systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14

crixel · 03.02.2014, 22:04

Hi, nachdem heute mindestens zum zweiten Mal ungefragt so ein doofes Tabfenster hochkam mit Werbung von systweak und Regclean Pro

habe ich zu suchen angefangen und diesen Thread hier gefunden:
http://www.trojaner-board.de/149126-...firefox-2.html

Analog dazu bin ich die einzelnen Schritte durchgegangen.

Mein Avast hat bisher nichts gefunden.

Mit FRST kam das:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Christian (administrator) on STANDPC on 03-02-2014 20:45:17
Running from D:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [VIAxHCUtl] - C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-01] (AVAST Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2014-01-17] (Sony Corporation)
HKU\S-1-5-21-1523883789-3797667583-3398338233-1001\...\MountPoints2: {ceefeeda-7e79-11e3-af2f-0019db67d5e3} - H:\Startme.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x094B2A30E45BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash and Video Download - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-01-23]
FF Extension: Color Management - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\color_management@seanhayes.name.xpi [2013-05-28]
FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-28]
FF Extension: Adblock Edge - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-11]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-01] (AVAST Software)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-17] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:30 - 2014-02-03 20:32 - 00000000 ____D () C:\AdwCleaner
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:23 - 2014-02-03 20:45 - 00000000 ____D () C:\FRST
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-15 14:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:06 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware
2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker
2014-01-07 12:10 - 2014-02-03 20:28 - 00012288 ___SH () C:\Users\Christian\Thumbs.db
2014-01-07 11:50 - 2014-01-07 12:00 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk
2014-01-07 11:49 - 2014-01-07 12:00 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16
2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState
2014-01-07 11:39 - 2014-01-29 20:38 - 00000000 ____D () C:\Perl64

==================== One Month Modified Files and Folders =======

2014-02-03 20:45 - 2014-02-03 20:23 - 00000000 ____D () C:\FRST
2014-02-03 20:44 - 2013-05-29 07:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 20:44 - 2013-05-28 21:33 - 01588395 _____ () C:\Windows\WindowsUpdate.log
2014-02-03 20:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 20:44 - 2009-07-14 05:51 - 00055935 _____ () C:\Windows\setupact.log
2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-02-03 20:40 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat
2014-02-03 20:40 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat
2014-02-03 20:40 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:32 - 2014-02-03 20:30 - 00000000 ____D () C:\AdwCleaner
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:30 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda
2014-02-03 20:28 - 2014-01-07 12:10 - 00012288 ___SH () C:\Users\Christian\Thumbs.db
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 20:13 - 2013-05-29 07:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 20:03 - 2013-05-29 13:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-02-03 15:22 - 2013-05-29 13:40 - 00000000 ____D () C:\Users\Rebekka\Documents\Schule
2014-02-02 21:03 - 2013-05-29 07:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-31 21:57 - 2010-11-21 04:47 - 00092038 _____ () C:\Windows\PFRO.log
2014-01-31 20:32 - 2013-05-03 16:49 - 00027793 _____ () C:\Users\Christian\Documents\todo_cs.odt
2014-01-29 20:38 - 2014-01-07 11:39 - 00000000 ____D () C:\Perl64
2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 07:56 - 2013-10-18 15:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-23 07:56 - 2013-05-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-16 18:47 - 2013-05-29 14:07 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-01-16 18:36 - 2013-05-28 21:49 - 00065208 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 18:34 - 2013-05-29 06:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-01-16 18:33 - 2013-05-29 13:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-16 18:33 - 2013-05-29 13:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 18:33 - 2013-05-29 13:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-16 07:45 - 2009-07-14 05:45 - 04862872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 22:17 - 2013-08-06 17:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 22:16 - 2013-05-29 13:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-15 20:13 - 2013-08-03 11:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-01-11 08:55 - 2013-05-28 21:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Paint.NET
2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware
2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker
2014-01-07 12:10 - 2013-05-28 21:33 - 00000000 ____D () C:\Users\Christian
2014-01-07 12:00 - 2014-01-07 11:50 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk
2014-01-07 12:00 - 2014-01-07 11:49 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16
2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState
2014-01-04 13:55 - 2013-05-29 17:00 - 00000000 ____D () C:\Users\Liane\Documents\Arbeitszeit

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-31 17:07

==================== End Of Log ============================

Dann habe ich adwcleaner laufen lassen:

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 03/02/2014 um 20:32:27
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Christian - STANDPC
# Gestartet von : D:\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\prefs.js ]


[ Datei : C:\Users\Rebekka\AppData\Roaming\Mozilla\Firefox\Profiles\oyef4b8j.default\prefs.js ]


[ Datei : C:\Users\Ricarda\AppData\Roaming\Mozilla\Firefox\Profiles\x85dedtl.default\prefs.js ]


[ Datei : C:\Users\Liane\AppData\Roaming\Mozilla\Firefox\Profiles\f5bskm1p.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1298 octets] - [03/02/2014 20:30:32]
AdwCleaner[S0].txt - [1221 octets] - [03/02/2014 20:32:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1281 octets] ##########

Dann JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Christian on 03.02.2014 at 20:35:13,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\plxuprsp.default\minidumps [19 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.02.2014 at 20:41:28,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und nochmal FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Christian (administrator) on STANDPC on 03-02-2014 20:45:17
Running from D:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [VIAxHCUtl] - C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-01] (AVAST Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2014-01-17] (Sony Corporation)
HKU\S-1-5-21-1523883789-3797667583-3398338233-1001\...\MountPoints2: {ceefeeda-7e79-11e3-af2f-0019db67d5e3} - H:\Startme.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x094B2A30E45BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash and Video Download - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-01-23]
FF Extension: Color Management - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\color_management@seanhayes.name.xpi [2013-05-28]
FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-28]
FF Extension: Adblock Edge - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\plxuprsp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-11]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-01] (AVAST Software)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-01-17] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:30 - 2014-02-03 20:32 - 00000000 ____D () C:\AdwCleaner
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:23 - 2014-02-03 20:45 - 00000000 ____D () C:\FRST
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-15 14:06 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 14:06 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 14:06 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 14:06 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware
2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker
2014-01-07 12:10 - 2014-02-03 20:28 - 00012288 ___SH () C:\Users\Christian\Thumbs.db
2014-01-07 11:50 - 2014-01-07 12:00 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk
2014-01-07 11:49 - 2014-01-07 12:00 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16
2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState
2014-01-07 11:39 - 2014-01-29 20:38 - 00000000 ____D () C:\Perl64

==================== One Month Modified Files and Folders =======

2014-02-03 20:45 - 2014-02-03 20:23 - 00000000 ____D () C:\FRST
2014-02-03 20:44 - 2013-05-29 07:13 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 20:44 - 2013-05-28 21:33 - 01588395 _____ () C:\Windows\WindowsUpdate.log
2014-02-03 20:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 20:44 - 2009-07-14 05:51 - 00055935 _____ () C:\Windows\setupact.log
2014-02-03 20:41 - 2014-02-03 20:41 - 00000765 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-02-03 20:40 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat
2014-02-03 20:40 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat
2014-02-03 20:40 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:40 - 2009-07-14 05:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 20:35 - 2014-02-03 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-03 20:32 - 2014-02-03 20:30 - 00000000 ____D () C:\AdwCleaner
2014-02-03 20:30 - 2014-02-03 20:30 - 00011264 ___SH () C:\Users\Ricarda\Thumbs.db
2014-02-03 20:30 - 2013-05-28 22:40 - 00000000 ____D () C:\Users\Ricarda
2014-02-03 20:28 - 2014-01-07 12:10 - 00012288 ___SH () C:\Users\Christian\Thumbs.db
2014-02-03 20:23 - 2014-02-03 20:23 - 00215590 _____ () C:\Users\Christian\AppData\Local\census.cache
2014-02-03 20:14 - 2014-02-03 20:14 - 00102846 _____ () C:\Users\Christian\AppData\Local\ars.cache
2014-02-03 20:13 - 2013-05-29 07:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 20:03 - 2013-05-29 13:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 19:59 - 2014-02-03 19:59 - 00000036 _____ () C:\Users\Christian\AppData\Local\housecall.guid.cache
2014-02-03 15:22 - 2013-05-29 13:40 - 00000000 ____D () C:\Users\Rebekka\Documents\Schule
2014-02-02 21:03 - 2013-05-29 07:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-31 21:57 - 2010-11-21 04:47 - 00092038 _____ () C:\Windows\PFRO.log
2014-01-31 20:32 - 2013-05-03 16:49 - 00027793 _____ () C:\Users\Christian\Documents\todo_cs.odt
2014-01-29 20:38 - 2014-01-07 11:39 - 00000000 ____D () C:\Perl64
2014-01-29 19:29 - 2014-01-29 19:29 - 00001971 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-25 14:38 - 2014-01-25 14:38 - 00003226 _____ () C:\Windows\System32\Tasks\{113A03E5-F873-4C67-8681-0E631BFB41E2}
2014-01-23 07:56 - 2014-01-23 07:56 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 07:56 - 2013-10-18 15:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-23 07:56 - 2013-05-29 15:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-16 18:47 - 2013-05-29 14:07 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-01-16 18:36 - 2013-05-28 21:49 - 00065208 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 18:34 - 2013-05-29 06:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Adobe
2014-01-16 18:33 - 2013-05-29 13:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-16 18:33 - 2013-05-29 13:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 18:33 - 2013-05-29 13:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-16 07:45 - 2009-07-14 05:45 - 04862872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 22:17 - 2013-08-06 17:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 22:16 - 2013-05-29 13:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 20:13 - 2014-01-15 20:13 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-15 20:13 - 2013-08-03 11:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-01-11 08:55 - 2013-05-28 21:50 - 00000000 ____D () C:\Users\Christian\AppData\Local\Paint.NET
2014-01-09 08:42 - 2014-01-09 08:42 - 00000000 ____D () C:\Program Files (x86)\SaalDesignSoftware
2014-01-07 16:50 - 2014-01-07 16:50 - 00002022 _____ () C:\Users\Christian\Desktop\InfoGucker.lnk
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfoGucker
2014-01-07 16:50 - 2014-01-07 16:50 - 00000000 ____D () C:\Program Files (x86)\InfoGucker
2014-01-07 12:10 - 2013-05-28 21:33 - 00000000 ____D () C:\Users\Christian
2014-01-07 12:00 - 2014-01-07 11:50 - 00001815 _____ () C:\Users\Christian\Desktop\ImageMagick Display.lnk
2014-01-07 12:00 - 2014-01-07 11:49 - 00000000 ____D () C:\Program Files\ImageMagick-6.8.8-Q16
2014-01-07 11:41 - 2014-01-07 11:41 - 00000000 ____D () C:\Users\Christian\AppData\Local\ActiveState
2014-01-04 13:55 - 2013-05-29 17:00 - 00000000 ____D () C:\Users\Liane\Documents\Arbeitszeit

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-31 17:07

==================== End Of Log ============================

Ich habe dann gewagt diese Datei zu löschen:
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe

Davor oder danach habe ich auch MBAM laufen lassen:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Christian :: STANDPC [Administrator]

Schutz: Aktiviert

03.02.2014 20:59:12
mbam-log-2014-02-03 (20-59-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 280824
Laufzeit: 1 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Also nix gefunden.

ESET habe ich auch laufen lassen, der findet einen html/scrinject.b.gen.
Da aber hier im Forum das als halb so wild eingestuft wird, habe ich da nix gemacht.
http://www.trojaner-board.de/127174-...ect-b-gen.html

Als nächstes werde ich TFC laufen lassen. Ich hoffe damit das Problem losgeworden zu sein. Was mich frustriert ist, dass auf meinem Rechner noscript läuft und auch AdblockEdge und trotzdem so ein Mist drauf kommt.

systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14

Log-Analyse und Auswertung: systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14

systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14

Ähnliche Themen: systweak-oeffnet-neuen-tab-firefox Habe ich auch seit 31.1.14