Trojaner-Board - DHL Mail bekommen, Link geklickt und jetzt

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - DHL Mail bekommen, Link geklickt und jetzt (https://www.trojaner-board.de/164697-dhl-mail-bekommen-link-geklickt.html)

Hat alles geklappt, keine besonderen Vorkommnisse.

Hier die ComboFix.txt

Code:

ComboFix 15-03-01.01 - sgzoll 07.03.2015  15:08:14.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1213 [GMT 1:00]

ausgeführt von:: c:\users\sgzoll\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\sgzoll\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

c:\windows\system32\AF15BDAEX.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2015-02-07 bis 2015-03-07  ))))))))))))))))))))))))))))))

.

.

2015-03-06 16:46 . 2015-03-06 16:46        --------        d-----w-        C:\TDSSKiller_Quarantine

2015-03-06 11:44 . 2015-01-29 09:49        9041640        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{203C6F64-EE05-4B4E-8820-A8327B3499C7}\mpengine.dll        ERROR(0x00000005)

2015-03-05 14:20 . 2015-03-05 14:52        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-03-05 14:18 . 2015-03-05 14:48        92888        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2015-03-04 14:26 . 2015-03-04 14:29        --------        d-----w-        C:\FRST

2015-02-26 19:48 . 2015-02-26 20:03        --------        d-----w-        c:\program files\Mozilla Thunderbird

2015-02-19 10:43 . 2014-11-26 02:05        564224        ----a-w-        c:\windows\system32\oleaut32.dll

2015-02-19 10:43 . 2015-01-09 00:20        2063360        ----a-w-        c:\windows\system32\win32k.sys

2015-02-19 10:42 . 2015-01-13 01:39        974848        ----a-w-        c:\windows\system32\WindowsCodecs.dll

2015-02-19 10:40 . 2015-01-15 04:13        440760        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2015-02-19 10:39 . 2014-12-08 01:59        306176        ----a-w-        c:\windows\system32\scesrv.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-03-04 13:40 . 2013-03-23 20:13        136216        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2015-03-04 13:40 . 2013-03-23 20:13        105864        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2015-02-24 02:23 . 2010-03-04 11:04        246920        ------w-        c:\windows\system32\MpSigStub.exe

2015-02-05 18:27 . 2012-04-16 17:32        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2015-02-05 18:27 . 2011-06-09 17:50        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2015-01-29 09:49 . 2008-12-08 16:44        9041640        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll        ERROR(0x00000005)

2014-12-19 00:25 . 2015-01-16 17:45        115200        ----a-w-        c:\windows\system32\drivers\mrxdav.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        152544        ----a-w-        c:\users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        152544        ----a-w-        c:\users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        152544        ----a-w-        c:\users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"HP ENVY 4500 series (NET)"="c:\program files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" [2014-03-06 2427400]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31087200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-03-04 703280]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]

"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2015-02-12 127792]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

.

c:\users\sgzoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-04-04 21:06        958576        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2013-05-08 21:20        41056        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]

2008-11-03 13:14        217088        ----a-w-        c:\program files\BisonCam\BsMnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25        125952        ----a-w-        c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 03:40        218032        ----a-w-        c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]

2008-11-14 21:02        218408        ------w-        c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-11-21 21:07        13601312        ----a-w-        c:\windows\System32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

2007-12-14 10:36        50472        ------w-        c:\program files\HomeCinema\PowerDVD8\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-10-31 12:06        6609440        ----a-w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2008-11-14 21:02        218408        ------w-        c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]

2008-01-04 10:02        222504        ------w-        c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe GE

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

HPService        REG_MULTI_SZ           HPSLPSVC

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-02-20 12:21        1084744        ----a-w-        c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2015-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 18:27]

.

2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-25 19:36]

.

2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-25 19:36]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = www.google.com

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\

FF - prefs.js: browser.search.selectedEngine - Search Results

FF - prefs.js: browser.startup.homepage - hxxp://www.sgzoll-hamburg.de/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=

FF - ExtSQL: !HIDDEN! 2009-09-21 19:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-10 - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2015-03-07 15:22

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,8e,b0,30,fd,97,de,4e,b1,48,46,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,8e,b0,30,fd,97,de,4e,b1,48,46,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\PSIService.exe

c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

c:\progra~1\COMMON~1\X10\Common\x10nets.exe

c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe

c:\windows\System32\WUDFHost.exe

c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

c:\program files\Google\Update\1.3.26.9\GoogleCrashHandler.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conime.exe

c:\windows\ehome\ehmsas.exe

c:\users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2015-03-07  15:28:22 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2015-03-07 14:28

.

Vor Suchlauf: 9 Verzeichnis(se), 197.255.110.656 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 197.203.304.448 Bytes frei

.

- - End Of File - - 9EB206D9C63368CE6E51BA03E5D367A9

5C616939100B85E558DA92B899A0FC36

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hier die mbam.txt

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 
 

Protection, 08.03.2015 10:52:47, SYSTEM, SGZOLL-PC, Protection, Malware Protection, Starting, 

Protection, 08.03.2015 10:52:47, SYSTEM, SGZOLL-PC, Protection, Malware Protection, Started, 

Protection, 08.03.2015 10:52:47, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Starting, 

Update, 08.03.2015 10:52:51, SYSTEM, SGZOLL-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 

Update, 08.03.2015 10:52:51, SYSTEM, SGZOLL-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.25.1, 

Update, 08.03.2015 10:53:07, SYSTEM, SGZOLL-PC, Manual, Malware Database, 2014.11.20.6, 2015.3.8.4, 

Protection, 08.03.2015 10:53:07, SYSTEM, SGZOLL-PC, Protection, Refresh, Starting, 

Protection, 08.03.2015 10:53:07, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Started, 

Protection, 08.03.2015 10:53:07, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 08.03.2015 10:53:07, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 08.03.2015 10:53:16, SYSTEM, SGZOLL-PC, Protection, Refresh, Success, 

Protection, 08.03.2015 10:53:16, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Starting, 

Protection, 08.03.2015 10:53:16, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Started, 

Protection, 08.03.2015 11:23:48, SYSTEM, SGZOLL-PC, Protection, Malware Protection, Starting, 

Protection, 08.03.2015 11:23:50, SYSTEM, SGZOLL-PC, Protection, Malware Protection, Started, 

Protection, 08.03.2015 11:23:50, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Starting, 

Protection, 08.03.2015 11:27:11, SYSTEM, SGZOLL-PC, Protection, Malicious Website Protection, Started, 
 

(end)

Als nächstes die AdwCleaner[Sx].txt.

Code:

# AdwCleaner v4.111 - Bericht erstellt 08/03/2015 um 11:34:53

# Aktualisiert 18/02/2015 von Xplode

# Datenbank : 2015-03-05.1 [Server]

# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)

# Benutzername : sgzoll - SGZOLL-PC

# Gestarted von : C:\Users\sgzoll\Downloads\AdwCleaner_4.111.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Datei Gelöscht : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk

Datei Gelöscht : C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\searchplugins\Search_Results.xml

Datei Gelöscht : C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\user.js
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v8.0.6001.19600
 
 

-\\ Mozilla Firefox v36.0.1 (x86 de)
 

[f60h71s2.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Search Results");

[f60h71s2.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Search Results");

[f60h71s2.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
 

-\\ Google Chrome v40.0.2214.115
 

[C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}

[C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Homepage] : hxxp://www.searchnu.com/410
 

*************************
 

AdwCleaner[R0].txt - [2768 Bytes] - [08/03/2015 11:31:30]

AdwCleaner[S0].txt - [2717 Bytes] - [08/03/2015 11:34:53]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2776  Bytes] ##########

JRT.txt

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.3 (03.01.2015:1)

OS: Windows Vista (TM) Home Premium x86

Ran by sgzoll on 08.03.2015 at 11:42:39,78

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\sgzoll\AppData\Roaming\mozilla\firefox\profiles\f60h71s2.default\minidumps [167 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08.03.2015 at 11:46:40,01

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und eine neue FRST.log

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015

Ran by sgzoll (administrator) on SGZOLL-PC on 08-03-2015 11:47:02

Running from C:\Users\sgzoll\Downloads

Loaded Profiles: sgzoll (Available profiles: sgzoll & JK)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe

() C:\Windows\System32\PSIService.exe

() C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Dropbox, Inc.) C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1111336 2008-05-08] (Synaptics, Inc.)

HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)

HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2427400 2014-03-06] (Hewlett-Packard Co.)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)

HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-08-21] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\sgzoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKU\S-1-5-21-1793512333-3686394424-291459576-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default

FF Homepage: hxxp://www.sgzoll-hamburg.de/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Avira Browser Safety - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\abs@avira.com [2015-02-02]

FF Extension: Microsoft .NET Framework Assistant - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]

FF Extension: Adblock Plus - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-03]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-25]

FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

FF HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 

Chrome: 

=======

CHR Profile: C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]

CHR Extension: (Google Drive) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]

CHR Extension: (YouTube) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]

CHR Extension: (Google Search) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]

CHR Extension: (Google Wallet) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-29]

CHR Extension: (Gmail) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

R2 resetWinService; C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [70656 2008-10-29] () [File not signed]

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-28] () [File not signed]

S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435016 2013-12-11] (TuneUp Software)

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1051976 2010-05-10] (TuneUp Software)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)

R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [306816 2010-02-13] (AfaTech                  )

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)

R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1461032 2008-12-04] (Bison Electronics. Inc. )

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-08] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)

S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-23] (Avira GmbH)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)

S3 WINIO; C:\Windows\system32\WinIo.sys [9336 2008-12-09] () [File not signed]

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-08 11:46 - 2015-03-08 11:46 - 00000769 _____ () C:\Users\sgzoll\Desktop\JRT.txt

2015-03-08 11:42 - 2015-03-08 11:42 - 01388333 _____ (Thisisu) C:\Users\sgzoll\Downloads\JRT.exe

2015-03-08 11:31 - 2015-03-08 11:34 - 00000000 ____D () C:\AdwCleaner

2015-03-08 11:30 - 2015-03-08 11:30 - 02126848 _____ () C:\Users\sgzoll\Downloads\AdwCleaner_4.111.exe

2015-03-08 11:29 - 2015-03-08 11:29 - 00001767 _____ () C:\mbam.txt

2015-03-08 10:46 - 2015-03-08 10:46 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-08 10:46 - 2015-03-08 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-08 10:46 - 2015-03-08 10:46 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-03-08 10:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-08 10:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-08 10:45 - 2015-03-08 10:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\sgzoll\Downloads\mbam-setup-2.0.4.1028.exe

2015-03-07 15:28 - 2015-03-07 15:28 - 00015026 _____ () C:\ComboFix.txt

2015-03-07 15:05 - 2015-03-07 15:28 - 00000000 ____D () C:\ComboFix

2015-03-07 15:05 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-07 15:05 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-07 15:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-07 15:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-07 15:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-07 15:05 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-07 15:05 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-07 15:05 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-07 15:03 - 2015-03-07 15:28 - 00000000 ____D () C:\Qoobox

2015-03-07 15:02 - 2015-03-07 15:26 - 00000000 ____D () C:\Windows\erdnt

2015-03-07 15:02 - 2015-03-07 15:02 - 05612482 ____R (Swearware) C:\Users\sgzoll\Downloads\ComboFix.exe

2015-03-06 17:46 - 2015-03-06 17:46 - 00000000 ____D () C:\TDSSKiller_Quarantine

2015-03-06 13:07 - 2015-03-06 13:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-03-05 15:20 - 2015-03-08 11:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-05 15:20 - 2015-03-08 10:46 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-05 15:20 - 2015-03-05 16:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-03-05 15:18 - 2015-03-05 16:14 - 00000000 ____D () C:\Users\sgzoll\Desktop\mbar

2015-03-05 15:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-05 15:17 - 2015-03-05 15:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\sgzoll\Downloads\mbar-1.09.1.1004.exe

2015-03-05 15:11 - 2015-03-05 15:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\sgzoll\Downloads\tdsskiller.exe

2015-03-04 15:54 - 2015-03-04 15:54 - 00380416 _____ () C:\Users\sgzoll\Downloads\Gmer-19357.exe

2015-03-04 15:47 - 2015-03-04 15:47 - 319602229 _____ () C:\Windows\MEMORY.DMP

2015-03-04 15:47 - 2015-03-04 15:47 - 00143616 _____ () C:\Windows\Minidump\Mini030415-01.dmp

2015-03-04 15:38 - 2015-03-04 15:38 - 00380416 _____ () C:\Users\sgzoll\Downloads\cgo96936.exe

2015-03-04 15:35 - 2015-03-04 15:35 - 00000725 _____ () C:\Users\sgzoll\Desktop\Addition_04-03-2015_15-29-44 - Verknüpfung.lnk

2015-03-04 15:35 - 2015-03-04 15:35 - 00000705 _____ () C:\Users\sgzoll\Desktop\FRST_04-03-2015_15-29-44 - Verknüpfung.lnk

2015-03-04 15:27 - 2015-03-04 15:29 - 00034880 _____ () C:\Users\sgzoll\Downloads\Addition.txt

2015-03-04 15:26 - 2015-03-08 11:47 - 00018509 _____ () C:\Users\sgzoll\Downloads\FRST.txt

2015-03-04 15:26 - 2015-03-08 11:47 - 00000000 ____D () C:\FRST

2015-03-04 15:24 - 2015-03-04 15:24 - 01132032 _____ (Farbar) C:\Users\sgzoll\Downloads\FRST.exe

2015-03-04 15:22 - 2015-03-04 16:07 - 00000474 _____ () C:\Users\sgzoll\Downloads\defogger_disable.log

2015-03-04 15:22 - 2015-03-04 15:22 - 00000000 _____ () C:\Users\sgzoll\defogger_reenable

2015-03-04 15:09 - 2015-03-04 15:09 - 00050477 _____ () C:\Users\sgzoll\Downloads\Defogger.exe

2015-02-26 20:48 - 2015-02-26 21:03 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

2015-02-19 11:43 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-19 11:43 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-02-19 11:42 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-19 11:40 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-02-19 11:39 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2015-02-19 11:37 - 2015-02-03 12:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-02-19 11:37 - 2015-02-03 12:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-02-19 11:37 - 2015-02-03 12:57 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-19 11:37 - 2015-02-03 12:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-02-19 11:37 - 2015-02-03 12:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2015-02-19 11:37 - 2015-02-03 12:53 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2015-02-19 11:37 - 2015-02-03 12:52 - 06004736 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-19 11:37 - 2015-02-03 12:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-19 11:37 - 2015-02-03 12:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-19 11:37 - 2015-02-03 12:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-02-19 11:37 - 2015-02-03 12:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 11084288 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-19 11:37 - 2015-02-03 12:51 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-02-19 11:37 - 2015-02-03 12:49 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-19 11:37 - 2015-02-03 12:49 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-02-19 11:37 - 2015-02-03 12:49 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll

2015-02-19 11:37 - 2015-02-03 11:13 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-02-19 11:37 - 2015-02-03 09:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-02-19 11:37 - 2015-02-03 09:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-02-19 11:37 - 2015-02-03 09:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-02-19 11:37 - 2015-02-03 09:26 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-02-15 20:58 - 2015-02-15 21:02 - 00000068 _____ () C:\Windows\setupact.log

2015-02-15 20:58 - 2015-02-15 20:58 - 00000000 _____ () C:\Windows\setuperr.log
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-08 11:42 - 2009-02-21 10:52 - 01683364 _____ () C:\Windows\WindowsUpdate.log

2015-03-08 11:41 - 2015-01-29 19:02 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Skype

2015-03-08 11:41 - 2013-06-25 20:36 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-08 11:40 - 2014-06-03 20:58 - 00000000 ___RD () C:\Users\sgzoll\Dropbox

2015-03-08 11:40 - 2014-06-03 20:54 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Dropbox

2015-03-08 11:40 - 2009-12-31 13:17 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2015-03-08 11:38 - 2013-06-25 20:36 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-08 11:38 - 2008-12-15 05:47 - 00235230 _____ () C:\ProgramData\nvModes.001

2015-03-08 11:36 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-08 11:36 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-08 11:36 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-08 11:35 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-08 11:27 - 2013-01-22 16:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-08 11:23 - 2015-02-03 16:34 - 00002468 _____ () C:\Windows\PFRO.log

2015-03-08 11:23 - 2008-12-15 05:37 - 00235230 _____ () C:\ProgramData\nvModes.dat

2015-03-07 15:28 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default

2015-03-07 15:28 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public

2015-03-07 15:21 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini

2015-03-07 15:18 - 2012-05-07 11:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-03-05 15:14 - 2014-08-05 10:58 - 00000000 ____D () C:\ProgramData\Package Cache

2015-03-05 15:13 - 2013-03-23 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-03-05 15:13 - 2013-03-23 21:13 - 00000000 ____D () C:\Program Files\Avira

2015-03-04 15:47 - 2014-05-23 12:29 - 00000000 ____D () C:\Windows\Minidump

2015-03-04 15:22 - 2009-02-21 11:13 - 00000000 ____D () C:\Users\sgzoll

2015-03-04 14:40 - 2013-03-23 21:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-03-04 14:40 - 2013-03-23 21:13 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-02-27 13:18 - 2011-10-09 19:39 - 00000000 ____D () C:\Program Files\StarMoney 6.0 S-Edition

2015-02-27 13:10 - 2006-11-02 11:33 - 01715172 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-24 03:23 - 2010-03-04 12:04 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-02-21 11:38 - 2009-02-25 19:15 - 00002631 _____ () C:\Users\sgzoll\Desktop\Microsoft Office Word 2007.lnk

2015-02-20 13:30 - 2013-06-25 20:36 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-02-19 12:00 - 2006-11-02 13:47 - 00314408 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-19 11:52 - 2013-07-13 10:46 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-19 11:44 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-02-19 11:43 - 2008-12-09 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-19 09:44 - 2014-06-03 20:58 - 00000965 _____ () C:\Users\sgzoll\Desktop\Dropbox.lnk

2015-02-19 09:44 - 2014-06-03 20:56 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 

==================== Files in the root of some directories =======
 

2009-09-21 17:42 - 2009-09-21 17:42 - 0031007 _____ () C:\Users\sgzoll\AppData\Roaming\UserTile.png

2009-02-21 11:21 - 2012-11-29 21:56 - 0007868 _____ () C:\Users\sgzoll\AppData\Roaming\wklnhst.dat

2011-01-18 21:36 - 2011-01-18 21:36 - 0000680 _____ () C:\Users\sgzoll\AppData\Local\d3d9caps.dat

2009-10-26 20:31 - 2014-07-18 19:25 - 0017920 _____ () C:\Users\sgzoll\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-10-24 17:04 - 2014-10-24 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini

2009-11-09 19:55 - 2014-04-26 10:38 - 0012983 _____ () C:\ProgramData\hpzinstall.log

2008-12-15 05:47 - 2015-03-08 11:38 - 0235230 _____ () C:\ProgramData\nvModes.001

2008-12-15 05:37 - 2015-03-08 11:23 - 0235230 _____ () C:\ProgramData\nvModes.dat
 

Some content of TEMP:

====================

C:\Users\sgzoll\AppData\Local\Temp\avgnt.exe

C:\Users\sgzoll\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe2yqbj.dll

C:\Users\sgzoll\AppData\Local\Temp\Quarantine.exe

C:\Users\sgzoll\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-08 11:46
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hier die log.txt...

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=85abdf96ba746341be673d75b1fe210d

# engine=22812

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-03-08 08:40:25

# local_time=2015-03-08 09:40:25 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode_1=''

# compatibility_mode=5892 16776574 100 100 204471 263379953 0 0

# scanned=231067

# found=0

# cleaned=0

# scan_time=5026

...und hier die checkup.txt

Code:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

Und zum Schluß nochmals die FRST.log

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2015 03

Ran by sgzoll (administrator) on SGZOLL-PC on 08-03-2015 21:59:37

Running from C:\Users\sgzoll\Downloads

Loaded Profiles: sgzoll (Available profiles: sgzoll & JK)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe

() C:\Windows\System32\PSIService.exe

() C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Dropbox, Inc.) C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1111336 2008-05-08] (Synaptics, Inc.)

HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)

HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [2427400 2014-03-06] (Hewlett-Packard Co.)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)

HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-08-21] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\sgzoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\sgzoll\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1793512333-3686394424-291459576-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-09] (Sun Microsystems, Inc.)

BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-09] (Sun Microsystems, Inc.)

Toolbar: HKU\S-1-5-21-1793512333-3686394424-291459576-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default

FF Homepage: hxxp://www.sgzoll-hamburg.de/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-08-06] (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

FF Extension: Avira Browser Safety - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\abs@avira.com [2015-02-02]

FF Extension: Microsoft .NET Framework Assistant - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]

FF Extension: Adblock Plus - C:\Users\sgzoll\AppData\Roaming\Mozilla\Firefox\Profiles\f60h71s2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-03]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-25]

FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

FF HKU\S-1-5-21-1793512333-3686394424-291459576-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 

Chrome: 

=======

CHR Profile: C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]

CHR Extension: (Google Drive) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]

CHR Extension: (YouTube) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]

CHR Extension: (Google Search) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]

CHR Extension: (Google Wallet) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-29]

CHR Extension: (Gmail) - C:\Users\sgzoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [663552 2007-10-14] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

R2 resetWinService; C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [70656 2008-10-29] () [File not signed]

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-28] () [File not signed]

S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435016 2013-12-11] (TuneUp Software)

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1051976 2010-05-10] (TuneUp Software)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)

R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [306816 2010-02-13] (AfaTech                  )

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)

R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1461032 2008-12-04] (Bison Electronics. Inc. )

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-08] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)

S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-23] (Avira GmbH)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)

S3 WINIO; C:\Windows\system32\WinIo.sys [9336 2008-12-09] () [File not signed]

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-08 21:59 - 2015-03-08 21:59 - 00000000 ____D () C:\Users\sgzoll\Downloads\FRST-OlderVersion

2015-03-08 21:49 - 2015-03-08 21:49 - 00852604 _____ () C:\Users\sgzoll\Downloads\SecurityCheck.exe

2015-03-08 20:13 - 2015-03-08 20:14 - 02347384 _____ (ESET) C:\Users\sgzoll\Downloads\esetsmartinstaller_deu.exe

2015-03-08 11:46 - 2015-03-08 11:46 - 00000769 _____ () C:\Users\sgzoll\Desktop\JRT.txt

2015-03-08 11:42 - 2015-03-08 11:42 - 01388333 _____ (Thisisu) C:\Users\sgzoll\Downloads\JRT.exe

2015-03-08 11:31 - 2015-03-08 11:34 - 00000000 ____D () C:\AdwCleaner

2015-03-08 11:30 - 2015-03-08 11:30 - 02126848 _____ () C:\Users\sgzoll\Downloads\AdwCleaner_4.111.exe

2015-03-08 11:29 - 2015-03-08 11:29 - 00001767 _____ () C:\mbam.txt

2015-03-08 10:46 - 2015-03-08 10:46 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-08 10:46 - 2015-03-08 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-08 10:46 - 2015-03-08 10:46 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-03-08 10:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-08 10:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-08 10:45 - 2015-03-08 10:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\sgzoll\Downloads\mbam-setup-2.0.4.1028.exe

2015-03-07 15:28 - 2015-03-07 15:28 - 00015026 _____ () C:\ComboFix.txt

2015-03-07 15:05 - 2015-03-07 15:28 - 00000000 ____D () C:\ComboFix

2015-03-07 15:05 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-07 15:05 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-07 15:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-07 15:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-07 15:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-07 15:05 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-07 15:05 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-07 15:05 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-07 15:03 - 2015-03-07 15:28 - 00000000 ____D () C:\Qoobox

2015-03-07 15:02 - 2015-03-07 15:26 - 00000000 ____D () C:\Windows\erdnt

2015-03-07 15:02 - 2015-03-07 15:02 - 05612482 ____R (Swearware) C:\Users\sgzoll\Downloads\ComboFix.exe

2015-03-06 17:46 - 2015-03-06 17:46 - 00000000 ____D () C:\TDSSKiller_Quarantine

2015-03-06 13:07 - 2015-03-06 13:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-03-05 15:20 - 2015-03-08 18:34 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-05 15:20 - 2015-03-08 10:46 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-05 15:20 - 2015-03-05 16:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-03-05 15:18 - 2015-03-05 16:14 - 00000000 ____D () C:\Users\sgzoll\Desktop\mbar

2015-03-05 15:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-05 15:17 - 2015-03-05 15:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\sgzoll\Downloads\mbar-1.09.1.1004.exe

2015-03-05 15:11 - 2015-03-05 15:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\sgzoll\Downloads\tdsskiller.exe

2015-03-04 15:54 - 2015-03-04 15:54 - 00380416 _____ () C:\Users\sgzoll\Downloads\Gmer-19357.exe

2015-03-04 15:47 - 2015-03-04 15:47 - 319602229 _____ () C:\Windows\MEMORY.DMP

2015-03-04 15:47 - 2015-03-04 15:47 - 00143616 _____ () C:\Windows\Minidump\Mini030415-01.dmp

2015-03-04 15:38 - 2015-03-04 15:38 - 00380416 _____ () C:\Users\sgzoll\Downloads\cgo96936.exe

2015-03-04 15:35 - 2015-03-04 15:35 - 00000725 _____ () C:\Users\sgzoll\Desktop\Addition_04-03-2015_15-29-44 - Verknüpfung.lnk

2015-03-04 15:35 - 2015-03-04 15:35 - 00000705 _____ () C:\Users\sgzoll\Desktop\FRST_04-03-2015_15-29-44 - Verknüpfung.lnk

2015-03-04 15:27 - 2015-03-04 15:29 - 00034880 _____ () C:\Users\sgzoll\Downloads\Addition.txt

2015-03-04 15:26 - 2015-03-08 21:59 - 00018814 _____ () C:\Users\sgzoll\Downloads\FRST.txt

2015-03-04 15:26 - 2015-03-08 21:59 - 00000000 ____D () C:\FRST

2015-03-04 15:24 - 2015-03-08 21:59 - 01134592 _____ (Farbar) C:\Users\sgzoll\Downloads\FRST.exe

2015-03-04 15:22 - 2015-03-04 16:07 - 00000474 _____ () C:\Users\sgzoll\Downloads\defogger_disable.log

2015-03-04 15:22 - 2015-03-04 15:22 - 00000000 _____ () C:\Users\sgzoll\defogger_reenable

2015-03-04 15:09 - 2015-03-04 15:09 - 00050477 _____ () C:\Users\sgzoll\Downloads\Defogger.exe

2015-02-26 20:48 - 2015-02-26 21:03 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

2015-02-19 11:43 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-19 11:43 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-02-19 11:42 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-19 11:40 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-02-19 11:39 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2015-02-19 11:37 - 2015-02-03 12:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-02-19 11:37 - 2015-02-03 12:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-02-19 11:37 - 2015-02-03 12:57 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-19 11:37 - 2015-02-03 12:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-02-19 11:37 - 2015-02-03 12:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2015-02-19 11:37 - 2015-02-03 12:53 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2015-02-19 11:37 - 2015-02-03 12:52 - 06004736 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-19 11:37 - 2015-02-03 12:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-19 11:37 - 2015-02-03 12:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-19 11:37 - 2015-02-03 12:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-02-19 11:37 - 2015-02-03 12:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 11084288 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-19 11:37 - 2015-02-03 12:51 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-02-19 11:37 - 2015-02-03 12:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-02-19 11:37 - 2015-02-03 12:49 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-19 11:37 - 2015-02-03 12:49 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-02-19 11:37 - 2015-02-03 12:49 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll

2015-02-19 11:37 - 2015-02-03 11:13 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-02-19 11:37 - 2015-02-03 09:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-02-19 11:37 - 2015-02-03 09:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-02-19 11:37 - 2015-02-03 09:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-02-19 11:37 - 2015-02-03 09:26 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-02-15 20:58 - 2015-02-15 21:02 - 00000068 _____ () C:\Windows\setupact.log

2015-02-15 20:58 - 2015-02-15 20:58 - 00000000 _____ () C:\Windows\setuperr.log
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-08 21:41 - 2013-06-25 20:36 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-08 21:34 - 2015-01-29 19:02 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Skype

2015-03-08 21:27 - 2013-01-22 16:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-08 21:03 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-08 21:03 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-08 11:42 - 2009-02-21 10:52 - 01683364 _____ () C:\Windows\WindowsUpdate.log

2015-03-08 11:40 - 2014-06-03 20:58 - 00000000 ___RD () C:\Users\sgzoll\Dropbox

2015-03-08 11:40 - 2014-06-03 20:54 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Dropbox

2015-03-08 11:40 - 2009-12-31 13:17 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2015-03-08 11:38 - 2013-06-25 20:36 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-08 11:38 - 2008-12-15 05:47 - 00235230 _____ () C:\ProgramData\nvModes.001

2015-03-08 11:36 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-08 11:35 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-08 11:23 - 2015-02-03 16:34 - 00002468 _____ () C:\Windows\PFRO.log

2015-03-08 11:23 - 2008-12-15 05:37 - 00235230 _____ () C:\ProgramData\nvModes.dat

2015-03-07 15:28 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default

2015-03-07 15:28 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public

2015-03-07 15:21 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini

2015-03-07 15:18 - 2012-05-07 11:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-03-05 15:14 - 2014-08-05 10:58 - 00000000 ____D () C:\ProgramData\Package Cache

2015-03-05 15:13 - 2013-03-23 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-03-05 15:13 - 2013-03-23 21:13 - 00000000 ____D () C:\Program Files\Avira

2015-03-04 15:47 - 2014-05-23 12:29 - 00000000 ____D () C:\Windows\Minidump

2015-03-04 15:22 - 2009-02-21 11:13 - 00000000 ____D () C:\Users\sgzoll

2015-03-04 14:40 - 2013-03-23 21:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-03-04 14:40 - 2013-03-23 21:13 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-02-27 13:18 - 2011-10-09 19:39 - 00000000 ____D () C:\Program Files\StarMoney 6.0 S-Edition

2015-02-27 13:10 - 2006-11-02 11:33 - 01715172 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-24 03:23 - 2010-03-04 12:04 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-02-21 11:38 - 2009-02-25 19:15 - 00002631 _____ () C:\Users\sgzoll\Desktop\Microsoft Office Word 2007.lnk

2015-02-20 13:30 - 2013-06-25 20:36 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-02-19 12:00 - 2006-11-02 13:47 - 00314408 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-19 11:52 - 2013-07-13 10:46 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-19 11:44 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2015-02-19 11:43 - 2008-12-09 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-19 09:44 - 2014-06-03 20:58 - 00000965 _____ () C:\Users\sgzoll\Desktop\Dropbox.lnk

2015-02-19 09:44 - 2014-06-03 20:56 - 00000000 ____D () C:\Users\sgzoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 

==================== Files in the root of some directories =======
 

2009-09-21 17:42 - 2009-09-21 17:42 - 0031007 _____ () C:\Users\sgzoll\AppData\Roaming\UserTile.png

2009-02-21 11:21 - 2012-11-29 21:56 - 0007868 _____ () C:\Users\sgzoll\AppData\Roaming\wklnhst.dat

2011-01-18 21:36 - 2011-01-18 21:36 - 0000680 _____ () C:\Users\sgzoll\AppData\Local\d3d9caps.dat

2009-10-26 20:31 - 2014-07-18 19:25 - 0017920 _____ () C:\Users\sgzoll\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-10-24 17:04 - 2014-10-24 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini

2009-11-09 19:55 - 2014-04-26 10:38 - 0012983 _____ () C:\ProgramData\hpzinstall.log

2008-12-15 05:47 - 2015-03-08 11:38 - 0235230 _____ () C:\ProgramData\nvModes.001

2008-12-15 05:37 - 2015-03-08 11:23 - 0235230 _____ () C:\ProgramData\nvModes.dat
 

Some content of TEMP:

====================

C:\Users\sgzoll\AppData\Local\Temp\avgnt.exe

C:\Users\sgzoll\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe2yqbj.dll

C:\Users\sgzoll\AppData\Local\Temp\Quarantine.exe

C:\Users\sgzoll\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-08 11:46
 

==================== End Of Log ============================

--- --- ---

Gruß Juerk

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.