe
C:\Users\Vista32\AppData\Local\temp\x264enc4.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 12:37

==================== End Of Log ============================
--- --- ---




ADDITION:


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015
Ran by Vista32 at 2015-02-23 12:49:05
Running from C:\Users\Vista32\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Absolute Uninstaller 5.3.1.19 (HKLM\...\Absolute Uninstaller) (Version: 5.3.1.19 - Glarysoft Ltd)
Adblock Plus für IE (32-Bit) (HKLM\...\{A2C33E25-4A8E-43F7-8998-BBEB690F1AB1}) (Version: 1.3 - Eyeo GmbH)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{1F07C5EC-A79E-9A66-7BE8-352E18A21CC9}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5736 - AVG Technologies)
AVG 2015 (Version: 15.0.4293 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5736 - AVG Technologies) Hidden
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{42EDF895-158C-484E-A7F2-42B90759F281}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
ccc-core-static (Version: 2009.0804.2223.38385 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
DisplayFusion 6.1.2 (HKLM\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 6.1.2.0 - Binary Fortress Software)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Easy Photo Print (HKLM\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{46CBBDF8-55B5-40DB-B459-7B848394309C}) (Version: 1.3.1.0 - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Stylus SX200_SX400_TX200_TX400 Handbuch (HKLM\...\EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch) (Version:  - )
EPSON Stylus SX400 Series Printer Uninstall (HKLM\...\EPSON Stylus SX400 Series) (Version:  - SEIKO EPSON Corporation)
Free YouTube Download version 3.2.53.128 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.53.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.53.113 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.53.113 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
ICQ 8.2 (build 7138) (HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\ICQ) (Version: 8.2.7138.0 - ICQ)
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LibreOffice 4.2.5.2 (HKLM\...\{93AD8CBD-C32E-4318-90BB-A294BE2D712C}) (Version: 4.2.5.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MM Eisenbahn-Bildschirmschoner V3 (HKLM\...\MM Eisenbahn-Bildschirmschoner V3) (Version:  - )
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Railroad Tycoon II - Platinum (HKLM\...\{C7E9FB5B-626B-49D9-A99C-7BFA63C222D3}) (Version:  - )
Skins (Version: 2009.0804.2223.38385 - ATI) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VAIO Power Management (HKLM\...\{802889F8-6AF5-45A5-9764-CA5B999E50FC}) (Version: 2.5.0.06250 - Sony Corporation)
VideoPad Video Editor (HKLM\...\VideoPad) (Version:  - NCH Software)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 4.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-02-2015 02:37:33 Ende der Bereinigung
01-02-2015 20:47:00 Geplanter Prüfpunkt
02-02-2015 17:38:27 Geplanter Prüfpunkt
03-02-2015 15:07:57 Windows Update
04-02-2015 13:05:40 Geplanter Prüfpunkt
05-02-2015 16:55:20 Geplanter Prüfpunkt
06-02-2015 19:44:57 Windows Update
07-02-2015 13:13:08 Geplanter Prüfpunkt
08-02-2015 01:20:42 Geplanter Prüfpunkt
09-02-2015 13:08:30 Geplanter Prüfpunkt
10-02-2015 12:56:40 Windows Update
11-02-2015 22:02:33 Geplanter Prüfpunkt
12-02-2015 03:00:41 Windows Update
13-02-2015 03:00:15 Windows Update
15-02-2015 21:27:24 Geplanter Prüfpunkt
16-02-2015 19:59:55 Windows Update
17-02-2015 13:22:50 Geplanter Prüfpunkt
18-02-2015 18:37:39 Geplanter Prüfpunkt
19-02-2015 20:46:53 Geplanter Prüfpunkt
20-02-2015 19:30:10 Windows Update
21-02-2015 22:03:22 Geplanter Prüfpunkt
22-02-2015 13:54:39 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {070C2B6B-288B-46CE-A72A-56E716F85E21} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {0C9362F1-0AF2-44A3-AE55-0F5D48F57470} - System32\Tasks\NCH Software\VideoPadReminder => C:\Program Files\NCH Software\VideoPad\VideoPad.exe [2013-01-15] (NCH Software)
Task: {69BC0011-E2DA-4ACF-B1DC-860FCF206B01} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-22] (Google Inc.)
Task: {7E22C6AF-9828-40FE-A8CB-D217A31D1A88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-22] (Google Inc.)
Task: {7EDDA0FF-B554-4678-BC08-399543BD5062} - System32\Tasks\RUVRQXC => C:\ProgramData\909cb55eddcb441891e2f143029e1b38\909cb55eddcb441891e2f143029e1b38.exe
Task: {9ACB125D-13D4-422E-B295-3C9ECEA26F4D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {9C740240-FAB5-4234-81A8-D3933027744B} - System32\Tasks\AVG_SYS_TASK_1114av => C:\ProgramData\Avg_Update_1114av\AVG-Secure-Search-Update_1114av.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-09-20 09:27 - 2012-02-17 19:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2014-10-11 15:29 - 2014-10-11 15:29 - 00334856 _____ () C:\Users\Vista32\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll
2014-10-06 14:52 - 2015-01-26 17:54 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-02-19 23:07 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-19 23:07 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
2014-09-22 21:51 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-09-22 21:51 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-107438096-1250777658-1232194404-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Vista32\AppData\Local\DisplayFusion\Wallpaper_2.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^Users^Vista32^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: icq => C:\Users\Vista32\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-107438096-1250777658-1232194404-500 - Administrator - Disabled)
Gast (S-1-5-21-107438096-1250777658-1232194404-501 - Limited - Disabled)
Vista32 (S-1-5-21-107438096-1250777658-1232194404-1000 - Administrator - Enabled) => C:\Users\Vista32

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2015 00:33:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 04:43:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 03:30:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 03:21:00 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT-AUTORITÄT)
Description: 0x80072af9

Error: (02/23/2015 03:18:00 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT-AUTORITÄT)
Description: 0x80072af9

Error: (02/23/2015 03:15:00 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT-AUTORITÄT)
Description: 0x80072af9

Error: (02/23/2015 03:14:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 02:39:44 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT-AUTORITÄT)
Description: 0x80072af9

Error: (02/23/2015 02:36:44 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT-AUTORITÄT)
Description: 0x80072af9

Error: (02/23/2015 02:33:43 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1031) (User: NT-AUTORITÄT)
Description: 0x80072af9


System errors:
=============
Error: (02/23/2015 00:42:54 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (02/23/2015 00:42:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (02/23/2015 00:42:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (02/23/2015 00:42:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (02/23/2015 00:42:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (02/23/2015 00:42:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (02/23/2015 00:42:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (02/23/2015 00:41:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (02/23/2015 00:41:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (02/23/2015 00:41:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-23 12:48:56.737
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 12:48:56.589
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 12:48:56.396
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 12:48:56.248
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 12:48:55.836
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 12:48:55.642
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 12:48:55.493
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 12:48:55.311
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 12:48:54.589
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-23 12:48:54.410
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 68%
Total physical RAM: 3038.11 MB
Available physical RAM: 960.7 MB
Total Pagefile: 6286.49 MB
Available Pagefile: 3520.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.04 MB

==================== Drives ================================

Drive c: (Volume) (Fixed) (Total:465.76 GB) (Free:172.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C41723F9)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Dank und Grüsse,
Philipp

schrauber 23.02.2015 18:19
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Alpinist 24.02.2015 01:15
Hi,

Hier COMBOFIX:


Er hat gemeckert, habe Microsoft Security Essentials nicht deaktiviert. Habe ich anschliessend deaktiviert und dann erst den Suchlauf gestartet:


Code:
ComboFix 15-02-16.01 - Vista32 24.02.2015  0:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3038.2028 [GMT 1:00]
ausgeführt von:: c:\users\Vista32\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-01-24 bis 2015-02-24  ))))))))))))))))))))))))))))))
.
.
2015-02-24 00:05 . 2015-02-24 00:05        --------        d-----w-        c:\users\Vista32\AppData\Local\temp
2015-02-24 00:05 . 2015-02-24 00:05        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-02-23 23:49 . 2015-02-23 23:49        39464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{182DF9CB-04F5-4473-9AEB-430883041359}\MpKsl1e557f9f.sys
2015-02-23 11:40 . 2015-02-23 11:40        39464        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{182DF9CB-04F5-4473-9AEB-430883041359}\MpKsl7f19ed31.sys
2015-02-23 01:17 . 2015-02-23 01:17        --------        d-----w-        c:\program files\HitmanPro
2015-02-23 01:16 . 2015-02-23 01:17        --------        d-----w-        c:\programdata\HitmanPro
2015-02-23 01:05 . 2015-02-23 01:05        --------        d-----w-        c:\users\Vista32\AppData\Roaming\dlg
2015-02-22 23:27 . 2015-02-22 23:57        --------        d-----w-        c:\users\Vista32\AppData\Roaming\NCH Software
2015-02-22 23:27 . 2015-02-22 23:27        --------        d-----w-        c:\programdata\NCH Software
2015-02-22 23:25 . 2015-02-22 23:25        --------        d-----w-        c:\program files\NCH Software
2015-02-22 23:17 . 2015-02-22 23:17        --------        d-----w-        c:\users\Vista32\AppData\Local\Setup39301129
2015-02-22 23:16 . 2015-02-22 23:19        --------        d-----w-        c:\users\Vista32\AppData\Local\rita
2015-02-22 02:15 . 2015-01-29 09:49        9041640        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{182DF9CB-04F5-4473-9AEB-430883041359}\mpengine.dll
2015-02-21 20:04 . 2014-09-19 08:02        908840        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75EEDEBD-E68F-4ECB-914D-321CE982D985}\gapaengine.dll
2015-02-21 20:03 . 2015-01-29 09:49        9041640        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-12 17:49 . 2015-01-23 03:00        1810944        ----a-w-        c:\windows\system32\jscript9.dll
2015-02-12 02:09 . 2014-11-26 02:05        564224        ----a-w-        c:\windows\system32\oleaut32.dll
2015-02-12 02:08 . 2015-01-09 00:20        2063360        ----a-w-        c:\windows\system32\win32k.sys
2015-02-12 02:08 . 2015-01-13 01:39        974848        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2015-02-12 02:04 . 2015-01-15 04:13        440760        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2015-02-12 02:02 . 2014-12-08 01:59        306176        ----a-w-        c:\windows\system32\scesrv.dll
2015-02-10 15:45 . 2015-02-10 15:45        217568        ----a-w-        c:\windows\system32\drivers\avgidsdriverx.sys
2015-02-03 09:47 . 2015-02-03 09:47        265184        ----a-w-        c:\windows\system32\drivers\avglogx.sys
2015-02-01 13:32 . 2015-02-01 13:32        --------        d-----w-        c:\program files\Glarysoft
2015-02-01 12:50 . 2015-02-23 02:27        --------        d-----w-        c:\users\Vista32\AppData\Roaming\WinPatrol
2015-02-01 12:49 . 2015-02-01 12:49        --------        d-----w-        c:\program files\Ruiware
2015-02-01 12:49 . 2015-02-01 12:49        --------        d-----w-        c:\programdata\InstallMate
2015-02-01 12:17 . 2015-02-23 12:43        --------        d-----w-        C:\AdwCleaner
2015-01-30 18:26 . 2015-02-01 01:37        --------        d-----w-        c:\windows\ERUNT
2015-01-29 21:31 . 2015-01-29 21:31        --------        d-----w-        c:\program files\Adblock Plus for IE
2015-01-29 16:26 . 2015-01-29 16:29        6000640        ----a-w-        c:\program files\GUTFC97.tmp
2015-01-29 16:26 . 2015-01-29 16:29        --------        d-----w-        c:\program files\GUMFC96.tmp
2015-01-29 15:02 . 2015-02-23 23:29        114904        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-29 14:59 . 2014-11-21 05:14        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-01-29 14:59 . 2014-11-21 05:14        75480        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-01-29 14:59 . 2014-11-21 05:14        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-01-29 14:59 . 2015-01-29 14:59        --------        d-----w-        c:\program files\Malwarebytes Anti-Malware
2015-01-29 14:59 . 2015-01-29 14:59        --------        d-----w-        c:\programdata\Malwarebytes
2015-01-28 11:03 . 2015-02-06 22:17        --------        d-----w-        c:\program files\Free Codec Pack
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-06 12:15 . 2014-10-05 21:17        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-06 12:15 . 2014-10-05 21:17        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2015-01-23 08:40 . 2015-01-23 08:40        107488        ----a-w-        c:\windows\system32\drivers\avgmfx86.sys
2015-01-16 10:15 . 2015-01-16 10:15        210400        ----a-w-        c:\windows\system32\drivers\avgtdix.sys
2014-12-31 11:13 . 2014-02-10 13:46        249488        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-19 00:25 . 2015-01-15 13:18        115200        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2014-12-06 03:14 . 2015-01-16 02:00        153600        ----a-w-        c:\windows\system32\profsvc.dll
2014-12-06 03:14 . 2015-01-15 12:55        174080        ----a-w-        c:\windows\system32\nlasvc.dll
2014-12-06 03:14 . 2015-01-15 12:55        48640        ----a-w-        c:\windows\system32\nlaapi.dll
2014-12-06 03:14 . 2015-01-15 12:55        93184        ----a-w-        c:\windows\system32\ncsi.dll
2014-12-03 02:06 . 2014-12-11 13:24        278528        ----a-w-        c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WinPatrol"="c:\program files\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2014-09-09 8854880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-03-05 122880]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-02-10 3710416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Vista32^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Vista32\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:50        1022152        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 17:57        173592        ----a-w-        c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq]
2014-10-11 14:29        35239432        ----a-w-        c:\users\Vista32\AppData\Roaming\ICQM\icq.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 17:57        141848        ----a-w-        c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2015-01-30 00:53        978520        ----a-w-        c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 17:57        150552        ----a-w-        c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-08-04 20:17        98304        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-10-07 13:39        507776        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-107438096-1250777658-1232194404-1000]
"EnableNotificationsRef"=dword:00000002
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL1E557F9F
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
bthsvcs        REG_MULTI_SZ          BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-19 21:57        1084744        ----a-w-        c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-05 12:15]
.
2015-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-22 20:42]
.
2015-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-22 20:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173\
FF - prefs.js: browser.startup.homepage - hxxp://abload.de/img/dsc04370azdyq.jpg
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-02-24 01:05
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5692)
c:\program files\DisplayFusion\Hooks\AppHookWIN6032_817A37F5-6D87-4BD6-BDAB-36A31144599A.dll
.
Zeit der Fertigstellung: 2015-02-24  01:09:14
ComboFix-quarantined-files.txt  2015-02-24 00:09
.
Vor Suchlauf: 13 Verzeichnis(se), 185.279.815.680 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 185.563.545.600 Bytes frei
.
- - End Of File - - 2DB01B7D908817E054111CB03CD84840
A36C5E4F47E84449FF07ED3517B43A31
Danke,
Gruss Philipp

schrauber 24.02.2015 16:55
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Alpinist 24.02.2015 23:56
Hallo:


MBAM:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 24.02.2015
Suchlauf-Zeit: 22:48:48
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.24.07
Rootkit Datenbank: v2015.02.22.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Vista32

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 325183
Verstrichene Zeit: 33 Min, 26 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

ADW:

Code:
# AdwCleaner v4.111 - Bericht erstellt 24/02/2015 um 23:36:05
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Vista32 - VISTA32-PC
# Gestarted von : c:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche\adwcleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16609


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [988 Bytes] - [01/02/2015 13:17:25]
AdwCleaner[R10].txt - [1776 Bytes] - [24/02/2015 23:33:53]
AdwCleaner[R1].txt - [1108 Bytes] - [01/02/2015 13:59:16]
AdwCleaner[R2].txt - [3852 Bytes] - [23/02/2015 01:26:43]
AdwCleaner[R3].txt - [2755 Bytes] - [23/02/2015 01:44:06]
AdwCleaner[R4].txt - [1290 Bytes] - [23/02/2015 01:51:21]
AdwCleaner[R5].txt - [2635 Bytes] - [23/02/2015 02:18:39]
AdwCleaner[R6].txt - [1468 Bytes] - [23/02/2015 04:37:08]
AdwCleaner[R7].txt - [1633 Bytes] - [23/02/2015 04:49:32]
AdwCleaner[R8].txt - [1657 Bytes] - [23/02/2015 13:41:33]
AdwCleaner[R9].txt - [1716 Bytes] - [24/02/2015 23:28:42]
AdwCleaner[S0].txt - [1048 Bytes] - [01/02/2015 13:29:00]
AdwCleaner[S1].txt - [1170 Bytes] - [01/02/2015 14:14:48]
AdwCleaner[S2].txt - [2816 Bytes] - [23/02/2015 01:47:19]
AdwCleaner[S3].txt - [2696 Bytes] - [23/02/2015 02:30:16]
AdwCleaner[S4].txt - [1529 Bytes] - [23/02/2015 04:40:33]
AdwCleaner[S5].txt - [1698 Bytes] - [24/02/2015 23:36:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1757  Bytes] ##########

JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Vista32 on 24.02.2015 at 23:44:08,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.02.2015 at 23:48:47,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by Vista32 (administrator) on VISTA32-PC on 24-02-2015 23:53:28
Running from C:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche
Loaded Profiles: Vista32 (Available profiles: Vista32)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusion.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [122880 2009-03-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-10] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\Run: [DisplayFusion] => C:\Program Files\DisplayFusion\DisplayFusion.exe [8854880 2014-09-09] (Binary Fortress Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-107438096-1250777658-1232194404-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173
FF Homepage: hxxp://abload.de/img/dsc04370azdyq.jpg
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-107438096-1250777658-1232194404-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: YouTube Unblocker - C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173\Extensions\youtubeunblocker@unblocker.yt [2015-02-23]
FF Extension: DownloadHelper - C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-23]
FF Extension: Adblock Plus - C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzutDtDtByEtAtA0EyCzy0EyCzz0A0C0C0BtN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEtA0BtBtBzz0BtG0DyC0ByBtGtD0DtA0EtGyCyEyDyBtGyD0D0E0CtB0DyDtCtAyBtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyEtC0A0EyDzztGyC0Fzy0DtGyEtBtDtCtGzyyC0CyEtGyD0FtAyB0EzyyD0FtB0CyByE2QtN1B2Z1V1T1S1NzuyDtByC&cr=669139260&ir=
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzutDtDtByEtAtA0EyCzy0EyCzz0A0C0C0BtN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEtA0BtBtBzz0BtG0DyC0ByBtGtD0DtA0EtGyCyEyDyBtGyD0D0E0CtB0DyDtCtAyBtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyEtC0A0EyDzztGyC0Fzy0DtGyEtBtDtCtGzyyC0CyEtGyD0FtAyB0EzyyD0FtB0CyByE2QtN1B2Z1V1T1S1NzuyDtByC&cr=669139260&ir=", "hxxp://abload.de/img/dsc04386g2u7d.jpg"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-15]
CHR Extension: (Google Docs) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-15]
CHR Extension: (Google Drive) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15]
CHR Extension: (YouTube) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-15]
CHR Extension: (Google Search) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-22]
CHR Extension: (Google Sheets) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-22]
CHR Extension: (AdBlock) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-15]
CHR Extension: (Google Mail Checker) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-10-15]
CHR Extension: (Google Wallet) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Gmail) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-10] (AVG Technologies CZ, s.r.o.)
R2 DisplayFusionService; C:\Program Files\DisplayFusion\DisplayFusionService.exe [5278064 2014-09-09] (Binary Fortress Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-10] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Vista32\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 23:51 - 2015-02-24 23:53 - 00000000 ____D () C:\FRST
2015-02-24 23:48 - 2015-02-24 23:48 - 00000636 _____ () C:\Users\Vista32\Desktop\JRT.txt
2015-02-24 23:40 - 2015-02-24 23:40 - 00001837 _____ () C:\Users\Vista32\Desktop\AdwCleaner[S5].txt
2015-02-24 23:33 - 2015-02-24 23:33 - 01388274 _____ (Thisisu) C:\Users\Vista32\Desktop\JRT.exe
2015-02-24 23:27 - 2015-02-24 23:27 - 00001201 _____ () C:\Users\Vista32\Desktop\mbam.txt
2015-02-24 22:35 - 2015-02-24 22:35 - 02030648 _____ () C:\Users\Vista32\Desktop\Neulich im Flugzeug nach der Landung.mp4
2015-02-24 01:09 - 2015-02-24 01:09 - 00011833 _____ () C:\ComboFix.txt
2015-02-24 00:53 - 2015-02-24 01:09 - 00000000 ____D () C:\ComboFix
2015-02-24 00:53 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-24 00:53 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-24 00:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-24 00:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-24 00:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-24 00:53 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-24 00:53 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-24 00:53 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-24 00:49 - 2015-02-24 01:09 - 00000000 ____D () C:\Qoobox
2015-02-23 02:43 - 2015-02-23 02:43 - 00000000 ____D () C:\Windows\pss
2015-02-23 02:17 - 2015-02-23 02:17 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-23 02:16 - 2015-02-23 02:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-23 02:05 - 2015-02-23 02:05 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\dlg
2015-02-23 00:56 - 2015-02-23 00:56 - 00002419 _____ () C:\Users\Vista32\tuss.vpj
2015-02-23 00:44 - 2015-02-23 00:44 - 00000000 ____D () C:\Users\Vista32\Documents\VideoPad Projects
2015-02-23 00:27 - 2015-02-23 00:57 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\NCH Software
2015-02-23 00:27 - 2015-02-23 00:27 - 00000000 ____D () C:\ProgramData\NCH Software
2015-02-23 00:27 - 2015-02-23 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-02-23 00:26 - 2015-02-23 00:26 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2015-02-23 00:25 - 2015-02-23 00:25 - 00000000 ____D () C:\Program Files\NCH Software
2015-02-23 00:17 - 2015-02-23 00:17 - 00000000 ____D () C:\Users\Vista32\AppData\Local\Setup39301129
2015-02-23 00:16 - 2015-02-23 00:19 - 00000000 ____D () C:\Users\Vista32\AppData\Local\rita
2015-02-23 00:16 - 2015-02-23 00:15 - 04156842 _____ () C:\Users\Vista32\Downloads\vppsetup [1].exe
2015-02-15 15:17 - 2015-02-23 13:27 - 00000000 ____D () C:\Users\Vista32\Desktop\desse
2015-02-12 20:01 - 2015-02-12 20:03 - 49396917 _____ () C:\Users\Vista32\Desktop\Ti_sto_-_Wasted_Official_Video.mp4
2015-02-12 18:49 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 18:49 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 03:09 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 03:08 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 03:08 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 03:04 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 03:02 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:46 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:46 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 12:46 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:46 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:46 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:46 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:46 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:46 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 12:46 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-10 16:45 - 2015-02-10 16:45 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-04 01:03 - 2015-02-24 19:37 - 00000000 ____D () C:\Users\Vista32\Desktop\611
2015-02-03 10:47 - 2015-02-03 10:47 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2015-02-01 23:17 - 2015-02-01 23:17 - 00000000 __RSH () C:\MSDOS.SYS
2015-02-01 23:17 - 2015-02-01 23:17 - 00000000 __RSH () C:\IO.SYS
2015-02-01 14:32 - 2015-02-01 14:32 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2015-02-01 14:32 - 2015-02-01 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-02-01 14:32 - 2015-02-01 14:32 - 00000000 ____D () C:\Program Files\Glarysoft
2015-02-01 14:27 - 2015-02-01 14:27 - 00001826 _____ () C:\sc-cleaner.txt
2015-02-01 13:50 - 2015-02-23 03:27 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\WinPatrol
2015-02-01 13:49 - 2015-02-01 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-02-01 13:49 - 2015-02-01 13:49 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-01 13:49 - 2015-02-01 13:49 - 00000000 ____D () C:\Program Files\Ruiware
2015-02-01 13:17 - 2015-02-24 23:36 - 00000000 ____D () C:\AdwCleaner
2015-02-01 02:37 - 2015-02-01 02:37 - 00001462 _____ () C:\DelFix.txt
2015-02-01 00:01 - 2015-02-01 02:49 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-01 00:00 - 2015-02-01 00:05 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-01 00:00 - 2015-02-01 00:00 - 00000000 ____D () C:\Program Files\Adobe
2015-01-30 19:26 - 2015-02-01 02:37 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 13:58 - 2015-01-30 14:13 - 00000000 ____D () C:\Windows\erdnt
2015-01-30 01:16 - 2015-02-24 23:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 22:31 - 2015-01-29 22:31 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-01-29 17:26 - 2015-01-29 17:29 - 06000640 _____ () C:\Program Files\GUTFC97.tmp
2015-01-29 17:26 - 2015-01-29 17:29 - 00000000 ____D () C:\Program Files\GUMFC96.tmp
2015-01-29 16:21 - 2015-01-29 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-29 16:02 - 2015-02-24 23:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 16:00 - 2015-01-29 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 15:59 - 2015-01-29 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 15:59 - 2015-01-29 15:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-29 15:59 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 15:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 15:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 12:03 - 2015-02-06 23:17 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-25 03:06 - 2015-02-22 23:07 - 00000000 ____D () C:\Users\Vista32\Desktop\irgendwelche memos

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 23:53 - 2015-01-20 16:51 - 00000000 ___RD () C:\Users\Vista32\Desktop\Neu
2015-02-24 23:42 - 2008-01-21 02:35 - 01874108 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 23:39 - 2014-09-22 21:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 23:39 - 2006-11-02 13:47 - 00005328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 23:39 - 2006-11-02 13:47 - 00005328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 23:38 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 23:36 - 2014-09-22 18:06 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-24 23:36 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-24 22:56 - 2014-09-22 21:42 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 22:46 - 2014-09-22 10:26 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\vlc
2015-02-24 22:36 - 2014-10-06 01:49 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-24 16:12 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 12:46 - 2014-10-14 20:19 - 00014710 _____ () C:\Windows\PFRO.log
2015-02-24 01:05 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-02-23 12:40 - 2014-10-06 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-23 03:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-23 01:28 - 2014-10-18 20:20 - 00004810 _____ () C:\Windows\setupact.log
2015-02-23 00:56 - 2014-02-10 11:35 - 00000000 ____D () C:\Users\Vista32
2015-02-23 00:17 - 2014-11-03 20:20 - 00000000 ____D () C:\Users\Vista32\AppData\Local\CrashDumps
2015-02-21 00:28 - 2014-09-22 17:48 - 00000000 ___RD () C:\Users\Vista32\Desktop\Ablage
2015-02-20 23:06 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Vista32\Desktop\Bahnbilder
2015-02-12 18:21 - 2006-11-02 13:47 - 00315384 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:21 - 2014-02-10 15:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:10 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 03:08 - 2014-09-30 01:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 03:04 - 2014-02-10 14:22 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-02-12 03:04 - 2014-02-10 14:21 - 00001832 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 03:03 - 2014-02-10 14:20 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 02:42 - 2014-11-28 03:41 - 00000000 ___RD () C:\Users\Vista32\Desktop\mugg
2015-02-11 22:25 - 2014-02-10 11:35 - 00002032 _____ () C:\Users\Vista32\AppData\Local\d3d9caps.dat
2015-02-06 23:19 - 2014-09-22 23:56 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\DVDVideoSoft
2015-02-06 23:18 - 2014-09-22 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-06 23:18 - 2014-09-22 23:57 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-06 23:17 - 2014-09-22 23:57 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-06 13:16 - 2014-09-22 20:17 - 00000000 ____D () C:\Users\Vista32\AppData\Local\Adobe
2015-02-06 13:15 - 2014-10-05 22:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 13:15 - 2014-10-05 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 01:04 - 2014-09-30 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-01 00:04 - 2014-09-22 20:17 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\Adobe
2015-02-01 00:00 - 2014-09-22 20:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-31 00:36 - 2014-10-01 12:34 - 00022528 _____ () C:\Users\Vista32\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-30 14:16 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-30 14:16 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-29 18:53 - 2014-09-22 21:42 - 00000000 ____D () C:\Users\Vista32\AppData\Local\Google
2015-01-29 16:20 - 2014-10-14 20:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-27 11:35 - 2014-02-10 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 17:54 - 2014-10-06 14:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 03:21 - 2014-10-26 15:11 - 00000000 ____D () C:\Users\Vista32\AppData\Local\DisplayFusion

==================== Files in the root of some directories =======

2015-01-29 17:26 - 2015-01-29 17:29 - 6000640 _____ () C:\Program Files\GUTFC97.tmp
2014-02-10 11:35 - 2015-02-11 22:25 - 0002032 _____ () C:\Users\Vista32\AppData\Local\d3d9caps.dat
2014-10-01 12:34 - 2015-01-31 00:36 - 0022528 _____ () C:\Users\Vista32\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Vista32\AppData\Local\temp\Quarantine.exe
C:\Users\Vista32\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 23:44

==================== End Of Log ============================
--- --- ---


Dank und Gruss
Philipp

schrauber 25.02.2015 17:15

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Alpinist 26.02.2015 15:44
Hallo,

ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f4426929db10b745b92bc9533094b3c2
# engine=22659
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-26 02:08:26
# local_time=2015-02-26 03:08:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 10035 112093690 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1256684 47940100 0 0
# scanned=205703
# found=9
# cleaned=0
# scan_time=5941
sh=37A40D933A5E174F9364A251F0CE709105EF85C7 ft=1 fh=4dca71dbf2874aef vn="Variante von Win32/Adware.PicColor.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\909cb55eddcb441891e2f143029e1b38\909cb55eddcb441891e2f143029e1b38.exe.vir"
sh=EB6B7BFE325F377721095CF53FABCED792BB4F56 ft=1 fh=7b4f7ceb92a54ea6 vn="Variante von Win32/Adware.PicColor.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\RfndNSIS.dll.vir"
sh=A3CA6BB5C231F3B21864906FCBA7D1284ED68E7B ft=1 fh=d64e2b3b4b50fef9 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\NCH Software\VideoPad\videopad.exe"
sh=B3DC7558D2C76F988CAB819CCB9B0060087A7C70 ft=1 fh=9227631f22d31e37 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\NCH Software\VideoPad\videopadsetup_v3.00.exe"
sh=0BFF84AA6CC4CCF580EAE2FBF4C129FA6EA612C4 ft=1 fh=9fe1a4845276fe8f vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\softwareSep2014\HardwareTEST-Pflege\Unlocker1.9.1-x64.exe"
sh=F1EFF6451CED129C0E5C0A510955F234A01158A0 ft=1 fh=332b4278a72373e2 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\softwareSep2014\HardwareTEST-Pflege\Unlocker1.9.2.exe"
sh=798BBB387A7853BBD01621F3CED3C67ACA4FA9E8 ft=1 fh=5d3859bb641806e3 vn="Variante von Win32/InstallCore.WX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche\vppsetup.exe"
sh=057C5EC03666DBAB146D40FAB0C52563BB4FA1BC ft=1 fh=81c61a52df1349a8 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche\vpsetup-Downloader.exe"
sh=D0A0928E5624DAF7572CA7421AB20C66646B02D4 ft=1 fh=8aeaf3bcd8b83004 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vista32\Downloads\vppsetup [1].exe"

CHECKUP:

Code:
Results of screen317's Security Check version 0.99.96 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials   
AVG AntiVirus Free Edition 2015 
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 CCleaner   
 Java 8 Update 25 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player        16.0.0.305 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox (36.0)
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 WinPatrol winpatrol.exe
 AVG avgwdsvc.exe
 system32 FirewallControlPanel.exe 
 Ruiware WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by Vista32 (administrator) on VISTA32-PC on 26-02-2015 15:32:12
Running from C:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche
Loaded Profiles: Vista32 (Available profiles: Vista32)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusion.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [122880 2009-03-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\...\Run: [DisplayFusion] => C:\Program Files\DisplayFusion\DisplayFusion.exe [8854880 2014-09-09] (Binary Fortress Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-107438096-1250777658-1232194404-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-107438096-1250777658-1232194404-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173
FF Homepage: hxxp://abload.de/img/dsc04370azdyq.jpg
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-107438096-1250777658-1232194404-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: YouTube Unblocker - C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173\Extensions\youtubeunblocker@unblocker.yt [2015-02-23]
FF Extension: DownloadHelper - C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-23]
FF Extension: Adblock Plus - C:\Users\Vista32\AppData\Roaming\Mozilla\Firefox\Profiles\s94fbxk9.default-1424654141173\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzutDtDtByEtAtA0EyCzy0EyCzz0A0C0C0BtN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEtA0BtBtBzz0BtG0DyC0ByBtGtD0DtA0EtGyCyEyDyBtGyD0D0E0CtB0DyDtCtAyBtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyEtC0A0EyDzztGyC0Fzy0DtGyEtBtDtCtGzyyC0CyEtGyD0FtAyB0EzyyD0FtB0CyByE2QtN1B2Z1V1T1S1NzuyDtByC&cr=669139260&ir=
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzutDtDtByEtAtA0EyCzy0EyCzz0A0C0C0BtN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEtA0BtBtBzz0BtG0DyC0ByBtGtD0DtA0EtGyCyEyDyBtGyD0D0E0CtB0DyDtCtAyBtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyEtC0A0EyDzztGyC0Fzy0DtGyEtBtDtCtGzyyC0CyEtGyD0FtAyB0EzyyD0FtB0CyByE2QtN1B2Z1V1T1S1NzuyDtByC&cr=669139260&ir=", "hxxp://abload.de/img/dsc04386g2u7d.jpg"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-15]
CHR Extension: (Google Docs) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-15]
CHR Extension: (Google Drive) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15]
CHR Extension: (YouTube) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-15]
CHR Extension: (Google Search) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-22]
CHR Extension: (Google Sheets) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-22]
CHR Extension: (AdBlock) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-15]
CHR Extension: (Google Mail Checker) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-10-15]
CHR Extension: (Google Wallet) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Gmail) - C:\Users\Vista32\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 DisplayFusionService; C:\Program Files\DisplayFusion\DisplayFusionService.exe [5278064 2014-09-09] (Binary Fortress Software)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Vista32\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 15:30 - 2015-02-26 15:30 - 00001295 _____ () C:\Users\Vista32\Desktop\checkup.txt
2015-02-24 23:51 - 2015-02-26 15:32 - 00000000 ____D () C:\FRST
2015-02-24 01:09 - 2015-02-24 01:09 - 00011833 _____ () C:\ComboFix.txt
2015-02-24 00:53 - 2015-02-24 01:09 - 00000000 ____D () C:\ComboFix
2015-02-24 00:53 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-24 00:53 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-24 00:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-24 00:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-24 00:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-24 00:53 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-24 00:53 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-24 00:53 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-24 00:49 - 2015-02-24 01:09 - 00000000 ____D () C:\Qoobox
2015-02-23 02:43 - 2015-02-23 02:43 - 00000000 ____D () C:\Windows\pss
2015-02-23 02:17 - 2015-02-23 02:17 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-23 02:16 - 2015-02-23 02:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-23 02:05 - 2015-02-23 02:05 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\dlg
2015-02-23 00:56 - 2015-02-23 00:56 - 00002419 _____ () C:\Users\Vista32\tuss.vpj
2015-02-23 00:44 - 2015-02-23 00:44 - 00000000 ____D () C:\Users\Vista32\Documents\VideoPad Projects
2015-02-23 00:27 - 2015-02-23 00:57 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\NCH Software
2015-02-23 00:27 - 2015-02-23 00:27 - 00000000 ____D () C:\ProgramData\NCH Software
2015-02-23 00:27 - 2015-02-23 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-02-23 00:26 - 2015-02-23 00:26 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2015-02-23 00:25 - 2015-02-23 00:25 - 00000000 ____D () C:\Program Files\NCH Software
2015-02-23 00:17 - 2015-02-23 00:17 - 00000000 ____D () C:\Users\Vista32\AppData\Local\Setup39301129
2015-02-23 00:16 - 2015-02-23 00:19 - 00000000 ____D () C:\Users\Vista32\AppData\Local\rita
2015-02-23 00:16 - 2015-02-23 00:15 - 04156842 _____ () C:\Users\Vista32\Downloads\vppsetup [1].exe
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-15 15:17 - 2015-02-23 13:27 - 00000000 ____D () C:\Users\Vista32\Desktop\desse
2015-02-12 20:01 - 2015-02-12 20:03 - 49396917 _____ () C:\Users\Vista32\Desktop\Ti_sto_-_Wasted_Official_Video.mp4
2015-02-12 18:49 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 18:49 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 03:09 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 03:08 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 03:08 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 03:04 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 03:02 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:46 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:46 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 12:46 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:46 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:46 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:46 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 12:46 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:46 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:46 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 12:46 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 12:46 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-04 01:03 - 2015-02-24 19:37 - 00000000 ____D () C:\Users\Vista32\Desktop\611
2015-02-03 10:47 - 2015-02-03 10:47 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2015-02-01 23:17 - 2015-02-01 23:17 - 00000000 __RSH () C:\MSDOS.SYS
2015-02-01 23:17 - 2015-02-01 23:17 - 00000000 __RSH () C:\IO.SYS
2015-02-01 14:32 - 2015-02-01 14:32 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2015-02-01 14:32 - 2015-02-01 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-02-01 14:32 - 2015-02-01 14:32 - 00000000 ____D () C:\Program Files\Glarysoft
2015-02-01 14:27 - 2015-02-01 14:27 - 00001826 _____ () C:\sc-cleaner.txt
2015-02-01 13:50 - 2015-02-23 03:27 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\WinPatrol
2015-02-01 13:49 - 2015-02-01 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-02-01 13:49 - 2015-02-01 13:49 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-01 13:49 - 2015-02-01 13:49 - 00000000 ____D () C:\Program Files\Ruiware
2015-02-01 13:17 - 2015-02-24 23:36 - 00000000 ____D () C:\AdwCleaner
2015-02-01 02:37 - 2015-02-01 02:37 - 00001462 _____ () C:\DelFix.txt
2015-02-01 00:01 - 2015-02-01 02:49 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-01 00:00 - 2015-02-01 00:05 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-01 00:00 - 2015-02-01 00:00 - 00000000 ____D () C:\Program Files\Adobe
2015-01-30 19:26 - 2015-02-01 02:37 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 13:58 - 2015-01-30 14:13 - 00000000 ____D () C:\Windows\erdnt
2015-01-30 01:16 - 2015-02-26 14:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 22:31 - 2015-01-29 22:31 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-01-29 17:26 - 2015-01-29 17:29 - 06000640 _____ () C:\Program Files\GUTFC97.tmp
2015-01-29 17:26 - 2015-01-29 17:29 - 00000000 ____D () C:\Program Files\GUMFC96.tmp
2015-01-29 16:21 - 2015-01-29 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-29 16:02 - 2015-02-26 13:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 16:00 - 2015-01-29 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 15:59 - 2015-01-29 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 15:59 - 2015-01-29 15:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-29 15:59 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 15:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 15:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 12:03 - 2015-02-06 23:17 - 00000000 ____D () C:\Program Files\Free Codec Pack

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 15:08 - 2006-11-02 13:47 - 00005328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 15:08 - 2006-11-02 13:47 - 00005328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 14:56 - 2014-09-22 21:42 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 14:38 - 2008-01-21 02:35 - 01937243 _____ () C:\Windows\WindowsUpdate.log
2015-02-26 13:19 - 2014-10-06 01:49 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-26 13:18 - 2014-10-06 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-26 13:10 - 2014-09-22 21:42 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 13:08 - 2014-02-10 17:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-26 13:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 02:45 - 2014-09-22 18:06 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-02-26 02:45 - 2006-11-02 14:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-26 01:10 - 2014-10-06 14:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-25 23:59 - 2014-09-22 17:48 - 00000000 ____D () C:\Users\Vista32\Desktop\Bahnbilder
2015-02-25 01:14 - 2015-01-20 16:51 - 00000000 ___RD () C:\Users\Vista32\Desktop\Neu
2015-02-24 22:46 - 2014-09-22 10:26 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\vlc
2015-02-24 16:12 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 12:46 - 2014-10-14 20:19 - 00014710 _____ () C:\Windows\PFRO.log
2015-02-24 01:05 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-02-23 03:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-23 01:28 - 2014-10-18 20:20 - 00004810 _____ () C:\Windows\setupact.log
2015-02-23 00:56 - 2014-02-10 11:35 - 00000000 ____D () C:\Users\Vista32
2015-02-23 00:17 - 2014-11-03 20:20 - 00000000 ____D () C:\Users\Vista32\AppData\Local\CrashDumps
2015-02-22 23:07 - 2015-01-25 03:06 - 00000000 ____D () C:\Users\Vista32\Desktop\irgendwelche memos
2015-02-21 00:28 - 2014-09-22 17:48 - 00000000 ___RD () C:\Users\Vista32\Desktop\Ablage
2015-02-12 18:21 - 2006-11-02 13:47 - 00315384 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:21 - 2014-02-10 15:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:10 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-12 03:08 - 2014-09-30 01:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 03:04 - 2014-02-10 14:22 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-02-12 03:04 - 2014-02-10 14:21 - 00001832 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 03:03 - 2014-02-10 14:20 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 02:42 - 2014-11-28 03:41 - 00000000 ___RD () C:\Users\Vista32\Desktop\mugg
2015-02-11 22:25 - 2014-02-10 11:35 - 00002032 _____ () C:\Users\Vista32\AppData\Local\d3d9caps.dat
2015-02-06 23:19 - 2014-09-22 23:56 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\DVDVideoSoft
2015-02-06 23:18 - 2014-09-22 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-06 23:18 - 2014-09-22 23:57 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-06 23:17 - 2014-09-22 23:57 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-06 13:16 - 2014-09-22 20:17 - 00000000 ____D () C:\Users\Vista32\AppData\Local\Adobe
2015-02-06 13:15 - 2014-10-05 22:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 13:15 - 2014-10-05 22:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 01:04 - 2014-09-30 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-01 00:04 - 2014-09-22 20:17 - 00000000 ____D () C:\Users\Vista32\AppData\Roaming\Adobe
2015-02-01 00:00 - 2014-09-22 20:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-31 00:36 - 2014-10-01 12:34 - 00022528 _____ () C:\Users\Vista32\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-30 14:16 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-30 14:16 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-29 18:53 - 2014-09-22 21:42 - 00000000 ____D () C:\Users\Vista32\AppData\Local\Google
2015-01-29 16:20 - 2014-10-14 20:14 - 00000000 ____D () C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2015-01-29 17:26 - 2015-01-29 17:29 - 6000640 _____ () C:\Program Files\GUTFC97.tmp
2014-02-10 11:35 - 2015-02-11 22:25 - 0002032 _____ () C:\Users\Vista32\AppData\Local\d3d9caps.dat
2014-10-01 12:34 - 2015-01-31 00:36 - 0022528 _____ () C:\Users\Vista32\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Vista32\AppData\Local\temp\Quarantine.exe
C:\Users\Vista32\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 13:25

==================== End Of Log ============================
--- --- ---


Vielen Dank,
Philipp

schrauber 27.02.2015 07:06
Java udn Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\softwareSep2014\HardwareTEST-Pflege\Unlocker1.9.1-x64.exe

C:\softwareSep2014\HardwareTEST-Pflege\Unlocker1.9.2.exe

C:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche\vppsetup.exe

C:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche\vpsetup-Downloader.exe

C:\Users\Vista32\Downloads\vppsetup [1].exe
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzutDtDtByEtAtA0EyCzy0EyCzz0A0C0C0BtN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEtA0BtBtBzz0BtG0DyC0ByBtGtD0DtA0EtGyCyEyDyBtGyD0D0E0CtB0DyDtCtAyBtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyEtC0A0EyDzztGyC0Fzy0DtGyEtBtDtCtGzyyC0CyEtGyD0FtAyB0EzyyD0FtB0CyByE2QtN1B2Z1V1T1S1NzuyDtByC&cr=669139260&ir=
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzutDtDtByEtAtA0EyCzy0EyCzz0A0C0C0BtN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEtA0BtBtBzz0BtG0DyC0ByBtGtD0DtA0EtGyCyEyDyBtGyD0D0E0CtB0DyDtCtAyBtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyEtC0A0EyDzztGyC0Fzy0DtGyEtBtDtCtGzyyC0CyEtGyD0FtAyB0EzyyD0FtB0CyByE2QtN1B2Z1V1T1S1NzuyDtByC&cr=669139260&ir=", "hxxp://abload.de/img/dsc04386g2u7d.jpg"
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de




Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Alpinist 27.02.2015 18:54
Hallo,

hier FIXLOG:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 01
Ran by Vista32 at 2015-02-27 16:43:45 Run:1
Running from C:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche
Loaded Profiles: Vista32 (Available profiles: Vista32)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\softwareSep2014\HardwareTEST-Pflege\Unlocker1.9.1-x64.exe

C:\softwareSep2014\HardwareTEST-Pflege\Unlocker1.9.2.exe

C:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche\vppsetup.exe

C:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche\vpsetup-Downloader.exe

C:\Users\Vista32\Downloads\vppsetup [1].exe
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzutDtDtByEtAtA0EyCzy0EyCzz0A0C0C0BtN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEtA0BtBtBzz0BtG0DyC0ByBtGtD0DtA0EtGyCyEyDyBtGyD0D0E0CtB0DyDtCtAyBtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyEtC0A0EyDzztGyC0Fzy0DtGyEtBtDtCtGzyyC0CyEtGyD0FtAyB0EzyyD0FtB0CyByE2QtN1B2Z1V1T1S1NzuyDtByC&cr=669139260&ir=
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzutDtDtByEtAtA0EyCzy0EyCzz0A0C0C0BtN0D0Tzu0StCtCyEzztN1L2XzutAtFzztFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCyEtA0BtBtBzz0BtG0DyC0ByBtGtD0DtA0EtGyCyEyDyBtGyD0D0E0CtB0DyDtCtAyBtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyEtC0A0EyDzztGyC0Fzy0DtGyEtBtDtCtGzyyC0CyEtGyD0FtAyB0EzyyD0FtB0CyByE2QtN1B2Z1V1T1S1NzuyDtByC&cr=669139260&ir=", "hxxp://abload.de/img/dsc04386g2u7d.jpg"
Emptytemp:
       
*****************

C:\softwareSep2014\HardwareTEST-Pflege\Unlocker1.9.1-x64.exe => Moved successfully.
C:\softwareSep2014\HardwareTEST-Pflege\Unlocker1.9.2.exe => Moved successfully.
C:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche\vppsetup.exe => Moved successfully.
C:\Users\Vista32\Desktop\Ablage\!!! Wichtig !!!\PC Sicherheit\2. Seuche\vpsetup-Downloader.exe => Moved successfully.
C:\Users\Vista32\Downloads\vppsetup [1].exe => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
EmptyTemp: => Removed 1.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog 16:45:02 ====
Chrome hab ich entfernt und neu installiert.

Achja, kann ich das ideobearbeitungsprogramm drauflassen oder soll ich es deinstallieren?

Danke,
Gruss Philipp

schrauber 28.02.2015 10:43
Kannste drauf lassen. Fertig :)

Alpinist 01.03.2015 03:36
Hallo,

ok, vielen Dank.

Habe aber noch kurz eine Frage:

Zum zweiten mal in Folge blieb mein PC nun hängen, "stotterte kurz rum", dann blauer Bildschirm mit einer Aufschrift "windows has detected an error and must shutdown immediately to prevent damage to your PC, Kernel Data Inpage Error" oder der gleichen. Leider war dies zu kurz dran um ganz zu lesen und ich nicht drauf vorbereitet.

Da das zuvor noch nie der Fall war, hat dies einen Zusammenhang mit dem Virus/der Beseitigung des Virus?

Der PC geht einfach dann aus und fährt wieder hoch. Dann kommt eine Windowsmeldung, dass der PC heruntergefahren hat und "nach Lösungen suchen" (was allerdings nichts bringt).

Vielen Dank,
Gruss Philipp

schrauber 01.03.2015 15:51
schauen wir mal:
Windows Bluescreen Absturz analysieren und beheben - so geht's - Anleitungen

Alpinist 01.03.2015 16:44
Hallo,

danke dir, hier weiter machen oder neues Forum/Thema?

Hier zur Not schonmal:

BLUESCREENS:

Code:
==================================================
Dump File        : Mini030115-02.dmp
Crash Time        : 01.03.2015 03:46:30
Bug Check String  : KERNEL_DATA_INPAGE_ERROR
Bug Check Code    : 0x0000007a
Parameter 1      : 0xc0403d98
Parameter 2      : 0xc0000185
Parameter 3      : 0xb6ab4860
Parameter 4      : 0x807b3a9a
Caused By Driver  : ataport.SYS
Caused By Address : ataport.SYS+fa9a
File Description  : ATAPI Driver Extension
Product Name      : Microsoft® Windows® Operating System
Company          : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor        : 32-bit
Crash Address    : ntkrnlpa.exe+7cb50
Stack Address 1  : ntkrnlpa.exe+77ea9
Stack Address 2  : ntkrnlpa.exe+991ff
Stack Address 3  : ntkrnlpa.exe+4dde4
Computer Name    :
Full Path        : C:\Windows\Minidump\Mini030115-02.dmp
Processors Count  : 2
Major Version    : 15
Minor Version    : 6002
Dump File Size    : 148.696
Dump File Time    : 01.03.2015 03:47:44
==================================================

==================================================
Dump File        : Mini030115-01.dmp
Crash Time        : 01.03.2015 03:24:50
Bug Check String  : KERNEL_DATA_INPAGE_ERROR
Bug Check Code    : 0x0000007a
Parameter 1      : 0xc0403da8
Parameter 2      : 0xc0000185
Parameter 3      : 0x74f1f860
Parameter 4      : 0x807b5012
Caused By Driver  : ataport.SYS
Caused By Address : ataport.SYS+14012
File Description  : ATAPI Driver Extension
Product Name      : Microsoft® Windows® Operating System
Company          : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor        : 32-bit
Crash Address    : ntoskrnl.exe+7cb50
Stack Address 1  : ntoskrnl.exe+77ea9
Stack Address 2  : ntoskrnl.exe+991ff
Stack Address 3  : ntoskrnl.exe+4dde4
Computer Name    :
Full Path        : C:\Windows\Minidump\Mini030115-01.dmp
Processors Count  : 2
Major Version    : 15
Minor Version    : 6002
Dump File Size    : 148.696
Dump File Time    : 01.03.2015 03:26:36
==================================================

==================================================
Dump File        : Mini022815-01.dmp
Crash Time        : 28.02.2015 03:27:33
Bug Check String  : KERNEL_DATA_INPAGE_ERROR
Bug Check Code    : 0x0000007a
Parameter 1      : 0xc0403dc0
Parameter 2      : 0xc0000185
Parameter 3      : 0x56e4f860
Parameter 4      : 0x807b8012
Caused By Driver  : ataport.SYS
Caused By Address : ataport.SYS+14012
File Description  : ATAPI Driver Extension
Product Name      : Microsoft® Windows® Operating System
Company          : Microsoft Corporation
File Version      : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor        : 32-bit
Crash Address    : ntkrnlpa.exe+7cb50
Stack Address 1  : ntkrnlpa.exe+77ea9
Stack Address 2  : ntkrnlpa.exe+991ff
Stack Address 3  : ntkrnlpa.exe+4dde4
Computer Name    :
Full Path        : C:\Windows\Minidump\Mini022815-01.dmp
Processors Count  : 2
Major Version    : 15
Minor Version    : 6002
Dump File Size    : 148.696
Dump File Time    : 28.02.2015 03:29:16
==================================================

schrauber 02.03.2015 06:54
Schau mal beim Hersteller deines Gerätes nach neuen Treiber Updates, besonders Chipsatz, Festplattencontroller und BIOS.

Alpinist 06.03.2015 14:10
Hallo,

danke für die Antwort und Entschuldigung für die Verzögerung, ich war im Ausland.

Hier auf der Sony-Seite habe ich dieses gefunden und bei Vista gesucht. BIOS hab ich schon runtergeladen, bei Chipset Driver finde ich keine aktualisierte Version. Oder soll ich die alte drüber installieren? Was würdest du mir raten, von dieser Seite runter zu laden?

Vielen Dank,
Grüsse Philipp

schrauber 07.03.2015 12:15
Wenn es keinen neuen gibt einfach den aktuellen Treiber nochmal drüber installieren.

Alpinist 16.03.2015 00:58
Hallo,

Entschuldige nochmals vielmals, es kamen einige wichtige Sachen dazwischen und ich war leider kaum am PC.

Ich habe nun BIOS aktualisiert und Chipset bin ich gerade dabei. Festplattencontroller scheint es für mein Notebok (Sony VGN-FW41J) nicht zu geben.

Ich hoffe, diese Rumpelkiste funktioniert dann wieder. Bis vor einem Jahr hat diese störungsfrei funktioniert aber seit Sommer zickt es irgendwie rum...

Vielen Dank!
Grüsse Philipp

schrauber 16.03.2015 11:45
Ok, halte mich mal auf dem Laufenden :)

Alpinist 17.03.2015 00:05
Hallo,

hier noch vom letzten Crash (noch vor den beiden Updates BIOS und Chipset):

http://abload.de/img/prevent-demagedwk9j.jpg

Vielleicht hilft es weiter.
Danach hat er glaub meine Soundkarte nicht mehr erkannt oder sowas ähnliches... die Lautsprecher funktionierten zwar aber bei dem Lautsprechersymbol war ein roter Kreis mit weissem Kreuz...

Merci!

Grüsse Philipp

schrauber 17.03.2015 12:39
Dann müssen dort auch noch Treiber neu installiert werden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:28 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131