Delta Homes wie bekomme ich es weg?

lyci · 24.08.2013, 20:55

Hi @,

anscheinend bei einem Update des Firefox hat sich Delta-Homes bei mir eingenistet. Adware Cleaner und Junkware Removal Tool habe ich schon benutzt.
Bei jedem Neustart des Firefox habe ich Delta- Homes als Startseite, aber nicht, wenn ich einen neuen Tab aufmache.
Ich habe natürlich schon im Add On Firefox nachgeschaut ... in der Systemsteuerung und bei den laufenden Prozessen. Dort finde ich nichts, was landläufig angegeben wird.
Es wäre schön, wenn mir jemand helfen könnte.

Danke.

Lyci

schrauber · 24.08.2013, 22:26

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

lyci · 24.08.2013, 23:03

Hi Schrauber,

hier die FRST - Datei:
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2013 01
Ran by nett-marketing (administrator) on 24-08-2013 23:57:59
Running from C:\Users\nett-marketing\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apache Software Foundation) c:\xampp\apache\bin\httpd.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() c:\xampp\mysql\bin\mysqld.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
() C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Mozilla Corporation) C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NVRaidService] - C:\Windows\system32\nvraidservice.exe [291872 2009-06-30] (NVIDIA Corporation)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-15] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [155648 2010-06-08] (Apple Computer, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKU\nettmarketing\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
ShortcutTarget: Microtek Scanner Finder.lnk -> C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=3219913727_67194_D2F250DF&ts=1377188372
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=3219913727_67194_D2F250DF&ts=1377188372
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=3219913727_67194_D2F250DF&ts=1377188372
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {9F9C7764-8891-4A3D-BFCF-068EEDBB40BC} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\..\Interfaces\{DDFB34AE-F807-4974-AF8E-758837A55731}: [NameServer]62.220.18.8 89.246.64.8

FireFox:
========
FF ProfilePath: C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default
FF NewTab: hxxp://www.google.com/firefox
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "no_proxies_on", ""
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml
FF Extension: No Name - C:\Users\nett-marketing\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] C:\Program Files\Video downloader\Firefox
FF HKCU\...\Firefox\Extensions: [{78D3E302-AEE0-40BB-B866-28A0139E12C8}] C:\Users\nett-marketing\AppData\Local\{78D3E302-AEE0-40BB-B866-28A0139E12C8}
FF Extension: XULRunner - C:\Users\nett-marketing\AppData\Local\{78D3E302-AEE0-40BB-B866-28A0139E12C8}
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\nett-marketing\AppData\Roaming\IDM\idmmzcc3
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\nett-marketing\AppData\Roaming\IDM\idmmzcc3

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR HKLM-x32\...\Chrome\Extension: [hpomcmndppalndoljdilmfkkjkcnongl] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [obcjlnjgjjgghcedkcohaeboelbblehc] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files (x86)\SockshareDownloader\SockshareDownloader10.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [80496 2010-01-28] ()
S3 FileZilla Server; c:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-07-17] (McAfee, Inc.)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] ()
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-08-22] (Taiwan Shui Mu Chih Ching Technology Limited.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-31] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-31] (Avira Operations GmbH & Co. KG)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2009-12-17] (Portrait Displays, Inc.)
S3 s115bus; C:\Windows\System32\DRIVERS\s115bus.sys [108296 2007-04-23] (MCCI Corporation)
S3 s115mdfl; C:\Windows\System32\DRIVERS\s115mdfl.sys [19720 2007-04-23] (MCCI Corporation)
S3 s115mdm; C:\Windows\System32\DRIVERS\s115mdm.sys [144648 2007-04-23] (MCCI Corporation)
S3 s115mgmt; C:\Windows\System32\DRIVERS\s115mgmt.sys [126216 2007-04-23] (MCCI Corporation)
S3 s115obex; C:\Windows\System32\DRIVERS\s115obex.sys [123656 2007-04-23] (MCCI Corporation)
S2 ASPI32; No ImagePath
S1 cdrbsdrv; No ImagePath
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-24 23:57 - 2013-08-24 23:57 - 00000000 ____D C:\FRST
2013-08-24 23:56 - 2013-08-24 23:56 - 00714352 _____ C:\Users\nett-marketing\Desktop\ZipOpenerSetup.exe
2013-08-24 23:56 - 2013-08-24 23:56 - 00001144 _____ C:\Users\nett-marketing\Desktop\Continue Zip Opener Installation.lnk
2013-08-23 01:25 - 2013-08-23 01:25 - 00000630 _____ C:\Users\nett-marketing\Desktop\JRT.txt
2013-08-23 01:12 - 2013-08-23 01:12 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 00:40 - 2013-08-23 00:40 - 00002223 _____ C:\AdwCleaner[S6].txt
2013-08-23 00:39 - 2013-08-23 00:39 - 00002163 _____ C:\AdwCleaner[R8].txt
2013-08-23 00:39 - 2013-08-23 00:39 - 00002103 _____ C:\AdwCleaner[R7].txt
2013-08-23 00:30 - 2013-08-23 00:30 - 00002043 _____ C:\AdwCleaner[S5].txt
2013-08-23 00:29 - 2013-08-23 00:29 - 00001983 _____ C:\AdwCleaner[R6].txt
2013-08-23 00:22 - 2013-08-23 00:22 - 00000000 _____ C:\autoexec.bat
2013-08-23 00:21 - 2013-08-23 00:21 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-23 00:20 - 2013-08-23 00:29 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-22 18:19 - 2013-08-22 18:19 - 00000000 ____D C:\Users\nett-marketing\AppData\Roaming\WinZipper
2013-08-22 18:19 - 2013-08-22 18:19 - 00000000 ____D C:\User Data
2013-08-21 16:01 - 2013-08-21 16:01 - 00000215 _____ C:\Users\nett-marketing\Desktop\Whg.txt
2013-08-16 00:43 - 2013-08-16 00:43 - 00307608 _____ C:\Users\nett-marketing\Desktop\gu10rizzi404.exe
2013-08-12 22:49 - 2013-08-12 22:49 - 00012050 _____ C:\Users\nett-marketing\Desktop\imgres.htm
2013-08-07 02:00 - 2013-08-15 23:45 - 00010640 _____ C:\Users\nett-marketing\Desktop\Serien.xlsx
2013-08-06 22:43 - 2013-08-06 23:22 - 00000000 ____D C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2013-08-24 23:57 - 2013-08-24 23:57 - 01576734 _____ (Farbar) C:\Users\nett-marketing\Desktop\FRST64.exe
2013-08-24 23:57 - 2013-08-24 23:57 - 00000000 ____D C:\FRST
2013-08-24 23:56 - 2013-08-24 23:56 - 00714352 _____ C:\Users\nett-marketing\Desktop\ZipOpenerSetup.exe
2013-08-24 23:56 - 2013-08-24 23:56 - 00001144 _____ C:\Users\nett-marketing\Desktop\Continue Zip Opener Installation.lnk
2013-08-24 23:37 - 2012-07-31 14:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-24 23:27 - 2012-09-23 18:57 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-24 20:37 - 2013-06-29 16:46 - 00010192 _____ C:\Windows\setupact.log
2013-08-24 20:31 - 2013-07-20 18:13 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-08-24 20:30 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-24 20:30 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-24 20:29 - 2012-09-23 18:57 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-24 20:24 - 2010-03-21 19:20 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-24 20:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-24 18:23 - 2010-03-22 02:17 - 01185325 _____ C:\Windows\WindowsUpdate.log
2013-08-24 17:42 - 2011-10-16 17:57 - 00000000 ____D C:\Users\nett-marketing\AppData\Roaming\Skype
2013-08-24 16:40 - 2010-03-21 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-24 02:00 - 2010-03-23 20:27 - 00000000 ____D C:\Users\NETT-M~1\AppData\Local\Adobe
2013-08-23 01:25 - 2013-08-23 01:25 - 00000630 _____ C:\Users\nett-marketing\Desktop\JRT.txt
2013-08-23 01:12 - 2013-08-23 01:12 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 01:03 - 2013-07-07 14:45 - 00003500 _____ C:\Windows\PFRO.log
2013-08-23 01:03 - 2012-07-27 19:45 - 00000000 ____D C:\Users\nett-marketing\Desktop\Troja Board
2013-08-23 00:40 - 2013-08-23 00:40 - 00002223 _____ C:\AdwCleaner[S6].txt
2013-08-23 00:39 - 2013-08-23 00:39 - 00002163 _____ C:\AdwCleaner[R8].txt
2013-08-23 00:39 - 2013-08-23 00:39 - 00002103 _____ C:\AdwCleaner[R7].txt
2013-08-23 00:30 - 2013-08-23 00:30 - 00002043 _____ C:\AdwCleaner[S5].txt
2013-08-23 00:29 - 2013-08-23 00:29 - 00001983 _____ C:\AdwCleaner[R6].txt
2013-08-23 00:29 - 2013-08-23 00:20 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-23 00:22 - 2013-08-23 00:22 - 00000000 _____ C:\autoexec.bat
2013-08-23 00:21 - 2013-08-23 00:21 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-22 23:56 - 2010-03-22 21:06 - 00000000 ____D C:\Users\nett-marketing\AppData\Roaming\FileZilla
2013-08-22 23:55 - 2010-03-23 21:36 - 00000000 ____D C:\Program Files (x86)\phase5
2013-08-22 18:19 - 2013-08-22 18:19 - 00000000 ____D C:\Users\nett-marketing\AppData\Roaming\WinZipper
2013-08-22 18:19 - 2013-08-22 18:19 - 00000000 ____D C:\User Data
2013-08-22 18:19 - 2013-03-24 00:14 - 00001286 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-22 18:19 - 2010-03-21 18:36 - 00001274 _____ C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-22 18:19 - 2010-03-21 18:36 - 00001274 _____ C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-21 17:38 - 2012-07-31 14:38 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 17:38 - 2012-07-31 14:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 17:38 - 2012-07-31 14:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 16:01 - 2013-08-21 16:01 - 00000215 _____ C:\Users\nett-marketing\Desktop\Whg.txt
2013-08-21 13:06 - 2012-08-29 23:30 - 00054177 _____ C:\Users\nett-marketing\Desktop\Postkonto Abbuchungen.xlsx
2013-08-16 18:10 - 2012-05-07 13:27 - 00004096 ____H C:\Users\NETT-M~1\AppData\Local\keyfile3.drm
2013-08-16 00:43 - 2013-08-16 00:43 - 00307608 _____ C:\Users\nett-marketing\Desktop\gu10rizzi404.exe
2013-08-15 23:45 - 2013-08-07 02:00 - 00010640 _____ C:\Users\nett-marketing\Desktop\Serien.xlsx
2013-08-14 21:23 - 2012-07-18 19:48 - 00000000 ____D C:\Users\nett-marketing\Desktop\diverse
2013-08-12 22:49 - 2013-08-12 22:49 - 00012050 _____ C:\Users\nett-marketing\Desktop\imgres.htm
2013-08-06 23:22 - 2013-08-06 22:43 - 00000000 ____D C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird
2013-07-29 23:16 - 2012-09-22 19:57 - 00010578 _____ C:\Users\nett-marketing\Documents\Mappe1.xlsx
2013-07-29 14:29 - 2009-07-14 07:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\actvxcom_2012_02_09_201714.reg
C:\ProgramData\asm64.dat
C:\ProgramData\ext_2012_02_09_201714.reg
C:\ProgramData\paths_2012_02_09_201714.reg
C:\ProgramData\runs_2012_02_09_201714.reg
C:\ProgramData\shrdlls_2012_02_09_201714.reg
C:\ProgramData\softempt_2012_02_09_201714.reg
C:\Users\NETT-M~1\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\NETT-M~1\AppData\Local\Temp\jre_setup.exe
C:\Users\NETT-M~1\AppData\Local\Temp\SHSetup.exe
C:\Users\NETT-M~1\AppData\Local\Temp\SkypeSetup.exe
C:\Users\NETT-M~1\AppData\Local\Temp\Omigaplus\eInstall\eInstall.exe
C:\Users\NETT-M~1\AppData\Local\Temp\Omigaplus\eInstall\msvcp100.dll
C:\Users\NETT-M~1\AppData\Local\Temp\Omigaplus\eInstall\msvcr100.dll
C:\Users\NETT-M~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\NETT-M~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest
C:\Users\NETT-M~1\AppData\Local\Temp\is357113909\DeltaTB.exe
C:\Users\NETT-M~1\AppData\Local\Temp\eIntaller\0381FE2EAE6B4a7183780966E51D6827\eXQ.exe
C:\Users\NETT-M~1\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 17:06

==================== End Of Log ============================

--- --- ---

--- --- ---

hier die Additioal - Datei:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2013 01
Ran by nett-marketing at 2013-08-24 23:58:33
Running from C:\Users\nett-marketing\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x32)
Ad-Aware Browsing Protection (x32 Version: 1.0.0.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader X (10.1.3) - Deutsch (x32 Version: 10.1.3)
Amazon Kindle (HKCU)
Audacity 2.0.3 (x32 Version: 2.0.3)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
bl (x32 Version: 1.0.0)
calibre (x32 Version: 0.9.17)
Camtasia Studio 7 (x32 Version: 7.0.1)
Canon iP4500 series
Canon iP4500 series Benutzerregistrierung (x32)
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities Solution Menu (x32)
CCleaner (Version: 3.14)
Color Lines Classic (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
easy Whiteboard (x32)
ElsterFormular (x32 Version: 13.2.0.8623p)
ElsterFormular (x32 Version: 14.1.20130301)
FileZilla Client 3.7.1 (x32 Version: 3.7.1)
FormatFactory 3.0.1 (x32 Version: 3.0.1)
Google Update Helper (x32 Version: 1.3.21.153)
IsoBuster 2.8.5 (x32 Version: 2.8.5)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Luxor Amun Rising with Luxor (x32 Version: )
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint 2003 Template Pack 1 (x32 Version: 11.0.5614.0)
Microsoft Office PowerPoint 2003 Template Pack 2 (x32 Version: 11.0.5614.0)
Microsoft Office PowerPoint 2003 Template Pack 3 (x32 Version: 11.0.5614.0)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ Run Time Lib Setup (x32 Version: 1.0.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSVCRT (x32 Version: 15.4.2862.0708)
Nero - Burning Rom (Web installer) (x32)
Nero Backup Drivers (Version: 1.0.11100.8.0)
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Display Control Panel (Version: 1.10)
NVIDIA Drivers (Version: 1.7)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
on Inkjet Printer Driver Add-On Module V2.00
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
Phase 5 HTML-Editor (x32 Version: 5.6.2.3)
Pivot Software (x32 Version: 9.03.004)
PVSonyDll (Version: 1.00.0001)
Pyramids (x32)
QuarkXPress (x32 Version: 8.02.0000)
QuarkXPress Passport 4.0 (x32)
QuickTime (x32 Version: 7.0.4)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6077)
ScanWizard 5 (x32)
SDK (x32 Version: 2.20.009)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartControl (x32 Version: 2.00.021)
Tweet Adder 3 (x32 Version: 3.0.42)
Uninstall 1.0.0.1 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
VLC media player 1.1.4 (x32 Version: 1.1.4)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0)
WinRAR (x32)
WinZipper (x32 Version: 1.4.8)
XAMPP 1.7.7 (x32)
Xilisoft PowerPoint to Video Converter Free (x32 Version: 1.1.0.20120228)

==================== Restore Points =========================

21-03-2013 22:01:23 Installed Java 7 Update 17
21-03-2013 23:02:33 Installed Java 7 Update 17
22-03-2013 12:05:52 Removed Google Earth.
22-03-2013 12:10:10 Entfernt League of Legends
22-03-2013 12:16:26 Macromedia Extension Manager wird entfernt
22-03-2013 12:17:44 Removed MSXML 4.0 SP3 Parser
22-03-2013 12:18:14 Removed MSXML 4.0 SP3 Parser (KB2721691)
22-03-2013 12:19:50 Removed Skype™ 6.2
22-03-2013 12:21:43 Windows Live Essentials
22-03-2013 12:22:00 WLSetup
22-03-2013 12:41:55 Revo Uninstaller's restore point - Adobe Flash Player 11 Plugin
22-03-2013 12:46:46 Revo Uninstaller's restore point - Eyes v2.0
22-03-2013 12:47:35 Revo Uninstaller's restore point - 81% Gewinn für Jedermann
22-03-2013 12:52:22 Revo Uninstaller's restore point - Microsoft Silverlight
22-03-2013 12:52:38 Removed Microsoft Silverlight
22-03-2013 12:56:13 Revo Uninstaller's restore point - HDVidCodec
23-03-2013 19:23:10 Installed Java 7 Update 17
23-03-2013 20:59:00 Removed Java 7 Update 17 (64-bit)
23-03-2013 21:08:15 Installed Java 7 Update 17 (64-bit)
23-03-2013 21:24:36 Removed Java 7 Update 17 (64-bit)
23-03-2013 21:30:44 Installed Java 7 Update 17 (64-bit)
23-03-2013 21:31:32 Installed Java 7 Update 17
23-03-2013 21:54:57 Removed Java(TM) 7 Update 5
23-03-2013 21:55:50 Removed Java 7 Update 17 (64-bit)
23-03-2013 21:56:53 Removed Java(TM) 7 Update 5
23-03-2013 21:58:02 Removed Java(TM) 7 Update 5
23-03-2013 22:03:44 Installed Java(TM) 6 Update 43
27-03-2013 02:02:36 Quitado FlashPlayer
27-03-2013 02:08:51 Quitado FlashPlayer
01-04-2013 00:03:25 Removed Java(TM) 6 Update 43 (64-bit)
01-04-2013 00:12:31 Installed Java(TM) 6 Update 35
09-04-2013 14:17:17 Scheduled Checkpoint
18-04-2013 14:02:32 Scheduled Checkpoint
25-04-2013 14:10:49 Scheduled Checkpoint
03-05-2013 11:49:47 Scheduled Checkpoint
10-05-2013 12:09:52 Scheduled Checkpoint
17-05-2013 23:48:55 Scheduled Checkpoint
25-05-2013 16:40:06 Scheduled Checkpoint
31-05-2013 18:20:25 Removed AVG 2012
31-05-2013 18:21:50 Removed AVG 2012
08-06-2013 20:56:01 Scheduled Checkpoint
12-06-2013 14:26:13 Removed Skype™ 6.5
22-06-2013 17:59:57 Scheduled Checkpoint
29-06-2013 13:30:45 Installed Java 7 Update 25
06-07-2013 18:49:06 Scheduled Checkpoint
17-07-2013 10:54:32 Scheduled Checkpoint
25-07-2013 18:45:15 Scheduled Checkpoint
01-08-2013 20:39:04 Scheduled Checkpoint
08-08-2013 22:00:21 Scheduled Checkpoint
16-08-2013 17:37:33 Scheduled Checkpoint
22-08-2013 22:20:55 Installed SpyHunter
22-08-2013 22:26:47 Removed SpyHunter
22-08-2013 22:27:52 Removed SpyHunter
22-08-2013 22:28:21 Removed SpyHunter

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-03-08 20:24 - 00000975 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1AC8A344-2292-48DA-8D3A-F619E76D1427} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {23ECB008-8358-42A8-9BFE-EF1E13C2E1D5} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe No File
Task: {3114477E-A213-4E2C-919A-A1DAF8148E33} - System32\Tasks\{21C46933-229A-4F13-A7CB-242DFF87EB8F} => C:\Users\nett-marketing\Desktop\DosSpiele\Warcraft\WARCRAFT\SETUP.EXE No File
Task: {33A296F7-CEDE-4901-96E3-F89990D5BF34} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe No File
Task: {425A94BE-65BF-4E67-9B34-D91B680506AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {4679066F-36DD-4241-9D38-E67EF1F356DD} - System32\Tasks\{361C21D3-2798-466D-B2A5-0E517C5F9680} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe No File
Task: {5634CF20-9951-41C5-8701-ADD1A5522CEF} - System32\Tasks\{C00C613E-CFD6-4D29-87BE-F40381FBD645} => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2009-09-16] (Tonec Inc.)
Task: {5CA6D9AC-4293-48E9-B0D1-AD330E76DF3C} - System32\Tasks\{E3FA2E35-FABC-4B3B-8F4E-DE7ED7591635} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe No File
Task: {7925DFB6-DA63-418D-8BEE-596930B079BE} - System32\Tasks\{0D955565-D8D3-400F-8F4F-6862F818B0A0} => C:\Titans of Steel\progs\tcc.exe No File
Task: {94A48838-4266-44B7-B889-47BD98D8972B} - System32\Tasks\{7A5650FF-7BC0-4782-A9AD-28DD807A8FDA} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe No File
Task: {96478002-DABD-4CAE-B746-15875B5222B5} - System32\Tasks\{A70E83A0-64E8-4D3B-9B86-74D55304DBAD} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {98B1C7A3-B33B-40E2-8E64-39D9972E0B0D} - System32\Tasks\AdobeAAMUpdater-1.0-nett-marketing1-nett-marketing => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {BB2613A6-8FC4-40C2-A046-BB502D88C506} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {C53A9118-DFE0-44EE-A0AA-91B7DCED8D76} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1304805427-2328156682-2798200666-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {C6E1414A-6494-4024-B21D-E61BA171142C} - System32\Tasks\{3A7DE6F3-090D-4252-8968-6083674D3A2A} => C:\Users\nett-marketing\Desktop\DosSpiele\Warcraft\WARCRAFT\SETUP.EXE No File
Task: {CF745260-66DC-4887-B7CE-1061548B8923} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.)
Task: {D31F03F7-6FC4-43F2-894D-359946E6179B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23] (Google Inc.)
Task: {D6CCD25D-7725-4C7C-931E-ABE8C19F32FC} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1304805427-2328156682-2798200666-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {E8D8DE26-B5AE-4499-AA66-4BC062FE77F6} - \66b7b150 No Task File
Task: {F98D1D20-D07D-4016-992D-B83542C28545} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2013 09:52:18 PM) (Source: RasClient) (User: )
Description: CoID={B2139F15-FB6C-439D-99FB-F0A027FFE0EC}: Der Benutzer "nett-marketing1\nett-marketing" hat eine Verbindung mit dem Namen "versatel" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.

Error: (08/24/2013 09:35:41 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6662.5003, Zeitstempel: 0x500718b4
Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 10.145.6011.8, Zeitstempel: 0x3e560024
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00050065
ID des fehlerhaften Prozesses: 0x5fc
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (08/23/2013 05:41:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6662.5003, Zeitstempel: 0x500718b4
Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 10.145.6011.8, Zeitstempel: 0x3e560024
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00050065
ID des fehlerhaften Prozesses: 0x860
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

System errors:
=============
Error: (08/24/2013 08:25:23 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error: (08/24/2013 08:24:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/24/2013 08:24:36 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/24/2013 08:24:34 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/24/2013 08:17:28 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error: (08/24/2013 08:17:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/24/2013 08:16:46 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/24/2013 08:16:44 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/24/2013 06:23:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (08/24/2013 04:17:20 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Microsoft Office Sessions:
=========================
Error: (08/24/2013 09:35:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/23/2013 05:41:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1430 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (08/21/2013 11:45:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/20/2013 10:41:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/14/2013 06:56:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 351 seconds with 240 seconds of active time. This session ended with a crash.

Error: (08/14/2013 05:44:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 95 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/05/2013 04:16:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 272 seconds with 60 seconds of active time. This session ended with a crash.

Error: (07/30/2013 06:43:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/30/2013 00:00:23 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1260 seconds with 600 seconds of active time. This session ended with a crash.

Error: (07/27/2013 02:38:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 119 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2012-07-31 20:41:34.664
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2012-07-31 20:41:34.617
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2012-07-28 22:22:41.761
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2012-07-28 22:22:41.714
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2012-07-27 18:33:59.752
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2012-07-27 18:33:59.674
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2012-07-27 18:33:59.580
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2012-07-27 18:33:39.456
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2012-07-27 18:33:39.378
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2012-07-27 18:33:39.269
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 4095.23 MB
Available physical RAM: 2247.69 MB
Total Pagefile: 8188.64 MB
Available Pagefile: 6101.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.79 GB) (Free:442.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (WEIHNACHTEN) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS
Drive s: () (Fixed) (Total:931.51 GB) (Free:810.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 038480CF)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7046A4E4)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=920 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Vielen Dank für deine Bemühung.

LG

Lyci

schrauber · 25.08.2013, 10:24

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

lyci · 25.08.2013, 14:56

Hi Schrauber,

nach dem Neustart von AdwCleaner erschien "Delta- Home" nicht wieder als Startseite, sondern eine Firefoxseite.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
nett-marketing :: NETT-MARKETING1 [Administrator]

25.08.2013 15:18:40
MBAM-log-2013-08-25 (15-24-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 302122
Laufzeit: 5 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\nett-marketing\Desktop\FlashPlayer_V.57481114b.exe (Adware.DomaIQ) -> Keine Aktion durchgeführt.
C:\Users\nett-marketing\AppData\Local\Temp\is357113909\DeltaTB.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 25/08/2013 at 15:30:22
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : nett-marketing - NETT-MARKETING1
# Running from : C:\Users\nett-marketing\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : winzipersvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Users\NETT-M~1\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\nett-marketing\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\jetpack
Folder Deleted : C:\Users\nettmarketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
File Deleted : C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\nettmarketing\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\nett-marketing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\nett-marketing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{77BEC163-D389-42c1-91A4-C758846296A5}]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\omigaplusSvc
Key Deleted : HKLM\Software\V9
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Video downloader

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16455

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\prefs.js ]


[ File : C:\Users\nettmarketing\AppData\Roaming\Mozilla\Firefox\Profiles\q5sbmr4i.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\nett-marketing\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\nettmarketing\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5086 octets] - [25/08/2013 15:29:27]
AdwCleaner[S0].txt - [3544 octets] - [25/08/2013 15:30:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3604 octets] ##########

Erst einmal das... und gleich der Rest

Danke

Lyci

Hi SChrauber,

und hier der Rest:

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Ultimate x64
Ran by nett-marketing on 25.08.2013 at 15:38:13,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.08.2013 at 15:44:39,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013
Ran by nett-marketing (administrator) on 25-08-2013 15:55:22
Running from C:\Users\nett-marketing\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apache Software Foundation) c:\xampp\apache\bin\httpd.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() c:\xampp\mysql\bin\mysqld.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
() C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Great Beard) C:\Program Files (x86)\Pyramids v1.0\Pyramids.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NVRaidService] - C:\Windows\system32\nvraidservice.exe [291872 2009-06-30] (NVIDIA Corporation)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-15] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [155648 2010-06-08] (Apple Computer, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKU\nettmarketing\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
ShortcutTarget: Microtek Scanner Finder.lnk -> C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=3219913727_67194_D2F250DF&ts=1377188372
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=3219913727_67194_D2F250DF&ts=1377188372
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\..\Interfaces\{DDFB34AE-F807-4974-AF8E-758837A55731}: [NameServer]62.220.18.8 89.246.64.8

FireFox:
========
FF ProfilePath: C:\Users\nett-marketing\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default
FF NewTab: hxxp://www.google.com/firefox
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "no_proxies_on", ""
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml
FF Extension: No Name - C:\Users\nett-marketing\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [{78D3E302-AEE0-40BB-B866-28A0139E12C8}] C:\Users\nett-marketing\AppData\Local\{78D3E302-AEE0-40BB-B866-28A0139E12C8}
FF Extension: XULRunner - C:\Users\nett-marketing\AppData\Local\{78D3E302-AEE0-40BB-B866-28A0139E12C8}
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\nett-marketing\AppData\Roaming\IDM\idmmzcc3
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\nett-marketing\AppData\Roaming\IDM\idmmzcc3

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR HKLM-x32\...\Chrome\Extension: [hpomcmndppalndoljdilmfkkjkcnongl] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [obcjlnjgjjgghcedkcohaeboelbblehc] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files (x86)\SockshareDownloader\SockshareDownloader10.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [80496 2010-01-28] ()
S3 FileZilla Server; c:\xampp\FileZillaFTP\FileZillaServer.exe [630272 2011-06-07] (FileZilla Project)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-07-17] (McAfee, Inc.)
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-31] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-31] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2009-12-17] (Portrait Displays, Inc.)
S3 s115bus; C:\Windows\System32\DRIVERS\s115bus.sys [108296 2007-04-23] (MCCI Corporation)
S3 s115mdfl; C:\Windows\System32\DRIVERS\s115mdfl.sys [19720 2007-04-23] (MCCI Corporation)
S3 s115mdm; C:\Windows\System32\DRIVERS\s115mdm.sys [144648 2007-04-23] (MCCI Corporation)
S3 s115mgmt; C:\Windows\System32\DRIVERS\s115mgmt.sys [126216 2007-04-23] (MCCI Corporation)
S3 s115obex; C:\Windows\System32\DRIVERS\s115obex.sys [123656 2007-04-23] (MCCI Corporation)
S2 ASPI32; No ImagePath
S1 cdrbsdrv; No ImagePath
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-25 15:44 - 2013-08-25 15:44 - 00000630 _____ C:\Users\nett-marketing\Desktop\JRT.txt
2013-08-25 15:29 - 2013-08-25 15:30 - 00000000 ____D C:\AdwCleaner
2013-08-25 15:16 - 2013-08-25 15:16 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-25 15:16 - 2013-08-25 15:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 15:16 - 2013-08-25 15:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 15:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-24 23:58 - 2013-08-25 00:03 - 00029825 _____ C:\Users\nett-marketing\Desktop\Addition.txt
2013-08-24 23:57 - 2013-08-24 23:57 - 00000000 ____D C:\FRST
2013-08-24 23:56 - 2013-08-24 23:56 - 00001144 _____ C:\Users\nett-marketing\Desktop\Continue Zip Opener Installation.lnk
2013-08-23 01:12 - 2013-08-23 01:12 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 00:40 - 2013-08-23 00:40 - 00002223 _____ C:\AdwCleaner[S6].txt
2013-08-23 00:39 - 2013-08-23 00:39 - 00002163 _____ C:\AdwCleaner[R8].txt
2013-08-23 00:39 - 2013-08-23 00:39 - 00002103 _____ C:\AdwCleaner[R7].txt
2013-08-23 00:30 - 2013-08-23 00:30 - 00002043 _____ C:\AdwCleaner[S5].txt
2013-08-23 00:29 - 2013-08-23 00:29 - 00001983 _____ C:\AdwCleaner[R6].txt
2013-08-23 00:22 - 2013-08-23 00:22 - 00000000 _____ C:\autoexec.bat
2013-08-23 00:21 - 2013-08-23 00:21 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-23 00:20 - 2013-08-23 00:29 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-22 18:19 - 2013-08-22 18:19 - 00000000 ____D C:\User Data
2013-08-21 16:01 - 2013-08-21 16:01 - 00000215 _____ C:\Users\nett-marketing\Desktop\Whg.txt
2013-08-16 00:43 - 2013-08-16 00:43 - 00307608 _____ C:\Users\nett-marketing\Desktop\gu10rizzi404.exe
2013-08-12 22:49 - 2013-08-12 22:49 - 00012050 _____ C:\Users\nett-marketing\Desktop\imgres.htm
2013-08-07 02:00 - 2013-08-15 23:45 - 00010640 _____ C:\Users\nett-marketing\Desktop\Serien.xlsx
2013-08-06 22:43 - 2013-08-06 23:22 - 00000000 ____D C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2013-08-25 15:51 - 2012-07-27 19:45 - 00000000 ____D C:\Users\nett-marketing\Desktop\Troja Board
2013-08-25 15:44 - 2013-08-25 15:44 - 00000630 _____ C:\Users\nett-marketing\Desktop\JRT.txt
2013-08-25 15:37 - 2012-07-31 14:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-25 15:37 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 15:37 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-25 15:32 - 2012-09-23 18:57 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-25 15:31 - 2013-07-07 14:45 - 00004140 _____ C:\Windows\PFRO.log
2013-08-25 15:31 - 2013-06-29 16:46 - 00010304 _____ C:\Windows\setupact.log
2013-08-25 15:31 - 2010-03-21 19:20 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-25 15:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 15:30 - 2013-08-25 15:29 - 00000000 ____D C:\AdwCleaner
2013-08-25 15:30 - 2013-03-24 00:14 - 00001056 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-25 15:30 - 2010-03-22 02:17 - 01242851 _____ C:\Windows\WindowsUpdate.log
2013-08-25 15:30 - 2010-03-21 18:36 - 00001044 _____ C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-25 15:30 - 2010-03-21 18:36 - 00001044 _____ C:\Users\nett-marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-25 15:27 - 2012-09-23 18:57 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-25 15:16 - 2013-08-25 15:16 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-25 15:16 - 2013-08-25 15:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 15:16 - 2013-08-25 15:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 02:00 - 2010-03-23 20:27 - 00000000 ____D C:\Users\NETT-M~1\AppData\Local\Adobe
2013-08-25 00:03 - 2013-08-24 23:58 - 00029825 _____ C:\Users\nett-marketing\Desktop\Addition.txt
2013-08-24 23:57 - 2013-08-24 23:57 - 00000000 ____D C:\FRST
2013-08-24 23:56 - 2013-08-24 23:56 - 00001144 _____ C:\Users\nett-marketing\Desktop\Continue Zip Opener Installation.lnk
2013-08-24 17:42 - 2011-10-16 17:57 - 00000000 ____D C:\Users\nett-marketing\AppData\Roaming\Skype
2013-08-24 16:40 - 2010-03-21 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-23 01:12 - 2013-08-23 01:12 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 00:40 - 2013-08-23 00:40 - 00002223 _____ C:\AdwCleaner[S6].txt
2013-08-23 00:39 - 2013-08-23 00:39 - 00002163 _____ C:\AdwCleaner[R8].txt
2013-08-23 00:39 - 2013-08-23 00:39 - 00002103 _____ C:\AdwCleaner[R7].txt
2013-08-23 00:30 - 2013-08-23 00:30 - 00002043 _____ C:\AdwCleaner[S5].txt
2013-08-23 00:29 - 2013-08-23 00:29 - 00001983 _____ C:\AdwCleaner[R6].txt
2013-08-23 00:29 - 2013-08-23 00:20 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-23 00:22 - 2013-08-23 00:22 - 00000000 _____ C:\autoexec.bat
2013-08-23 00:21 - 2013-08-23 00:21 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-22 23:56 - 2010-03-22 21:06 - 00000000 ____D C:\Users\nett-marketing\AppData\Roaming\FileZilla
2013-08-22 23:55 - 2010-03-23 21:36 - 00000000 ____D C:\Program Files (x86)\phase5
2013-08-22 18:19 - 2013-08-22 18:19 - 00000000 ____D C:\User Data
2013-08-21 17:38 - 2012-07-31 14:38 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 17:38 - 2012-07-31 14:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 17:38 - 2012-07-31 14:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 16:01 - 2013-08-21 16:01 - 00000215 _____ C:\Users\nett-marketing\Desktop\Whg.txt
2013-08-21 13:06 - 2012-08-29 23:30 - 00054177 _____ C:\Users\nett-marketing\Desktop\Postkonto Abbuchungen.xlsx
2013-08-16 18:10 - 2012-05-07 13:27 - 00004096 ____H C:\Users\NETT-M~1\AppData\Local\keyfile3.drm
2013-08-16 00:43 - 2013-08-16 00:43 - 00307608 _____ C:\Users\nett-marketing\Desktop\gu10rizzi404.exe
2013-08-15 23:45 - 2013-08-07 02:00 - 00010640 _____ C:\Users\nett-marketing\Desktop\Serien.xlsx
2013-08-14 21:23 - 2012-07-18 19:48 - 00000000 ____D C:\Users\nett-marketing\Desktop\diverse
2013-08-12 22:49 - 2013-08-12 22:49 - 00012050 _____ C:\Users\nett-marketing\Desktop\imgres.htm
2013-08-06 23:22 - 2013-08-06 22:43 - 00000000 ____D C:\Users\nettmarketing\AppData\Local\Mozilla Thunderbird
2013-07-29 23:16 - 2012-09-22 19:57 - 00010578 _____ C:\Users\nett-marketing\Documents\Mappe1.xlsx
2013-07-29 14:29 - 2009-07-14 07:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\actvxcom_2012_02_09_201714.reg
C:\ProgramData\asm64.dat
C:\ProgramData\ext_2012_02_09_201714.reg
C:\ProgramData\paths_2012_02_09_201714.reg
C:\ProgramData\runs_2012_02_09_201714.reg
C:\ProgramData\shrdlls_2012_02_09_201714.reg
C:\ProgramData\softempt_2012_02_09_201714.reg
C:\Users\NETT-M~1\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\NETT-M~1\AppData\Local\Temp\jre_setup.exe
C:\Users\NETT-M~1\AppData\Local\Temp\Quarantine.exe
C:\Users\NETT-M~1\AppData\Local\Temp\SHSetup.exe
C:\Users\NETT-M~1\AppData\Local\Temp\SkypeSetup.exe
C:\Users\NETT-M~1\AppData\Local\Temp\Omigaplus\eInstall\eInstall.exe
C:\Users\NETT-M~1\AppData\Local\Temp\Omigaplus\eInstall\msvcp100.dll
C:\Users\NETT-M~1\AppData\Local\Temp\Omigaplus\eInstall\msvcr100.dll
C:\Users\NETT-M~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\NETT-M~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest
C:\Users\NETT-M~1\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 17:06

==================== End Of Log ============================

--- --- ---

--- --- ---

Vielen Dank für deine Mühe.

Lyci

schrauber · 25.08.2013, 19:40

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Delta Homes wie bekomme ich es weg?

Plagegeister aller Art und deren Bekämpfung: Delta Homes wie bekomme ich es weg?