Trojaner-Board - alle Browser außer Internetexplorer virenverseucht und Outlook Ordner muß ständig überprüft werden

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013 (ATTENTION: FRST version is 679 days old)

Ran by Dust (administrator) on 14-05-2015 09:17:38

Running from C:\allewebprojekte

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

() C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

(APN LLC.) C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe

(Autodesk, Inc.) C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe

(Apple Computer, Inc.) C:\Programme\Bonjour\mDNSResponder.exe

(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe

(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

(Microsoft Corporation) c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe

(Avira Operations GmbH & Co. KG) C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe

(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Hewlett-Packard) C:\Programme\HP\HP Software Update\HPWuSchd2.exe

(CANON INC.) C:\Programme\Canon\Quick Menu\CNQMMAIN.EXE

(Avira Operations GmbH & Co. KG) C:\Programme\Avira\My Avira\Avira.OE.Systray.exe

(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

(APN) C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe

(Akamai Technologies, Inc.) C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe

(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe

(Dropbox, Inc.) C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox\bin\Dropbox.exe

(Akamai Technologies, Inc.) C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe

(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe

(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe

(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe

(CANON INC.) C:\Programme\Canon\Quick Menu\CNQMUPDT.EXE

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]

HKLM\...\Run: [SkyTel] SkyTel.EXE [x]

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13529088 2008-05-03] (NVIDIA Corporation)

HKLM\...\Run: [nwiz] nwiz.exe /install [x]

HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [86016 2008-05-03] (NVIDIA Corporation)

HKLM\...\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe [383424 2012-02-06] (Autodesk, Inc.)

HKLM\...\Run: [CanonQuickMenu] C:\Programme\Canon\Quick Menu\CNQMMAIN.EXE /logon [1282632 2013-07-23] (CANON INC.)

HKLM\...\Run: [upt4pc_en_7.exe] C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\fst_de_69\upt4pc_en_7.exe -runhelper [x]

HKLM\...\Run: [Avira Systray] C:\Programme\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [334896 2015-04-30] (Oracle Corporation)

HKLM\...\Run: [ApnTBMon] C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-31] (APN)

HKCU\...\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /minimized /regrun [17351304 2011-10-13] (Skype Technologies S.A.)

HKCU\...\Run: [Akamai NetSession Interface] "C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" [4673432 2014-10-30] (Akamai Technologies, Inc.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google

URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - "C:\Programme\AskPartnerNetwork\Toolbar\searchhook.dll" No File

HKCU SearchScopes: DefaultScope {F81A849A-5230-46C3-97B6-E1155ABFD2AF} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {B757DBB4-5B78-4F4A-8482-1C40A2183B90} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^DE&gct=sb&itbv=12.24.1.51&apn_uid=249BBB60-AEDF-40BE-AC76-F1480E99B6CC&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^DE&apn_dbr=ie&doi=2015-05-13&trgb=IE&q={searchTerms}&psv=&pt=tb

SearchScopes: HKCU - {F81A849A-5230-46C3-97B6-E1155ABFD2AF} URL = https://www.google.com/search?q={searchTerms}

BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Programme\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation)

BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll (LeapWare)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation)

BHO: No Name - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)

BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Programme\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File

Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU -No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File

Toolbar: HKCU -Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Programme\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File

DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} hxxp://www.cltnet.de/login/dplaunch.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: ipp - No CLSID Value - 

Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msdaipp - No CLSID Value - 

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 

FireFox:

========

FF ProfilePath: C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default

FF NetworkProxy: "no_proxies_on", "*.local"

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll No File

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.45.2 - C:\Programme\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Programme\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File

FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

========================== Services (Whitelisted) =================
 

S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-03-06] (Adobe Systems)

R2 AdobeActiveFileMonitor4.0; C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-10-03] ()

R2 APNMCP; C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-31] (APN LLC.)

R2 Autodesk Content Service; C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)

R2 Avira.OE.ServiceHost; C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)

R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.)

S3 FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-03-29] (Flexera Software, Inc.)

R2 ForcewareWebInterface; C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-04-03] (Apache Software Foundation)

R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.)

R3 hpqcxs08; C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.)

R2 hpqddsvc; C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.)

S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation)

R2 MBAMScheduler; C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

R2 MBAMService; C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

S2 MSSQL$SQLEXPRESS; c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)

S4 MSSQLServerADHelper; c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)

R2 nSvcIp; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-07-13] (NVIDIA Corporation)

R2 nSvcLog; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-07-13] (NVIDIA Corporation)

S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)

S4 SQLBrowser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544 2007-02-10] (Microsoft Corporation)

R2 SQLWriter; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968 2007-02-10] (Microsoft Corporation)

R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4150112 2013-06-13] (TeamViewer GmbH)

S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]

S2 gupdate; "C:\Programme\Google\Update\GoogleUpdate.exe" /svc [x]

S3 gupdatem; "C:\Programme\Google\Update\GoogleUpdate.exe" /medsvc [x]

S3 gusvc; "C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
 

==================== Drivers (Whitelisted) ====================
 

R2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [376200 2013-08-09] (SafeNet Inc.)

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [244040 2013-08-09] (SafeNet Inc.)

S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [53192 2013-08-09] (SafeNet Inc.)

S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [296200 2013-08-09] (SafeNet Inc.)

R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2009-03-05] (Windows (R) 2000 DDK provider)

S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2008-06-18] (Avanquest Software)

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)

S3 DCamUSBSQTECH; C:\Windows\System32\Drivers\SQcaptur.sys [29744 2003-10-28] (Service & Quality Technology.)

R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [608648 2013-08-09] (SafeNet Inc.)

R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)

R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-14] (Malwarebytes Corporation)

S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)

R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)

R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [102400 2007-08-09] (NVIDIA Corporation)

R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)

R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)

S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)

S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)

S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [x]

S4 IntelIde; No ImagePath

U3 TlntSvr; 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2015-05-14 09:16 - 2015-05-14 09:16 - 00778416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2015-05-14 09:16 - 2015-05-14 09:16 - 00142512 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2015-05-14 09:16 - 2015-05-14 09:16 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-05-13 09:08 - 2015-05-13 09:23 - 00000000 ____D C:\b99aa6df9624a994d69e

2015-05-13 08:57 - 2013-07-09 19:00 - 00867240 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll

2015-05-13 08:57 - 2013-07-09 19:00 - 00789416 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll

2015-05-11 17:37 - 2015-05-14 08:55 - 00000000 ____D C:\ebay

2015-05-10 14:52 - 2015-05-10 14:52 - 00000000 ____D C:\RegBackup

2015-05-10 14:40 - 2015-05-10 14:43 - 00000000 ____D C:\AdwCleaner

2015-05-10 14:18 - 2015-05-10 14:19 - 00000000 ____D C:\Avenger

2015-05-10 08:35 - 2015-05-14 08:55 - 00119512 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2015-05-10 08:35 - 2015-04-14 09:37 - 00120024 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2015-05-10 08:35 - 2015-04-14 09:37 - 00023256 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2015-05-08 10:15 - 2015-05-08 15:37 - 00000000 ___SD C:\32788R22FWJFW

2015-05-07 12:12 - 2015-05-13 09:33 - 00000000 ____D C:\FRST

2015-05-07 11:04 - 2015-05-07 11:04 - 00090112 ____A C:\Windows\Minidump\Mini050715-02.dmp

2015-05-07 10:24 - 2015-05-07 10:24 - 00090112 ____A C:\Windows\Minidump\Mini050715-01.dmp

2015-05-01 12:10 - 2015-05-06 12:24 - 00000000 ____D C:\video

2015-04-25 10:21 - 2015-05-07 13:32 - 00000000 ____D C:\harzausflug0415
 

==================== One Month Modified Files and Folders ========
 

2015-05-14 09:17 - 2011-12-29 17:37 - 00000000 ____D C:\allewebprojekte

2015-05-14 09:16 - 2015-05-14 09:16 - 00778416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2015-05-14 09:16 - 2015-05-14 09:16 - 00142512 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2015-05-14 09:16 - 2015-05-14 09:16 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-05-14 09:16 - 2009-03-04 13:18 - 00000000 ___RD C:\Programme

2015-05-14 09:14 - 2010-02-08 13:58 - 01886419 ____A C:\Windows\WindowsUpdate.log

2015-05-14 08:55 - 2015-05-11 17:37 - 00000000 ____D C:\ebay

2015-05-14 08:55 - 2015-05-10 08:35 - 00119512 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2015-05-14 08:54 - 2008-04-14 14:00 - 00000766 ____A C:\Windows\win.ini

2015-05-14 08:51 - 2009-03-04 13:20 - 00004767 ____A C:\Windows\wiadebug.log

2015-05-14 08:48 - 2009-03-04 13:42 - 00000000 ____A C:\Windows\System32\nmp.log

2015-05-14 08:46 - 2014-12-26 18:27 - 00001082 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-05-14 08:46 - 2014-03-22 15:13 - 00000220 ____A C:\Windows\Tasks\Ende des Supports für Microsoft Windows XP –  Benachrichtigung – Anmeldung.job

2015-05-14 08:46 - 2009-03-04 13:49 - 00182038 ____A C:\Windows\System32\nvapps.xml

2015-05-14 08:46 - 2009-03-04 13:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2015-05-14 08:46 - 2009-03-04 13:20 - 00000050 ____A C:\Windows\wiaservc.log

2015-05-13 18:26 - 2009-03-04 13:34 - 00032616 ____A C:\Windows\SchedLgU.Txt

2015-05-13 14:32 - 2014-12-26 18:27 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-05-13 13:49 - 2015-02-15 13:40 - 00000000 ____D C:\bilderpapa2

2015-05-13 09:33 - 2015-05-07 12:12 - 00000000 ____D C:\FRST

2015-05-13 09:23 - 2015-05-13 09:08 - 00000000 ____D C:\b99aa6df9624a994d69e

2015-05-13 09:09 - 2013-07-11 11:56 - 00000000 ____D C:\Windows\System32\MRT

2015-05-13 09:09 - 2009-03-04 14:23 - 137310008 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2015-05-13 09:08 - 2008-04-14 14:00 - 00013646 ____A C:\Windows\System32\wpa.dbl

2015-05-13 08:55 - 2013-07-09 19:00 - 00146432 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl

2015-05-13 08:55 - 2013-07-09 19:00 - 00096352 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll

2015-05-12 13:59 - 2013-07-05 12:55 - 00000664 ____A C:\Windows\System32\d3d9caps.dat

2015-05-10 14:52 - 2015-05-10 14:52 - 00000000 ____D C:\RegBackup

2015-05-10 14:43 - 2015-05-10 14:40 - 00000000 ____D C:\AdwCleaner

2015-05-10 14:19 - 2015-05-10 14:18 - 00000000 ____D C:\Avenger

2015-05-10 14:18 - 2011-03-28 11:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2524375$

2015-05-08 16:04 - 2014-02-04 19:38 - 00000276 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job

2015-05-08 15:37 - 2015-05-08 10:15 - 00000000 ___SD C:\32788R22FWJFW

2015-05-08 10:20 - 2013-07-04 21:41 - 00529855 ____A C:\Windows\setupapi.log

2015-05-08 10:15 - 2013-07-08 10:45 - 00000000 ____D C:\Windows\erdnt

2015-05-07 15:31 - 2011-01-11 21:09 - 00000000 ____D C:\Windows\System32\NtmsData

2015-05-07 13:32 - 2015-04-25 10:21 - 00000000 ____D C:\harzausflug0415

2015-05-07 11:32 - 2009-03-04 13:29 - 00000000 ____D C:\Windows\Registration

2015-05-07 11:04 - 2015-05-07 11:04 - 00090112 ____A C:\Windows\Minidump\Mini050715-02.dmp

2015-05-07 11:04 - 2009-10-02 15:33 - 00000000 ____D C:\Windows\Minidump

2015-05-07 10:24 - 2015-05-07 10:24 - 00090112 ____A C:\Windows\Minidump\Mini050715-01.dmp

2015-05-06 12:24 - 2015-05-01 12:10 - 00000000 ____D C:\video

2015-04-14 09:37 - 2015-05-10 08:35 - 00120024 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2015-04-14 09:37 - 2015-05-10 08:35 - 00023256 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe

[2008-04-14 14:00] - [2008-04-14 14:00] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e 
 

C:\Windows\System32\winlogon.exe

[2008-04-14 14:00] - [2008-04-14 14:00] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a 
 

C:\Windows\System32\svchost.exe

[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 
 

C:\Windows\System32\services.exe

[2008-04-14 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc 
 

C:\Windows\System32\User32.dll

[2008-04-14 14:00] - [2008-04-14 14:00] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd 
 

C:\Windows\System32\userinit.exe

[2008-04-14 14:00] - [2008-04-14 14:00] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 
 

C:\Windows\System32\Drivers\volsnap.sys

[2008-04-14 14:00] - [2008-04-14 14:00] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d 
 
 

==================== End Of Log ============================
--- --- ---