Trojaner-Board - TDSS killer

Ich habe Die alte version von firefox runtergeladen und jetzt läuft es wieder einwandfrei.

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-07-2013

Ran by AhoIII-JAP (administrator) on 03-07-2013 19:28:10

Running from C:\Users\AhoIII-JAP\Desktop

Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

() C:\Windows\system32\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

() C:\Program Files\Common Files\WireHelpSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-22] (Realtek Semiconductor)

HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)

Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]

HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

HKCU\...\Policies\system: [DisableRegistryTools] 0

HKCU\...\Policies\system: [DisableTaskMgr] 0
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\AhoIII-JAP\AppData\Roaming\Mozilla\Firefox\Profiles\0r6m9fsy.default

FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml

FF Homepage: hxxp://www.google.de/

FF NetworkProxy: "http", "203.113.131.69"

FF NetworkProxy: "http_port", 6666

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\AhoIII-JAP\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\AhoIII-JAP\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\AhoIII-JAP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Extension: No Name - C:\Users\AhoIII-JAP\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

FF Extension: Fasterfox Lite - C:\Users\AhoIII-JAP\AppData\Roaming\Mozilla\Firefox\Profiles\0r6m9fsy.default\Extensions\FasterFox_Lite@BigRedBrent

FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\AhoIII-JAP\AppData\Roaming\Mozilla\Firefox\Profiles\0r6m9fsy.default\Extensions\ich@maltegoetz.de

FF Extension: Clippings - C:\Users\AhoIII-JAP\AppData\Roaming\Mozilla\Firefox\Profiles\0r6m9fsy.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}

FF Extension: FoxLingo - C:\Users\AhoIII-JAP\AppData\Roaming\Mozilla\Firefox\Profiles\0r6m9fsy.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

FF Extension: No Name - C:\Users\AhoIII-JAP\AppData\Roaming\Mozilla\Firefox\Profiles\0r6m9fsy.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF Extension: No Name - C:\Users\AhoIII-JAP\AppData\Roaming\Mozilla\Firefox\Profiles\0r6m9fsy.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

FF Extension: No Name - C:\Users\AhoIII-JAP\AppData\Roaming\Mozilla\Firefox\Profiles\0r6m9fsy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: No Name - C:\Users\AhoIII-JAP\AppData\Roaming\Mozilla\Firefox\Profiles\0r6m9fsy.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

FF Extension: No Name - C:\Users\AhoIII-JAP\AppData\Roaming\Mozilla\Firefox\Profiles\0r6m9fsy.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\

FF Extension: No Name - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\

FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\

FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR DefaultSearchURL: (Web) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Users\AhoIII-JAP\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File

CHR Extension: (Adblock Plus) - C:\Users\AhoIII-JAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0

CHR Extension: (Vince) - C:\Users\AhoIII-JAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpdhkfmndlnlmmhcalabijjpogicdpa\3_0

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\AhoIII-JAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0
 

========================== Services (Whitelisted) =================
 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)

S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2010-12-26] ()

R2 WireHelpSvc; C:\Program Files\Common Files\WireHelpSvc.exe [265120 2012-05-02] ()
 

==================== Drivers (Whitelisted) ====================
 

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()

R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()

S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [24504 2011-11-28] (Turtle Entertainment GmbH)

R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [836496 2012-05-02] (<Turtle Entertainment>)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

R1 MpKsle5289f26; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C929611-19B1-4F25-8D24-8488FCCB11EF}\MpKsle5289f26.sys [29904 2013-07-03] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 snpstd; C:\Windows\System32\DRIVERS\snpstd.sys [390784 2006-05-03] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS [x]

S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

S1 rgzyljml; \??\C:\Windows\system32\drivers\rgzyljml.sys [x]

S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\Sandra.sys [x]

S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]

S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-07-03 18:44 - 2013-07-03 18:45 - 21757208 ____A (Mozilla) C:\Users\AhoIII-JAP\Downloads\Firefox Setup 21.0b7.exe

2013-07-03 16:36 - 2013-07-03 16:37 - 00000000 ____D C:\Program Files\QuickTime

2013-07-03 16:36 - 2013-07-03 16:36 - 00000000 ____D C:\ProgramData\Apple Computer

2013-07-03 16:30 - 2013-07-03 16:31 - 41404760 ____A (Apple Inc.) C:\Users\AhoIII-JAP\Downloads\QuickTimeInstaller.exe

2013-07-03 15:37 - 2013-07-03 15:37 - 00000320 ____A C:\Windows\PFRO.log

2013-07-03 15:22 - 2013-07-03 15:22 - 04396440 ____A (Piriform Ltd) C:\Users\AhoIII-JAP\Downloads\ccsetup403.exe

2013-07-03 15:22 - 2013-07-03 15:22 - 00000764 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-07-03 15:11 - 2013-07-03 15:12 - 01372477 ____A (Farbar) C:\Users\AhoIII-JAP\Desktop\FRST.exe

2013-07-02 17:02 - 2013-07-02 17:02 - 00000000 ____D C:\Windows\ERUNT

2013-07-02 17:02 - 2013-07-02 17:02 - 00000000 ____D C:\JRT

2013-07-02 16:54 - 2013-07-02 16:55 - 00015450 ____A C:\AdwCleaner[S1].txt

2013-07-02 16:35 - 2013-07-02 16:35 - 00014778 ____A C:\ComboFix.txt

2013-07-02 16:22 - 2013-07-02 16:35 - 00000000 ____D C:\ComboFix

2013-07-01 20:54 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe

2013-07-01 20:54 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe

2013-07-01 20:54 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-07-01 20:54 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-07-01 20:54 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-07-01 20:54 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe

2013-07-01 20:54 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe

2013-07-01 20:54 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe

2013-07-01 20:53 - 2013-07-02 16:35 - 00000000 ____D C:\Qoobox

2013-07-01 20:52 - 2013-07-01 21:12 - 00000000 ____D C:\Windows\erdnt

2013-07-01 20:37 - 2013-07-01 20:37 - 00000000 ____D C:\FRST

2013-07-01 20:05 - 2013-07-03 18:25 - 00242483 ____A C:\Windows\WindowsUpdate.log

2013-06-27 22:24 - 2013-07-03 18:46 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 11

2013-06-27 16:51 - 2013-06-27 16:51 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-06-22 21:49 - 2013-06-22 21:49 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2013-06-22 21:49 - 2013-06-22 21:49 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2013-06-22 21:49 - 2013-06-22 21:49 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2013-06-22 21:49 - 2013-06-22 21:49 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll

2013-06-13 03:08 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-13 03:08 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-13 03:08 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-13 03:08 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-13 03:08 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-13 03:08 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-06-13 03:08 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-06-13 03:08 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-13 03:08 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-13 03:08 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-06-13 03:08 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-06-13 03:08 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-13 03:08 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-13 03:08 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-06-13 03:08 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-13 03:08 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-12 15:16 - 2013-05-08 05:40 - 00914792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-06-12 15:16 - 2013-05-08 03:58 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys

2013-06-12 15:16 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-12 15:16 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll

2013-06-12 15:16 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-12 15:16 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-12 15:16 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-12 15:16 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-12 15:16 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-12 15:15 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-06-12 15:15 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-06-12 15:15 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
 

==================== One Month Modified Files and Folders ========
 

2013-07-03 18:55 - 2012-05-16 20:24 - 00000346 ____A C:\Windows\Tasks\PC SpeedUp Service Deactivator.job

2013-07-03 18:50 - 2012-08-13 09:18 - 00001140 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000877608-3806727883-2265949970-1000UA.job

2013-07-03 18:46 - 2013-06-27 22:24 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 11

2013-07-03 18:46 - 2012-07-22 12:43 - 00000894 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-07-03 18:46 - 2012-03-18 16:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-07-03 18:45 - 2013-07-03 18:44 - 21757208 ____A (Mozilla) C:\Users\AhoIII-JAP\Downloads\Firefox Setup 21.0b7.exe

2013-07-03 18:41 - 2012-07-22 11:09 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-07-03 18:27 - 2008-01-21 10:21 - 01459222 ____A C:\Windows\System32\PerfStringBackup.INI

2013-07-03 18:25 - 2013-07-01 20:05 - 00242483 ____A C:\Windows\WindowsUpdate.log

2013-07-03 18:22 - 2006-11-02 14:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-07-03 18:22 - 2006-11-02 14:45 - 00004576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-03 18:22 - 2006-11-02 14:45 - 00004576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-03 18:21 - 2010-11-11 20:49 - 00000000 ____D C:\ProgramData\NVIDIA

2013-07-03 17:56 - 2006-11-02 14:58 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-07-03 16:37 - 2013-07-03 16:36 - 00000000 ____D C:\Program Files\QuickTime

2013-07-03 16:36 - 2013-07-03 16:36 - 00000000 ____D C:\ProgramData\Apple Computer

2013-07-03 16:31 - 2013-07-03 16:30 - 41404760 ____A (Apple Inc.) C:\Users\AhoIII-JAP\Downloads\QuickTimeInstaller.exe

2013-07-03 15:37 - 2013-07-03 15:37 - 00000320 ____A C:\Windows\PFRO.log

2013-07-03 15:35 - 2011-03-16 13:07 - 00000000 ____D C:\Program Files\Sandboxie

2013-07-03 15:34 - 2010-11-11 18:27 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-07-03 15:30 - 2011-06-18 13:20 - 00000000 ____D C:\ProgramData\MAGIX

2013-07-03 15:30 - 2011-01-29 18:25 - 00000000 ____D C:\Program Files\Magix

2013-07-03 15:29 - 2011-02-11 15:54 - 00000000 ____D C:\Users\AhoIII-JAP\AppData\Roaming\HLSW

2013-07-03 15:29 - 2010-11-23 03:21 - 00000000 ____D C:\Program Files\FileZilla FTP Client

2013-07-03 15:25 - 2011-09-05 02:34 - 00000000 ____D C:\Users\AhoIII-JAP\AppData\Roaming\Media Player Classic

2013-07-03 15:22 - 2013-07-03 15:22 - 04396440 ____A (Piriform Ltd) C:\Users\AhoIII-JAP\Downloads\ccsetup403.exe

2013-07-03 15:22 - 2013-07-03 15:22 - 00000764 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-07-03 15:22 - 2012-06-30 23:41 - 00000000 ____D C:\Program Files\CCleaner

2013-07-03 15:12 - 2013-07-03 15:11 - 01372477 ____A (Farbar) C:\Users\AhoIII-JAP\Desktop\FRST.exe

2013-07-03 15:10 - 2011-01-09 07:06 - 00000000 ____D C:\Users\AhoIII-JAP\AppData\Local\Adobe

2013-07-02 21:27 - 2011-03-04 15:38 - 00000641 ____A C:\Users\AhoIII-JAP\AppData\Roaming\burnaware.ini

2013-07-02 19:50 - 2012-08-13 09:18 - 00001088 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000877608-3806727883-2265949970-1000Core.job

2013-07-02 17:02 - 2013-07-02 17:02 - 00000000 ____D C:\Windows\ERUNT

2013-07-02 17:02 - 2013-07-02 17:02 - 00000000 ____D C:\JRT

2013-07-02 16:55 - 2013-07-02 16:54 - 00015450 ____A C:\AdwCleaner[S1].txt

2013-07-02 16:54 - 2010-11-21 18:31 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft

2013-07-02 16:54 - 2010-11-12 13:00 - 00000000 ____D C:\ProgramData\ICQ

2013-07-02 16:35 - 2013-07-02 16:35 - 00014778 ____A C:\ComboFix.txt

2013-07-02 16:35 - 2013-07-02 16:22 - 00000000 ____D C:\ComboFix

2013-07-02 16:35 - 2013-07-01 20:53 - 00000000 ____D C:\Qoobox

2013-07-02 16:33 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini

2013-07-01 21:13 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default

2013-07-01 21:13 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public

2013-07-01 21:12 - 2013-07-01 20:52 - 00000000 ____D C:\Windows\erdnt

2013-07-01 20:37 - 2013-07-01 20:37 - 00000000 ____D C:\FRST

2013-07-01 20:00 - 2010-11-25 02:45 - 00000000 ____D C:\Users\AhoIII-JAP\Tracing

2013-07-01 20:00 - 2010-11-15 00:08 - 00000000 ____D C:\Users\AhoIII-JAP\AppData\Roaming\TS3Client

2013-07-01 20:00 - 2010-11-13 18:29 - 00000000 ____D C:\Program Files\Steam

2013-07-01 19:59 - 2010-11-16 22:15 - 00000000 ____D C:\Windows\Minidump

2013-07-01 17:37 - 2012-07-04 21:40 - 00000000 ____D C:\Users\AhoIII-JAP\AppData\Roaming\Skype

2013-06-28 16:47 - 2013-05-25 18:29 - 00000000 ____D C:\Program Files\eFusion

2013-06-28 15:22 - 2010-11-24 05:39 - 00000000 ____D C:\Users\AhoIII-JAP\Documents\My Games

2013-06-27 16:51 - 2013-06-27 16:51 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-06-27 16:51 - 2013-01-30 18:16 - 00000000 ___RD C:\Program Files\Skype

2013-06-27 16:51 - 2012-07-04 21:38 - 00000000 ____D C:\ProgramData\Skype

2013-06-27 10:25 - 2011-02-05 01:27 - 00000132 ____A C:\Users\AhoIII-JAP\AppData\Roaming\Adobe PNG Format CS5 Prefs

2013-06-22 21:49 - 2013-06-22 21:49 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2013-06-22 21:49 - 2013-06-22 21:49 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2013-06-22 21:49 - 2013-06-22 21:49 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2013-06-22 21:49 - 2013-06-22 21:49 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll

2013-06-22 21:49 - 2012-07-16 18:41 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll

2013-06-22 21:49 - 2010-11-28 07:43 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll

2013-06-13 03:43 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache

2013-06-13 03:25 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE

2013-06-13 03:03 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2013-06-12 18:41 - 2012-07-22 11:09 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-06-12 18:41 - 2011-05-15 17:56 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-06-04 17:44 - 2010-11-13 14:01 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-07-03 18:28
 

==================== End Of Log ============================
--- --- ---

Ich danke dir für deine hilfe, und ich hoffe jetzt das ich kein virus mehr drauf habe!

Danke nochmal. :daumenhoc

spende ist auch gleich unterwegs. :rolleyes: