zusätzliche Browserfenster öffnen sich mit Werbung im Hintergrund

hjmom · 05.04.2014, 19:21

Sorry für die Verspätung. War auf Weiterbildung. Hier das LOG:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by User (administrator) on USER-PC on 05-04-2014 20:19:02
Running from C:\Users\User\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Ipswitch) C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] - C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2424951300-607356146-3166250846-1000\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2424951300-607356146-3166250846-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2424951300-607356146-3166250846-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2424951300-607356146-3166250846-1000\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2424951300-607356146-3166250846-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-2424951300-607356146-3166250846-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2424951300-607356146-3166250846-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wsjwaufh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

========================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-04] (Avira Operations GmbH & Co. KG)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-18] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-02-10] (Microsoft)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-06-13] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-06-13] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-13] (Avira GmbH)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S1 HWiNFO32; \??\C:\Users\User\AppData\Local\Temp\HWiNFO32.SYS [X]
S3 uxddrv; \??\F:\uxddrv86.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 20:19 - 2014-04-05 20:19 - 00017530 _____ () C:\Users\User\Desktop\FRST.txt
2014-04-05 20:18 - 2014-04-05 20:18 - 01145856 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-04-05 20:15 - 2014-04-05 20:15 - 02157056 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-04-05 19:54 - 2014-04-05 19:54 - 00000056 _____ () C:\Windows\setupact.log
2014-04-05 19:54 - 2014-04-05 19:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-27 21:41 - 2014-04-05 20:06 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 21:41 - 2014-04-05 20:03 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-27 21:40 - 2014-04-05 20:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-03-27 21:40 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 21:40 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-27 21:40 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-27 21:34 - 2014-03-27 21:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-27 21:29 - 2014-03-27 21:29 - 00001041 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-03-27 21:29 - 2014-03-27 21:29 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-27 21:29 - 2014-03-27 21:29 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-03-27 21:29 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\system32\MSSTDFMT.DLL
2014-03-27 21:28 - 2014-03-27 21:28 - 04095448 _____ (BrightFort LLC ) C:\Users\User\Downloads\spywareblastersetup50.exe
2014-03-23 22:39 - 2014-03-23 22:39 - 00073130 _____ () C:\Users\User\Desktop\Palette   Schüssel Udon    Colourlovers.htm
2014-03-23 22:39 - 2014-03-23 22:39 - 00000000 ____D () C:\Users\User\Desktop\Palette   Schüssel Udon    Colourlovers_files
2014-03-21 08:06 - 2014-03-21 08:06 - 00361906 _____ () C:\Users\User\Documents\Kopie von KW 13  MD.xlsx
2014-03-21 08:06 - 2014-03-21 08:06 - 00358241 _____ () C:\Users\User\Documents\Kopie von KW 14 GN.xlsx
2014-03-17 19:47 - 2014-03-17 20:19 - 00931190 _____ () C:\Users\User\Desktop\Sicherung Ertl.xlsx
2014-03-17 19:13 - 2014-03-17 19:13 - 00001819 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-17 19:12 - 2014-03-17 19:13 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-09 15:34 - 2014-03-09 15:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-09 15:34 - 2014-03-09 15:35 - 00000000 ____D () C:\Program Files\iTunes
2014-03-09 15:34 - 2014-03-09 15:34 - 00000000 ____D () C:\Program Files\iPod
2014-03-09 13:30 - 2014-03-09 13:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-03-09 13:30 - 2014-03-09 13:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\com.adobe.mauby
2014-03-08 18:35 - 2014-03-08 18:35 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-08 18:35 - 2014-03-08 18:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-08 18:27 - 2014-03-08 18:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95 (1).exe
2014-03-08 18:25 - 2014-03-08 18:25 - 00283256 _____ (Mozilla) C:\Users\User\Downloads\Firefox Setup Stub 27.0.1.exe
2014-03-08 18:23 - 2014-03-08 18:23 - 00001226 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2014-03-08 18:23 - 2014-03-08 18:23 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-08 18:22 - 2014-03-08 18:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2014-03-07 22:34 - 2014-03-27 21:40 - 00000000 ____D () C:\Users\User\Desktop\doTerra
2014-03-07 20:13 - 2011-02-19 07:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-06 21:55 - 2013-04-01 18:28 - 00000002 _____ () C:\Windows\system32\Drivers\etc\hosts.20140306-205553.backup
2014-03-06 21:55 - 2013-04-01 18:28 - 00000002 _____ () C:\Windows\system32\Drivers\etc\hosts.20140306-205519.backup

==================== One Month Modified Files and Folders =======

2014-04-05 20:19 - 2014-04-05 20:19 - 00017530 _____ () C:\Users\User\Desktop\FRST.txt
2014-04-05 20:19 - 2014-03-04 11:47 - 00000000 ____D () C:\FRST
2014-04-05 20:18 - 2014-04-05 20:18 - 01145856 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-04-05 20:15 - 2014-04-05 20:15 - 02157056 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-04-05 20:06 - 2014-03-27 21:41 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 20:04 - 2009-07-14 06:34 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-05 20:04 - 2009-07-14 06:34 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-05 20:03 - 2014-03-27 21:41 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-05 20:03 - 2014-03-27 21:40 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-04-05 20:02 - 2010-06-29 00:30 - 01507106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 20:01 - 2012-12-25 15:28 - 00000000 ____D () C:\Users\User\AppData\Local\3AC385DE-33F9-4019-A4B1-E8352B23A66F.aplzod
2014-04-05 19:56 - 2012-06-23 09:29 - 00000000 _____ () C:\sniffer.log
2014-04-05 19:54 - 2014-04-05 19:54 - 00000056 _____ () C:\Windows\setupact.log
2014-04-05 19:54 - 2014-04-05 19:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-05 19:54 - 2013-07-06 13:05 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 19:54 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 09:51 - 2014-03-27 21:40 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-03-27 21:40 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-03-27 21:40 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-27 22:39 - 2012-01-26 14:10 - 01974617 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 22:38 - 2013-07-06 13:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 22:37 - 2012-07-30 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 21:40 - 2014-03-07 22:34 - 00000000 ____D () C:\Users\User\Desktop\doTerra
2014-03-27 21:40 - 2014-02-17 20:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 21:39 - 2012-11-06 19:20 - 00000000 ____D () C:\CLATRU
2014-03-27 21:38 - 2013-01-26 17:53 - 00000000 ____D () C:\Users\User\Desktop\e-Books
2014-03-27 21:35 - 2014-01-03 14:43 - 00000000 ____D () C:\Users\User\Desktop\Energie-Workshop
2014-03-27 21:34 - 2014-03-27 21:34 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-27 21:29 - 2014-03-27 21:29 - 00001041 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-03-27 21:29 - 2014-03-27 21:29 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-27 21:29 - 2014-03-27 21:29 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-03-27 21:28 - 2014-03-27 21:28 - 04095448 _____ (BrightFort LLC ) C:\Users\User\Downloads\spywareblastersetup50.exe
2014-03-27 17:46 - 2013-08-23 16:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileAdvisor
2014-03-27 17:35 - 2013-08-21 16:25 - 00000000 ____D () C:\Program Files\File Type Advisor
2014-03-23 22:39 - 2014-03-23 22:39 - 00073130 _____ () C:\Users\User\Desktop\Palette   Schüssel Udon    Colourlovers.htm
2014-03-23 22:39 - 2014-03-23 22:39 - 00000000 ____D () C:\Users\User\Desktop\Palette   Schüssel Udon    Colourlovers_files
2014-03-21 08:06 - 2014-03-21 08:06 - 00361906 _____ () C:\Users\User\Documents\Kopie von KW 13  MD.xlsx
2014-03-21 08:06 - 2014-03-21 08:06 - 00358241 _____ () C:\Users\User\Documents\Kopie von KW 14 GN.xlsx
2014-03-20 11:48 - 2013-07-17 10:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 11:44 - 2010-06-29 01:06 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 20:19 - 2014-03-17 19:47 - 00931190 _____ () C:\Users\User\Desktop\Sicherung Ertl.xlsx
2014-03-17 19:22 - 2013-09-11 17:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\dvdcss
2014-03-17 19:14 - 2013-12-30 15:19 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-17 19:13 - 2014-03-17 19:13 - 00001819 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-17 19:13 - 2014-03-17 19:12 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-14 13:18 - 2010-06-29 01:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 14:37 - 2012-04-06 11:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 14:37 - 2012-02-01 16:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 14:13 - 2012-02-01 15:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-09 15:35 - 2014-03-09 15:34 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-09 15:35 - 2014-03-09 15:34 - 00000000 ____D () C:\Program Files\iTunes
2014-03-09 15:34 - 2014-03-09 15:34 - 00000000 ____D () C:\Program Files\iPod
2014-03-09 15:34 - 2012-02-01 17:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-09 15:30 - 2012-02-01 17:38 - 00000000 ____D () C:\ProgramData\Apple
2014-03-09 15:12 - 2014-03-04 11:47 - 00046898 _____ () C:\Users\User\Downloads\FRST.txt
2014-03-09 13:39 - 2010-06-29 01:42 - 00000000 ____D () C:\Program Files\Adobe
2014-03-09 13:30 - 2014-03-09 13:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-03-09 13:30 - 2014-03-09 13:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\com.adobe.mauby
2014-03-08 18:35 - 2014-03-08 18:35 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-08 18:35 - 2014-03-08 18:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-08 18:27 - 2014-03-08 18:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95 (1).exe
2014-03-08 18:25 - 2014-03-08 18:25 - 00283256 _____ (Mozilla) C:\Users\User\Downloads\Firefox Setup Stub 27.0.1.exe
2014-03-08 18:23 - 2014-03-08 18:23 - 00001226 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2014-03-08 18:23 - 2014-03-08 18:23 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-08 18:22 - 2014-03-08 18:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2014-03-07 20:47 - 2013-06-10 14:13 - 00000000 ____D () C:\Users\User\Desktop\yogapics c
2014-03-06 20:41 - 2010-06-29 01:10 - 00000000 ____D () C:\Windows\Panther

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 11:45

==================== End Of Log ============================

--- --- ---

zusätzliche Browserfenster öffnen sich mit Werbung im Hintergrund

Plagegeister aller Art und deren Bekämpfung: zusätzliche Browserfenster öffnen sich mit Werbung im Hintergrund

zusätzliche Browserfenster öffnen sich mit Werbung im Hintergrund

Ähnliche Themen: zusätzliche Browserfenster öffnen sich mit Werbung im Hintergrund