Browser Hijacker-Wie bekomme ich es weg?

nazzza · 28.08.2013, 15:28

Hi ich bin ein totaler Anfänger hier und hab mich in vielen Foren schon durch gelesen aber das ist mir alles zu kompliziert. Ich brauche jemanden der mich an die Hand nimmt und mich da durch führt. Hab Trend Micro Hijack This geladen und einmal gescannt. Das kam dabei raus:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:11:56, on 28.08.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HomeTab\ProtectedSearch.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\FreePDF_XP\fpassist.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\shegeftfardn\AppData\Local\Temp\Temp1_HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0039030 - {11111111-1111-1111-1111-110311901130} - C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho.dll
O2 - BHO: Avira SearchFree Toolbar plus Web Protection BHO - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\shegeftfardn\AppData\Roaming\HomeTab\HomeTab.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O3 - Toolbar: HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\shegeftfardn\AppData\Roaming\HomeTab\HomeTab.dll
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: SwyxIt! Wählhilfe - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Program Files (x86)\SwyxIt!\IEDial.htm
O9 - Extra 'Tools' menuitem: SwyxIt! Wählhilfe - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Program Files (x86)\SwyxIt!\IEDial.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pfm-ag.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pfm-ag.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pfm-ag.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Security Management Center Agent (AntiVir Security Management Center Agent) - Avira GmbH - C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ask Aktualisierungsdienst (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Empirum Remote Installation Service (ERIS) - Unknown owner - C:\Windows\system32\Empirum\Eris.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Aventail VPN Client (NgVpnMgr) - Unknown owner - C:\Windows\system32\ngvpnmgr.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe
O23 - Service: System Store (SystemStoreService) - Unknown owner - C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12220 bytes

Was mach ich denn nun?

Liebste Grüße

schrauber · 28.08.2013, 16:08

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

nazzza · 28.08.2013, 17:11

Hi! Wenigstens hab ich das schon mal hin bekommen
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by shegeftfardn (administrator) on 28-08-2013 18:08:54
Running from C:\Users\shegeftfardn\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe
(Aventail Corporation) C:\Windows\system32\ngvpnmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
(Avira GmbH) C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Matrix42 AG) C:\Windows\system32\Empirum\Eris.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Matrix42 AG) C:\Windows\System32\Empirum\ERIS_UI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Matrix42 AG) C:\Windows\system32\Empirum\eris_ui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2010-05-07] (IDT, Inc.)
HKLM\...\Run: [erisui] - "C:\Windows\system32\Empirum\eris_ui" /hide [x]
HKLM\...\Run: [SWDepot] - C:\WINDOWS\system32\EMPIRUM\SWDepot.exe \\spk20035\Configurator$\User\SWDepot.dds /K7200 /I /B /F /S /T0 /Z1 /Y1 [x]
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM-x32\...\Runonce: [Del611274] - cmd.exe /Q /D /c del "C:\Users\SHEGEF~1\AppData\Local\Temp\0.del" [x]
HKCU\...\Run: [Gadwin PrintScreen] - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2010-10-14] (Gadwin Systems, Inc)
HKCU\...\Runonce: [Del611274] - cmd.exe /Q /D /c del "C:\Users\SHEGEF~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
HKU\sysadmemp.PFM-AG\...\Run: [Gadwin PrintScreen] - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2010-10-14] (Gadwin Systems, Inc)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=5098002710002BE9&affID=119357&tsp=4988
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - URL hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q={searchTerms}
SearchScopes: HKLM-x32 - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66920&gid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 - TopResultURLFallback hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q={searchTerms}
SearchScopes: HKCU - 1274F1985CBD479BA483902CC40F94AD URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=5098002710002BE9&affID=119357&tsp=4988
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default
FF user.js: detected! => C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome: 
=======
CHR HomePage: hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=5098002710002BE9&affID=119357&tsp=4988
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=5098002710002BE9&affID=119357&tsp=4988"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U23) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (Google Docs) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [89600 2010-05-07] (Andrea Electronics Corporation)
R2 AntiVir Security Management Center Agent; C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [636161 2009-04-01] (Avira GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 ERIS; C:\Windows\system32\Empirum\Eris.exe [220536 2012-04-26] (Matrix42 AG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R2 NgVpnMgr; C:\Windows\system32\ngvpnmgr.exe [436296 2010-09-13] (Aventail Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe [240640 2010-05-07] (IDT, Inc.)
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [296448 2013-08-27] ()
S4 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [301120 2013-08-16] (Wsys Co., Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [25672 2010-09-13] (Aventail Corporation)
R3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [31304 2010-09-13] (Aventail Corporation)
R3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [102984 2010-09-13] (Aventail Corporation)
R3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [28744 2010-09-13] (Aventail Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-09-19] (STMicroelectronics)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-28 18:08 - 2013-08-28 18:08 - 00000000 ____D C:\FRST
2013-08-28 17:52 - 2013-08-28 18:00 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\BabSolution
2013-08-28 17:51 - 2013-08-28 17:51 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\DSite
2013-08-28 17:51 - 2013-08-28 17:51 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Babylon
2013-08-28 17:51 - 2013-08-28 17:51 - 00000000 ____D C:\ProgramData\Babylon
2013-08-28 17:48 - 2013-08-28 17:49 - 00714816 _____ C:\Users\shegeftfardn\Downloads\ZipOpenerSetup.exe
2013-08-28 16:12 - 2013-08-28 16:12 - 00012222 _____ C:\Users\shegeftfardn\Documents\hijackthis.log
2013-08-28 12:17 - 2013-08-28 12:17 - 00000000 ____D C:\Users\shegeftfardn\Documents\Fax
2013-08-27 23:06 - 2013-08-27 23:06 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-27 22:44 - 2013-08-27 22:44 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 ____D C:\EmpirumAgent
2013-08-27 22:32 - 2013-08-27 22:32 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\TrojanHunter
2013-08-27 20:47 - 2013-08-27 22:33 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-08-27 20:47 - 2013-08-27 20:47 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-08-27 20:42 - 2013-08-27 23:05 - 00000085 _____ C:\Windows\wininit.ini
2013-08-27 20:37 - 2013-08-27 20:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-27 20:37 - 2013-08-27 20:37 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-27 19:50 - 2013-08-28 16:02 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-27 19:49 - 2013-08-27 19:49 - 00000000 ____D C:\Users\SHEGEF~1\AppData\Local\Freemium
2013-08-27 19:47 - 2013-08-27 22:54 - 00003806 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-08-27 19:46 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-27 19:44 - 2013-08-28 16:02 - 00004208 _____ C:\Windows\System32\Tasks\Software Updater
2013-08-27 19:44 - 2013-08-28 16:02 - 00004190 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-08-27 19:43 - 2013-08-27 19:44 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-08-27 19:41 - 2013-08-27 19:41 - 00000215 _____ C:\Users\shegeftfardn\Desktop\Amazon.url
2013-08-27 19:40 - 2013-08-27 19:41 - 00000000 ____D C:\Users\SHEGEF~1\AppData\Local\DownloadGuide
2013-08-26 23:04 - 2013-08-27 19:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 12:58 - 2013-08-17 13:00 - 00000000 ____D C:\Users\shegeftfardn\Desktop\PrintScreen Files
2013-08-17 11:50 - 2013-08-17 11:50 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-16 22:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 22:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 22:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 22:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 22:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 22:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 22:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 22:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 22:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 22:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 22:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 22:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 22:17 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 22:10 - 2013-08-16 22:11 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 22:04 - 2013-08-16 22:03 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-16 22:02 - 2013-08-16 22:02 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-16 22:02 - 2013-08-16 22:02 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Avira
2013-08-16 22:01 - 2013-07-18 08:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-16 22:01 - 2013-07-18 08:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-16 22:01 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-16 21:46 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 21:46 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 21:46 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 21:46 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 21:46 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 21:46 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 21:46 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 21:46 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 21:46 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 21:46 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 21:45 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 21:45 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 21:45 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 21:45 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 21:45 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-16 21:45 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-10 13:48 - 2013-08-10 13:48 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-10 13:48 - 2013-08-10 13:48 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-10 13:47 - 2013-08-10 13:47 - 00000000 ____D C:\ProgramData\APN

==================== One Month Modified Files and Folders =======

2013-08-28 18:08 - 2013-08-28 18:08 - 01579080 _____ (Farbar) C:\Users\shegeftfardn\Downloads\FRST64.exe
2013-08-28 18:08 - 2013-08-28 18:08 - 00000000 ____D C:\FRST
2013-08-28 18:00 - 2013-08-28 17:52 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\BabSolution
2013-08-28 17:53 - 2013-01-14 11:39 - 01395395 _____ C:\Windows\WindowsUpdate.log
2013-08-28 17:51 - 2013-08-28 17:51 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\DSite
2013-08-28 17:51 - 2013-08-28 17:51 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Babylon
2013-08-28 17:51 - 2013-08-28 17:51 - 00000000 ____D C:\ProgramData\Babylon
2013-08-28 17:51 - 2009-07-14 06:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 17:51 - 2009-07-14 06:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 17:49 - 2013-08-28 17:48 - 00714816 _____ C:\Users\shegeftfardn\Downloads\ZipOpenerSetup.exe
2013-08-28 17:44 - 2013-05-13 23:40 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 17:41 - 2010-11-21 05:47 - 00045652 _____ C:\Windows\PFRO.log
2013-08-28 17:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 17:41 - 2009-07-14 06:51 - 00042319 _____ C:\Windows\setupact.log
2013-08-28 17:06 - 2013-01-14 12:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-28 16:56 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2013-08-28 16:32 - 2013-01-25 16:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-28 16:20 - 2013-05-13 23:40 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-28 16:12 - 2013-08-28 16:12 - 00012222 _____ C:\Users\shegeftfardn\Documents\hijackthis.log
2013-08-28 16:02 - 2013-08-27 19:50 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-28 16:02 - 2013-08-27 19:44 - 00004208 _____ C:\Windows\System32\Tasks\Software Updater
2013-08-28 16:02 - 2013-08-27 19:44 - 00004190 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-08-28 12:17 - 2013-08-28 12:17 - 00000000 ____D C:\Users\shegeftfardn\Documents\Fax
2013-08-27 23:06 - 2013-08-27 23:06 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-27 23:05 - 2013-08-27 20:42 - 00000085 _____ C:\Windows\wininit.ini
2013-08-27 22:54 - 2013-08-27 19:47 - 00003806 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-08-27 22:44 - 2013-08-27 22:44 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 ____D C:\EmpirumAgent
2013-08-27 22:33 - 2013-08-27 20:47 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-08-27 22:32 - 2013-08-27 22:32 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\TrojanHunter
2013-08-27 20:47 - 2013-08-27 20:47 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-08-27 20:39 - 2013-08-27 20:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-27 20:37 - 2013-08-27 20:37 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-27 19:55 - 2013-05-04 00:18 - 00000000 ____D C:\Windows\Minidump
2013-08-27 19:49 - 2013-08-27 19:49 - 00000000 ____D C:\Users\SHEGEF~1\AppData\Local\Freemium
2013-08-27 19:46 - 2013-08-26 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-27 19:44 - 2013-08-27 19:43 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-08-27 19:41 - 2013-08-27 19:41 - 00000215 _____ C:\Users\shegeftfardn\Desktop\Amazon.url
2013-08-27 19:41 - 2013-08-27 19:40 - 00000000 ____D C:\Users\SHEGEF~1\AppData\Local\DownloadGuide
2013-08-27 19:22 - 2013-07-28 12:52 - 00000000 ____D C:\ProgramData\eSafe
2013-08-27 19:15 - 2013-01-25 12:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 13:00 - 2013-08-17 12:58 - 00000000 ____D C:\Users\shegeftfardn\Desktop\PrintScreen Files
2013-08-17 11:50 - 2013-08-17 11:50 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-17 11:50 - 2013-05-13 23:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-16 22:14 - 2011-04-12 09:26 - 00710886 _____ C:\Windows\system32\perfh007.dat
2013-08-16 22:14 - 2011-04-12 09:26 - 00153946 _____ C:\Windows\system32\perfc007.dat
2013-08-16 22:14 - 2009-07-14 07:13 - 01672172 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-16 22:11 - 2013-08-16 22:10 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 22:09 - 2013-04-22 23:46 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 22:06 - 2013-07-28 13:13 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Skype
2013-08-16 22:03 - 2013-08-16 22:04 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-16 22:02 - 2013-08-16 22:02 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-16 22:02 - 2013-08-16 22:02 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Avira
2013-08-16 22:01 - 2013-01-14 11:58 - 00000000 ____D C:\ProgramData\Avira
2013-08-16 22:01 - 2013-01-14 11:58 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-13 08:38 - 2013-08-27 19:46 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-10 13:48 - 2013-08-10 13:48 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-08-10 13:48 - 2013-08-10 13:48 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-08-10 13:47 - 2013-08-10 13:47 - 00000000 ____D C:\ProgramData\APN

Files to move or delete:
====================
C:\Users\SHEGEF~1\AppData\Local\Temp\apptorun.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\tbuDB22.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\uninst1.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\nsz7224.tmp\Time.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\nso7011.tmp\Time.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\nsj55BE.tmp\Time.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\is357113909\DeltaTB.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\is357113909\OpenItSetup.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\is357113909\WebConnect.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\is-TLSHD.tmp\cinshlpr.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\is-TLSHD.tmp\InstallHelper.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\is-FKP92.tmp\Interop.IWshRuntimeLibrary.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\is-FKP92.tmp\System.Data.SQLite.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\BabMaint.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\BExternal.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\BUSolForMontiera.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\BUSolution.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\ccp.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\ChromeToolbarSetup.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\CrxInstaller.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\enhancedNT.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\GUninstaller.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\IEHelper.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\MntrDLLInstall.dll
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\MyDeltaTB.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\Setup.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\3B7A7EF7-BAB0-7891-B3CB-5AB99197C697\Latest\sqlite3.dll
C:\Users\sysadmemp.PFM-AG\AppData\Local\Temp\epiMsiBootstraper.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-10 15:18

==================== End Of Log ============================

--- --- ---

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013
Ran by shegeftfardn at 2013-08-28 18:10:07
Running from C:\Users\shegeftfardn\Downloads
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Ghostscript 8.71
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.102.64)
Adobe Flash Player 11 Plugin (x32 Version: 11.5.502.146)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
AntiVir Agent 1.0 (x32 Version: 1.0)
Antivir Professional 10.0 (x32 Version: 10.0)
Aventail Access Manager (x32 Version: 10.5.29)
Aventail Connect (Version: 10.5.32)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
Avira Security Management Center Agent (x32 Version: )
Code EAN39 1.0 (x32 Version: 1.0)
Corporate Design pfmmedical 1.0 (x32 Version: 1.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DHTML Editing Component (x32 Version: 6.02.0001)
Empirum Agent 14.2 (Version: 14.2)
Enterprise Library 5.0 - April 2010 - GAC (x32 Version: 1.0.1)
FreePDF (Remove only) (x32)
Google Chrome (x32 Version: 28.0.1500.95)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
IDT Audio (x32 Version: 1.0.6227.0)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
IrfanView (remove only) (x32 Version: 4.27)
Java 7 Update 11 (x32 Version: 7.0.110)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 23 (x32 Version: 6.0.230)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 1.1 German Language Pack (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447) (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Flight Simulator X (x32 Version: 10.0.60905)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (x32 Version: 8.0.50727.4053)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (x32 Version: 9.0)
Microsoft Security Client (Version: 4.3.0216.0)
Microsoft Security Essentials (Version: 4.3.216.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft WSE 3.0 Runtime 3.0.5305.0 (x32 Version: 3.0.5305.0)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser und SDK (x32 Version: 4.20.9818.0)
MSXML4.0 redistributable (x32 Version: 4.0.0.0)
neoPackage Adobe Flashplayer ActiveX 10.1.A2.64 (x32 Version: 10.1.A2.64)
neoPackage Adobe Reader 10.0.0 (x32 Version: 10.0.0)
neoPackage Gadwin PrintScreen 4.5 (x32 Version: 4.5)
neoPackage Irfan Skiljan IrfanView 4.27 (x32 Version: 4.27)
neoPackage Microsoft .NET Framework 1.1 (x32 Version: 1.1)
neoPackage Microsoft .NET Framework 4.0 (Version: 4.0)
neoPackage Microsoft Office Professional 14.0 (x32 Version: 14.0)
neoPackage SAP SAPGui 7.20 (x32 Version: 7.20)
neoPackage Stefan Heinz FreePDF 4.04 (Version: 4.04)
neoPackage Sun Java Runtime Environment 6.0.230 (x32 Version: 6.0.230)
neoPackage VideoLAN.org VLC media player 1.1.4 (x32 Version: 1.1.4)
RedMon - Redirection Port Monitor
SAP GUI for Windows 7.20 (x32 Version: 7.20 Compilation 2)
Skype™ 6.6 (x32 Version: 6.6.106)
swMSM (x32 Version: 12.0.0.1)
SwyxIt! (Version: 8.02.0994.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
VPN Connect 10.0.5.29 (x32 Version: 10.0.5.29)

==================== Restore Points =========================

16-08-2013 20:08:53 Windows Update
21-08-2013 05:07:22 Windows Update
24-08-2013 22:08:57 Windows Update
27-08-2013 17:41:41 Free System Utilities
27-08-2013 17:55:07 Free System Utilities 27.08.2013 19:55:06
27-08-2013 20:55:00 Free System Utilities
28-08-2013 14:39:36 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {0B3BD1E7-DE50-40B7-9965-AB9D168FA706} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2559386373-3628658140-3482950313-7259 => C:\Windows\System32\portabledeviceapi.dll [2010-11-21] (Microsoft Corporation)
Task: {23384882-42C5-4A6A-AE36-D6E2BC76D901} - System32\Tasks\User_Feed_Synchronization-{16BEFD4E-CAC4-4C66-BBC7-1DFF57D684ED} => C:\Windows\system32\msfeedssync.exe [2013-06-21] (Microsoft Corporation)
Task: {29153697-DDCC-4590-A24C-326D9B98655F} - System32\Tasks\Freemium1ClickMaint => C:\Program Files (x86)\Covus Freemium\Free System Utilities\1Click.exe No File
Task: {492CB4FC-13D6-4F29-ACC8-690C3BBEDE5E} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-08-27] ()
Task: {66D6AC02-631D-4768-91CF-73796B26791F} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-08-23] ()
Task: {7CAF72E8-6749-438B-AA73-B7DA623D4BE0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-25] (Adobe Systems Incorporated)
Task: {8D58B8AB-A124-452E-ABA5-CB3AF5639EFE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation)
Task: {92F6CCBD-5BF9-4C0A-900B-3C0E6746E6DA} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation)
Task: {953F833F-71FA-456C-997C-707C1EF787C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13] (Google Inc.)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-21] (Microsoft Corporation)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-21] (Microsoft Corporation)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation)
Task: {DFE627C2-D199-4290-971E-C9E78D1BB3DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13] (Google Inc.)
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2013 05:43:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 00:17:16 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 23.0.1.4974 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1110

Startzeit: 01cea3d730072c77

Endzeit: 78

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: ee6ba364-0fca-11e3-8bd7-415645000030

Error: (08/28/2013 00:08:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 11:22:45 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.

Error: (08/27/2013 10:36:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 07:59:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 07:40:44 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16660 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4a4

Startzeit: 01cea34c26988ce0

Endzeit: 6

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: c60d6fe0-0f3f-11e3-b596-415645000030

Error: (08/27/2013 07:17:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 07:16:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2013 10:11:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/28/2013 05:59:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update WebConnect" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/28/2013 05:44:29 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{F8E552F8-4C00-11D3-80BC-00105A653379}{F8E552A5-4C00-11D3-80BC-00105A653379}NT-AUTORITÄTNETZWERKDIENSTS-1-5-20LocalHost (unter Verwendung von LRPC)

Error: (08/28/2013 05:44:14 PM) (Source: Microsoft-Windows-GroupPolicy) (User: PFM-AG)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (08/28/2013 05:42:40 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (08/28/2013 05:42:17 PM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne PFM-AG aufgrund der folgenden
Ursache nicht einrichten:
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.

ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (08/28/2013 05:41:56 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎28.‎08.‎2013 um 17:06:24 unerwartet heruntergefahren.

Error: (08/28/2013 04:16:01 PM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne PFM-AG aufgrund der folgenden
Ursache nicht einrichten:
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.

ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (08/28/2013 02:46:34 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{F8E552F8-4C00-11D3-80BC-00105A653379}{F8E552A5-4C00-11D3-80BC-00105A653379}NT-AUTORITÄTNETZWERKDIENSTS-1-5-20LocalHost (unter Verwendung von LRPC)

Error: (08/28/2013 02:16:42 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Empirum Remote Installation Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/28/2013 02:14:36 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{F8E552F8-4C00-11D3-80BC-00105A653379}{F8E552A5-4C00-11D3-80BC-00105A653379}NT-AUTORITÄTNETZWERKDIENSTS-1-5-20LocalHost (unter Verwendung von LRPC)

Microsoft Office Sessions:
=========================
Error: (08/28/2013 05:43:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 00:17:16 PM) (Source: Application Hang)(User: )
Description: firefox.exe23.0.1.4974111001cea3d730072c7778C:\Program Files (x86)\Mozilla Firefox\firefox.exeee6ba364-0fca-11e3-8bd7-415645000030

Error: (08/28/2013 00:08:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 11:22:45 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8F43288AD272F3103B6FB1428485EA3014C0BCFE.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.

Error: (08/27/2013 10:36:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 07:59:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 07:40:44 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.166604a401cea34c26988ce06C:\Program Files\Internet Explorer\iexplore.exec60d6fe0-0f3f-11e3-b596-415645000030

Error: (08/27/2013 07:17:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 07:16:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2013 10:11:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 1909.85 MB
Available physical RAM: 747.88 MB
Total Pagefile: 3819.7 MB
Available Pagefile: 1898.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:96.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 98DEB064)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bin gespannt was man daraus macht!

schrauber · 29.08.2013, 04:08

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

nazzza · 29.08.2013, 10:31

Ich hoffe so ist es richtig. Sorry wenn nicht.

Code:

ATTFilter

ComboFix 13-08-29.01 - shegeftfardn 29.08.2013  11:02:35.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.1910.614 [GMT 2:00]
ausgeführt von:: c:\users\shegeftfardn\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\shegeftfardn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\windows\SysWow64\etc
c:\windows\SysWow64\etc\fstab
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WsysSvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-28 bis 2013-08-29  ))))))))))))))))))))))))))))))
.
.
2013-08-29 09:09 . 2013-08-29 09:09	--------	d-----w-	c:\users\sysadmemp\AppData\Local\temp
2013-08-29 08:54 . 2013-08-05 23:58	9515512	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55F7E229-0483-4DB3-ABB7-AA6167C640F0}\mpengine.dll
2013-08-28 19:42 . 2013-07-09 05:03	3913664	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-08-28 19:42 . 2013-07-09 06:03	5550528	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-28 19:42 . 2013-07-09 05:03	3968960	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-08-28 19:42 . 2013-07-09 05:54	1732032	----a-w-	c:\windows\system32\ntdll.dll
2013-08-28 19:42 . 2013-07-09 04:53	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-08-28 19:42 . 2013-07-09 05:53	243712	----a-w-	c:\windows\system32\wow64.dll
2013-08-28 19:42 . 2013-07-09 02:49	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-08-28 19:42 . 2013-07-09 04:52	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-08-28 19:42 . 2013-07-09 02:49	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-08-28 19:42 . 2013-07-09 02:49	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-08-28 19:42 . 2013-07-09 02:49	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-08-28 16:08 . 2013-08-28 16:08	--------	d-----w-	C:\FRST
2013-08-28 15:51 . 2013-08-28 15:51	--------	d-----w-	c:\users\shegeftfardn\AppData\Roaming\DSite
2013-08-28 15:51 . 2013-08-28 15:51	--------	d-----w-	c:\programdata\Babylon
2013-08-28 15:51 . 2013-08-28 15:51	--------	d-----w-	c:\users\shegeftfardn\AppData\Roaming\Babylon
2013-08-27 21:08 . 2013-08-27 21:08	941720	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A222A68E-A044-477B-B929-9AB0772B851D}\gapaengine.dll
2013-08-27 21:08 . 2013-08-05 23:58	9515512	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-27 21:05 . 2013-08-27 21:05	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2013-08-27 21:05 . 2013-08-27 21:05	--------	d-----w-	c:\program files\Microsoft Security Client
2013-08-27 20:44 . 2013-08-27 20:44	--------	d-----w-	c:\programdata\Simply Super Software
2013-08-27 20:37 . 2013-08-27 20:37	--------	d-----w-	C:\EmpirumAgent
2013-08-27 20:32 . 2013-08-27 20:32	--------	d-----w-	c:\users\shegeftfardn\AppData\Roaming\TrojanHunter
2013-08-27 18:47 . 2013-08-27 20:33	--------	d-----w-	c:\program files (x86)\TrojanHunter 5.5
2013-08-27 18:37 . 2013-08-27 18:39	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-08-27 17:49 . 2013-08-27 17:49	--------	d-----w-	c:\users\shegeftfardn\AppData\Local\Freemium
2013-08-27 17:46 . 2013-08-13 06:38	32328	----a-w-	c:\windows\Launcher.exe
2013-08-27 17:43 . 2013-08-27 17:44	--------	d-----w-	c:\program files (x86)\SoftwareUpdater
2013-08-27 17:40 . 2013-08-27 17:41	--------	d-----w-	c:\users\shegeftfardn\AppData\Local\DownloadGuide
2013-08-27 17:24 . 2013-08-06 08:58	9515512	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{54714459-8BF1-4647-A57C-2B2FA25B4567}\mpengine.dll
2013-08-16 20:10 . 2013-08-16 20:11	--------	d-----w-	c:\windows\system32\MRT
2013-08-16 20:04 . 2013-08-16 20:03	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-08-16 20:02 . 2013-08-16 20:02	--------	d-----w-	c:\users\shegeftfardn\AppData\Roaming\Avira
2013-08-16 20:01 . 2013-07-18 06:02	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-08-16 20:01 . 2013-07-18 06:02	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-16 20:01 . 2013-03-06 14:13	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-08-16 19:46 . 2013-07-09 05:52	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-08-16 19:46 . 2013-07-09 05:46	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-16 19:46 . 2013-07-09 05:46	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-08-16 19:46 . 2013-07-09 05:46	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-16 19:46 . 2013-07-09 04:52	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-08-16 19:46 . 2013-07-09 04:46	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-08-16 19:46 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-08-16 19:46 . 2013-07-09 04:46	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-08-16 19:46 . 2013-07-19 01:58	2048	----a-w-	c:\windows\system32\tzres.dll
2013-08-16 19:46 . 2013-07-19 01:41	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-08-16 19:45 . 2013-07-25 09:25	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-08-16 19:45 . 2013-07-25 08:57	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-08-16 19:45 . 2013-07-09 05:51	1217024	----a-w-	c:\windows\system32\rpcrt4.dll
2013-08-16 19:45 . 2013-07-09 04:52	663552	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-08-16 19:45 . 2013-06-15 04:32	39936	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2013-08-16 19:45 . 2013-07-06 06:03	1910208	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-08-10 11:48 . 2013-08-10 11:48	--------	d-----w-	c:\programdata\AskPartnerNetwork
2013-08-10 11:48 . 2013-08-10 11:48	--------	d-----w-	c:\program files (x86)\AskPartnerNetwork
2013-08-10 11:47 . 2013-08-10 11:47	--------	d-----w-	c:\programdata\APN
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-16 20:09 . 2013-04-22 21:46	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-28 19:42	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-06-21 05:23 . 2013-06-21 05:23	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-06-21 05:23 . 2013-06-21 05:23	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-06-21 05:23 . 2013-06-21 05:23	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-06-21 05:23 . 2013-06-21 05:23	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-06-21 05:23 . 2013-06-21 05:23	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-06-21 05:23 . 2013-06-21 05:23	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-06-21 05:23 . 2013-06-21 05:23	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-21 05:23 . 2013-06-21 05:23	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-21 05:23 . 2013-06-21 05:23	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-06-21 05:23 . 2013-06-21 05:23	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-06-21 05:23 . 2013-06-21 05:23	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-06-21 05:23 . 2013-06-21 05:23	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-06-21 05:23 . 2013-06-21 05:23	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-06-21 05:23 . 2013-06-21 05:23	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-06-21 05:23 . 2013-06-21 05:23	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-06-21 05:23 . 2013-06-21 05:23	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-06-21 05:23 . 2013-06-21 05:23	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-06-21 05:23 . 2013-06-21 05:23	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-06-21 05:23 . 2013-06-21 05:23	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-06-21 05:23 . 2013-06-21 05:23	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-06-21 05:23 . 2013-06-21 05:23	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-06-21 05:23 . 2013-06-21 05:23	81408	----a-w-	c:\windows\system32\icardie.dll
2013-06-21 05:23 . 2013-06-21 05:23	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-06-21 05:23 . 2013-06-21 05:23	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-06-21 05:23 . 2013-06-21 05:23	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-06-21 05:23 . 2013-06-21 05:23	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-06-21 05:23 . 2013-06-21 05:23	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-06-21 05:23 . 2013-06-21 05:23	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-06-21 05:23 . 2013-06-21 05:23	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-06-21 05:23 . 2013-06-21 05:23	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-06-21 05:23 . 2013-06-21 05:23	441856	----a-w-	c:\windows\system32\html.iec
2013-06-21 05:23 . 2013-06-21 05:23	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-06-21 05:23 . 2013-06-21 05:23	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-21 05:23 . 2013-06-21 05:23	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-06-21 05:23 . 2013-06-21 05:23	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-06-21 05:23 . 2013-06-21 05:23	235008	----a-w-	c:\windows\system32\url.dll
2013-06-21 05:23 . 2013-06-21 05:23	216064	----a-w-	c:\windows\system32\msls31.dll
2013-06-21 05:23 . 2013-06-21 05:23	197120	----a-w-	c:\windows\system32\msrating.dll
2013-06-21 05:23 . 2013-06-21 05:23	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-06-21 05:23 . 2013-06-21 05:23	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-06-21 05:23 . 2013-06-21 05:23	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-21 05:23 . 2013-06-21 05:23	149504	----a-w-	c:\windows\system32\occache.dll
2013-06-21 05:23 . 2013-06-21 05:23	144896	----a-w-	c:\windows\system32\wextract.exe
2013-06-21 05:23 . 2013-06-21 05:23	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-06-21 05:23 . 2013-06-21 05:23	13824	----a-w-	c:\windows\system32\mshta.exe
2013-06-21 05:23 . 2013-06-21 05:23	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-06-21 05:23 . 2013-06-21 05:23	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-06-21 05:23 . 2013-06-21 05:23	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-06-21 05:23 . 2013-06-21 05:23	102912	----a-w-	c:\windows\system32\inseng.dll
2013-06-18 19:50 . 2013-06-18 19:50	247216	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2013-06-18 19:50	139616	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-05 03:34 . 2013-07-09 20:21	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-09 20:21	624128	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-09 20:21	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2010-03-30 15:39 . 2013-01-14 10:08	113152	----a-w-	c:\program files\uninstgs.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-07-26 20:30	12240	----a-w-	c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2010-10-14 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-18 345144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ngfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [x]
S2 AntiVir Security Management Center Agent;Avira Security Management Center Agent;c:\program files (x86)\Avira\Avira Security Management Center Agent\agent.exe;c:\program files (x86)\Avira\Avira Security Management Center Agent\agent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 ERIS;Empirum Remote Installation Service;c:\windows\system32\Empirum\Eris.exe;c:\windows\SYSNATIVE\Empirum\Eris.exe [x]
S2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe;c:\windows\SYSNATIVE\ngvpnmgr.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys;c:\windows\SYSNATIVE\DRIVERS\nglog.sys [x]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys;c:\windows\SYSNATIVE\DRIVERS\ngvpn.sys [x]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys;c:\windows\SYSNATIVE\DRIVERS\ngwfp.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-17 09:50	1173456	----a-w-	c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-25 14:18]
.
2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 21:40]
.
2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 21:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"erisui"="c:\windows\system32\Empirum\eris_ui" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-05-07 450048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 1356240]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=5098002710002BE9&affID=119357&tsp=4988
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
mDefault_Page_URL = hxxp://www.google.com
mStart Page = about:newtab
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
mSearch Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{F8E553C6-4C00-11D3-80BC-00105A653379} - c:\program files (x86)\SwyxIt!\IEDial.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 50987c6d000000000000002710002be9
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15945
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.617:52
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=4988
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SWDepot - c:\windows\system32\EMPIRUM\SWDepot.exe \\spk20035\Configurator$\User\SWDepot.dds
AddRemove-Avira Antivir Professional 10.0 - c:\program files (x86)\Common Files\Setup32\Setup.exe spk20035\Configurator$\Packages\Avira\Antivir Professional\10.0\Install\Setup.inf
AddRemove-neoPackage Adobe Flashplayer ActiveX 10.1.A2.64 - c:\empirumagent\User\setup.exe
AddRemove-neoPackage Adobe Reader 10.0.0 - c:\empirumagent\User\setup.exe
AddRemove-neoPackage Gadwin PrintScreen 4.5 - c:\empirumagent\User\setup.exe
AddRemove-neoPackage Sun Java Runtime Environment 6.0.230 - c:\empirumagent\User\setup.exe
AddRemove-neoPackage VideoLAN.org VLC media player 1.1.4 - c:\empirumagent\User\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-29  11:22:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-08-29 09:22
.
Vor Suchlauf: 13 Verzeichnis(se), 100.785.823.744 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 100.289.392.640 Bytes frei
.
- - End Of File - - 66A9C9FAFB555D7EB6081E1E383820A9
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 29.08.2013, 11:08

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

nazzza · 29.08.2013, 12:42

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
shegeftfardn :: NPK22102 [Administrator]

29.08.2013 13:36:50
mbam-log-2013-08-29 (13-36-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 276234
Laufzeit: 7 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 10
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 7
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=5098002710002BE9&affID=119357&tsp=4988) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\shegeftfardn\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\ProgramData\eSafe\eGdpSvc.exe (Trojan.Staser) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\shegeftfardn\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\shegeftfardn\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

schrauber · 29.08.2013, 13:00

Logs bitte zusammen posten wenn Du sie hast

nazzza · 29.08.2013, 13:40

Ok hab alles gemacht, ich wollte die Daten einzeln schicken weil ich dachte, dass ich die Dateien nicht mehr finde

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
shegeftfardn :: NPK22102 [Administrator]

29.08.2013 13:36:50
mbam-log-2013-08-29 (13-36-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 276234
Laufzeit: 7 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 10
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 7
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=5098002710002BE9&affID=119357&tsp=4988) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\shegeftfardn\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\ProgramData\eSafe\eGdpSvc.exe (Trojan.Staser) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\shegeftfardn\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\shegeftfardn\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 29/08/2013 at 13:57:28
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : shegeftfardn - NPK22102
# Running from : C:\Users\shegeftfardn\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP
Service Found : SystemStoreService

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
File Found : C:\Users\shegeftfardn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\\invalidprefs.js
File Found : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\foxydeal.sqlite
File Found : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\searchplugins\Web Search.xml
File Found : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\user.js
File Found : C:\Windows\System32\Tasks\Software Updater
File Found : C:\Windows\System32\Tasks\Software Updater Ui
Folder Found : C:\Users\shegeftfardn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Folder Found C:\Program Files (x86)\AskPartnerNetwork
Folder Found C:\Program Files (x86)\SoftwareUpdater
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\AskPartnerNetwork
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\eSafe
Folder Found C:\Users\SHEGEF~1\AppData\Local\Temp\apn
Folder Found C:\Users\SHEGEF~1\AppData\Local\Temp\apn
Folder Found C:\Users\SHEGEF~1\AppData\Local\Temp\apn
Folder Found C:\Users\shegeftfardn\AppData\Local\DownloadGuide
Folder Found C:\Users\shegeftfardn\AppData\Local\Freemium
Folder Found C:\Users\shegeftfardn\AppData\LocalLow\SimplyTech
Folder Found C:\Users\shegeftfardn\AppData\Roaming\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\FoxyDeal
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\FoxyDeal
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\Delta
Key Found : HKLM\Software\eSafeSecControl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q=%s
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q=%s

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\prefs.js ]

Line Found : user_pref("browser.search.defaultengine", "Web Search");
Line Found : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...]
Line Found : user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
Line Found : user_pref("extensions.crossrider.bic", "140c0f98983abd2701a982341a543896");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "de");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "50987c6d000000000000002710002be9");
Line Found : user_pref("extensions.delta.instlDay", "15945");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.617:52:44");
Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4988");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Found : user_pref("extentions.webcake.installId", "b0a1c8dc-aa4f-46c0-8fb9-020964fab2f7");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\shegeftfardn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [11856 octets] - [29/08/2013 13:57:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11917 octets] ##########

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 29/08/2013 at 14:00:07
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : shegeftfardn - NPK22102
# Running from : C:\Users\shegeftfardn\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP
Service Found : SystemStoreService

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
File Found : C:\Users\shegeftfardn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\\invalidprefs.js
File Found : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\foxydeal.sqlite
File Found : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\searchplugins\Web Search.xml
File Found : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\user.js
File Found : C:\Windows\System32\Tasks\Software Updater
File Found : C:\Windows\System32\Tasks\Software Updater Ui
Folder Found : C:\Users\shegeftfardn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Folder Found C:\Program Files (x86)\AskPartnerNetwork
Folder Found C:\Program Files (x86)\SoftwareUpdater
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\AskPartnerNetwork
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\eSafe
Folder Found C:\Users\SHEGEF~1\AppData\Local\Temp\apn
Folder Found C:\Users\SHEGEF~1\AppData\Local\Temp\apn
Folder Found C:\Users\SHEGEF~1\AppData\Local\Temp\apn
Folder Found C:\Users\shegeftfardn\AppData\Local\DownloadGuide
Folder Found C:\Users\shegeftfardn\AppData\Local\Freemium
Folder Found C:\Users\shegeftfardn\AppData\LocalLow\SimplyTech
Folder Found C:\Users\shegeftfardn\AppData\Roaming\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\FoxyDeal
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\FoxyDeal
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\Delta
Key Found : HKLM\Software\eSafeSecControl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&st=chrome&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q=%s
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q=%s

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\prefs.js ]

Line Found : user_pref("browser.search.defaultengine", "Web Search");
Line Found : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...]
Line Found : user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
Line Found : user_pref("extensions.crossrider.bic", "140c0f98983abd2701a982341a543896");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "de");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "50987c6d000000000000002710002be9");
Line Found : user_pref("extensions.delta.instlDay", "15945");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.617:52:44");
Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4988");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Found : user_pref("extentions.webcake.installId", "b0a1c8dc-aa4f-46c0-8fb9-020964fab2f7");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\shegeftfardn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [12022 octets] - [29/08/2013 13:57:28]
AdwCleaner[R1].txt - [11917 octets] - [29/08/2013 14:00:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [11978 octets] ##########

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 29/08/2013 at 14:00:35
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : shegeftfardn - NPK22102
# Running from : C:\Users\shegeftfardn\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP
[#] Service Deleted : SystemStoreService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\SoftwareUpdater
Folder Deleted : C:\Users\SHEGEF~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\shegeftfardn\AppData\Local\DownloadGuide
Folder Deleted : C:\Users\shegeftfardn\AppData\Local\Freemium
Folder Deleted : C:\Users\shegeftfardn\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\shegeftfardn\AppData\Roaming\DSite
Folder Deleted : C:\Users\shegeftfardn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
File Deleted : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\searchplugins\Web Search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
File Deleted : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\foxydeal.sqlite
File Deleted : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\\invalidprefs.js
File Deleted : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\user.js
File Deleted : C:\Users\shegeftfardn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Windows\System32\Tasks\Software Updater Ui
File Deleted : C:\Windows\System32\Tasks\Software Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\FoxyDeal
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
Line Deleted : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...]
Line Deleted : user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
Line Deleted : user_pref("extensions.crossrider.bic", "140c0f98983abd2701a982341a543896");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "50987c6d000000000000002710002be9");
Line Deleted : user_pref("extensions.delta.instlDay", "15945");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.617:52:44");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4988");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "b0a1c8dc-aa4f-46c0-8fb9-020964fab2f7");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\shegeftfardn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [12022 octets] - [29/08/2013 13:57:28]
AdwCleaner[R1].txt - [12083 octets] - [29/08/2013 14:00:07]
AdwCleaner[S0].txt - [10906 octets] - [29/08/2013 14:00:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10967 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows 7 Professional x64
Ran by shegeftfardn on 29.08.2013 at 14:24:45,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\simplytech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\simplytech
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasmancs



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\shegeftfardn\AppData\Roaming\mozilla\firefox\profiles\2pc7fvnn.default\minidumps [33 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\shegeftfardn\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.08.2013 at 14:29:49,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by shegeftfardn (administrator) on 29-08-2013 14:31:32
Running from C:\Users\shegeftfardn\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe
(Aventail Corporation) C:\Windows\system32\ngvpnmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
(Avira GmbH) C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Matrix42 AG) C:\Windows\system32\Empirum\Eris.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Matrix42 AG) C:\Windows\System32\Empirum\ERIS_UI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Matrix42 AG) C:\Windows\system32\Empirum\eris_ui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2010-05-07] (IDT, Inc.)
HKLM\...\Run: [erisui] - "C:\Windows\system32\Empirum\eris_ui" /hide [x]
HKLM\...\Run: [SWDepot] - C:\WINDOWS\system32\EMPIRUM\SWDepot.exe \\spk20035\Configurator$\User\SWDepot.dds /K7200 /I /B /F /S /T0 /Z1 /Y1 [x]
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKCU\...\Run: [Gadwin PrintScreen] - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2010-10-14] (Gadwin Systems, Inc)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
HKU\sysadmemp.PFM-AG\...\Run: [Gadwin PrintScreen] - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2010-10-14] (Gadwin Systems, Inc)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - URL hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q={searchTerms}
SearchScopes: HKLM-x32 - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66920&gid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 - TopResultURLFallback hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q={searchTerms}
SearchScopes: HKCU - 1274F1985CBD479BA483902CC40F94AD URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U23) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [89600 2010-05-07] (Andrea Electronics Corporation)
R2 AntiVir Security Management Center Agent; C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [636161 2009-04-01] (Avira GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 ERIS; C:\Windows\system32\Empirum\Eris.exe [220536 2012-04-26] (Matrix42 AG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R2 NgVpnMgr; C:\Windows\system32\ngvpnmgr.exe [436296 2010-09-13] (Aventail Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe [240640 2010-05-07] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [25672 2010-09-13] (Aventail Corporation)
R3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [31304 2010-09-13] (Aventail Corporation)
R3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [102984 2010-09-13] (Aventail Corporation)
R3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [28744 2010-09-13] (Aventail Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-09-19] (STMicroelectronics)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 14:24 - 2013-08-29 14:24 - 01023533 _____ (Thisisu) C:\Users\shegeftfardn\Downloads\JRT.exe
2013-08-29 14:24 - 2013-08-29 14:24 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 13:57 - 2013-08-29 14:00 - 00000000 ____D C:\AdwCleaner
2013-08-29 13:56 - 2013-08-29 13:57 - 00994642 _____ C:\Users\shegeftfardn\Downloads\adwcleaner.exe
2013-08-29 13:35 - 2013-08-29 13:35 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Malwarebytes
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 13:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 13:34 - 2013-08-29 13:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\shegeftfardn\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 11:22 - 2013-08-29 11:22 - 00027777 _____ C:\ComboFix.txt
2013-08-29 10:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-29 10:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-29 10:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-29 10:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-29 10:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-29 10:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-29 10:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-29 10:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-29 10:56 - 2013-08-29 11:22 - 00000000 ____D C:\Qoobox
2013-08-29 10:55 - 2013-08-29 11:19 - 00000000 ____D C:\Windows\erdnt
2013-08-29 10:54 - 2013-08-29 10:55 - 05115711 _____ (Swearware) C:\Users\shegeftfardn\Downloads\ComboFix (1).exe
2013-08-29 10:53 - 2013-08-29 10:54 - 05115711 ____R (Swearware) C:\Users\shegeftfardn\Downloads\ComboFix.exe
2013-08-28 21:42 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-28 21:42 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-28 21:42 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-28 21:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-28 21:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-28 21:42 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-28 21:42 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-28 21:42 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-28 21:42 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-28 21:42 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-28 21:42 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-28 18:10 - 2013-08-28 18:10 - 00021926 _____ C:\Users\shegeftfardn\Downloads\Addition.txt
2013-08-28 18:08 - 2013-08-28 18:08 - 01579080 _____ (Farbar) C:\Users\shegeftfardn\Downloads\FRST64.exe
2013-08-28 18:08 - 2013-08-28 18:08 - 00000000 ____D C:\FRST
2013-08-28 16:12 - 2013-08-28 16:12 - 00012222 _____ C:\Users\shegeftfardn\Documents\hijackthis.log
2013-08-28 12:17 - 2013-08-28 12:17 - 00000000 ____D C:\Users\shegeftfardn\Documents\Fax
2013-08-27 23:06 - 2013-08-27 23:06 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-27 22:44 - 2013-08-27 22:44 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 ____D C:\EmpirumAgent
2013-08-27 22:32 - 2013-08-27 22:32 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\TrojanHunter
2013-08-27 20:47 - 2013-08-27 22:33 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-08-27 20:47 - 2013-08-27 20:47 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-08-27 20:37 - 2013-08-27 20:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-27 20:37 - 2013-08-27 20:37 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-27 19:50 - 2013-08-28 16:02 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-27 19:47 - 2013-08-27 22:54 - 00003806 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-08-27 19:46 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-27 19:41 - 2013-08-27 19:41 - 00000215 _____ C:\Users\shegeftfardn\Desktop\Amazon.url
2013-08-26 23:04 - 2013-08-27 19:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 12:58 - 2013-08-17 13:00 - 00000000 ____D C:\Users\shegeftfardn\Desktop\PrintScreen Files
2013-08-17 11:50 - 2013-08-17 11:50 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-16 22:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 22:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 22:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 22:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 22:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 22:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 22:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 22:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 22:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 22:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 22:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 22:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 22:17 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 22:10 - 2013-08-16 22:11 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 22:04 - 2013-08-16 22:03 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-16 22:02 - 2013-08-16 22:02 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-16 22:02 - 2013-08-16 22:02 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Avira
2013-08-16 22:01 - 2013-07-18 08:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-16 22:01 - 2013-07-18 08:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-16 22:01 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-16 21:46 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 21:46 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 21:46 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 21:46 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 21:46 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 21:46 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 21:46 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 21:46 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 21:46 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 21:46 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 21:45 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 21:45 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 21:45 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 21:45 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 21:45 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-16 21:45 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-08-29 14:29 - 2013-08-29 14:29 - 00001833 _____ C:\Users\shegeftfardn\Desktop\JRT.txt
2013-08-29 14:24 - 2013-08-29 14:24 - 01023533 _____ (Thisisu) C:\Users\shegeftfardn\Downloads\JRT.exe
2013-08-29 14:24 - 2013-08-29 14:24 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 14:20 - 2013-05-13 23:40 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 14:10 - 2009-07-14 06:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 14:10 - 2009-07-14 06:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 14:08 - 2013-01-14 11:39 - 01268514 _____ C:\Windows\WindowsUpdate.log
2013-08-29 14:05 - 2013-05-13 23:40 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-29 14:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 14:02 - 2009-07-14 06:51 - 00042599 _____ C:\Windows\setupact.log
2013-08-29 14:00 - 2013-08-29 13:57 - 00000000 ____D C:\AdwCleaner
2013-08-29 13:57 - 2013-08-29 13:56 - 00994642 _____ C:\Users\shegeftfardn\Downloads\adwcleaner.exe
2013-08-29 13:49 - 2010-11-21 05:47 - 00054808 _____ C:\Windows\PFRO.log
2013-08-29 13:35 - 2013-08-29 13:35 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Malwarebytes
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 13:34 - 2013-08-29 13:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\shegeftfardn\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 11:22 - 2013-08-29 11:22 - 00027777 _____ C:\ComboFix.txt
2013-08-29 11:22 - 2013-08-29 10:56 - 00000000 ____D C:\Qoobox
2013-08-29 11:22 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-29 11:19 - 2013-08-29 10:55 - 00000000 ____D C:\Windows\erdnt
2013-08-29 11:14 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-29 10:55 - 2013-08-29 10:54 - 05115711 _____ (Swearware) C:\Users\shegeftfardn\Downloads\ComboFix (1).exe
2013-08-29 10:54 - 2013-08-29 10:53 - 05115711 ____R (Swearware) C:\Users\shegeftfardn\Downloads\ComboFix.exe
2013-08-28 23:46 - 2013-01-14 12:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-28 23:36 - 2013-01-14 11:59 - 01628074 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-28 23:36 - 2011-04-12 09:26 - 00710886 _____ C:\Windows\system32\perfh007.dat
2013-08-28 23:36 - 2011-04-12 09:26 - 00153946 _____ C:\Windows\system32\perfc007.dat
2013-08-28 23:36 - 2009-07-14 07:13 - 01628074 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-28 23:27 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2013-08-28 19:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-28 18:10 - 2013-08-28 18:10 - 00021926 _____ C:\Users\shegeftfardn\Downloads\Addition.txt
2013-08-28 18:08 - 2013-08-28 18:08 - 01579080 _____ (Farbar) C:\Users\shegeftfardn\Downloads\FRST64.exe
2013-08-28 18:08 - 2013-08-28 18:08 - 00000000 ____D C:\FRST
2013-08-28 16:12 - 2013-08-28 16:12 - 00012222 _____ C:\Users\shegeftfardn\Documents\hijackthis.log
2013-08-28 16:02 - 2013-08-27 19:50 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-28 12:17 - 2013-08-28 12:17 - 00000000 ____D C:\Users\shegeftfardn\Documents\Fax
2013-08-27 23:06 - 2013-08-27 23:06 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-27 22:54 - 2013-08-27 19:47 - 00003806 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-08-27 22:44 - 2013-08-27 22:44 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 ____D C:\EmpirumAgent
2013-08-27 22:33 - 2013-08-27 20:47 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-08-27 22:32 - 2013-08-27 22:32 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\TrojanHunter
2013-08-27 20:47 - 2013-08-27 20:47 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-08-27 20:39 - 2013-08-27 20:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-27 20:37 - 2013-08-27 20:37 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-27 19:55 - 2013-05-04 00:18 - 00000000 ____D C:\Windows\Minidump
2013-08-27 19:46 - 2013-08-26 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-27 19:41 - 2013-08-27 19:41 - 00000215 _____ C:\Users\shegeftfardn\Desktop\Amazon.url
2013-08-27 19:15 - 2013-01-25 12:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 13:00 - 2013-08-17 12:58 - 00000000 ____D C:\Users\shegeftfardn\Desktop\PrintScreen Files
2013-08-17 11:50 - 2013-08-17 11:50 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-17 11:50 - 2013-05-13 23:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-16 22:11 - 2013-08-16 22:10 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 22:09 - 2013-04-22 23:46 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 22:06 - 2013-07-28 13:13 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Skype
2013-08-16 22:03 - 2013-08-16 22:04 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-16 22:02 - 2013-08-16 22:02 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-16 22:02 - 2013-08-16 22:02 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Avira
2013-08-16 22:01 - 2013-01-14 11:58 - 00000000 ____D C:\ProgramData\Avira
2013-08-16 22:01 - 2013-01-14 11:58 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-13 08:38 - 2013-08-27 19:46 - 00032328 _____ C:\Windows\Launcher.exe

Files to move or delete:
====================
C:\Users\SHEGEF~1\AppData\Local\Temp\Quarantine.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-28 18:54

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 29.08.2013, 17:34

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

nazzza · 29.08.2013, 19:21

Also ich glaube da wurde nichts mehr gefunden. Das das so umfangreich ist hätte ich nicht gedacht. Muss ich noch was machen?

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d2330b6859e5b64083f317772d36340d
# engine=14944
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-29 06:13:42
# local_time=2013-08-29 08:13:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 22683 243223312 15412 0
# compatibility_mode=5893 16776574 100 94 175760 129429872 0 0
# scanned=149495
# found=0
# cleaned=0
# scan_time=3064

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
Avira Desktop                   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 neoPackage Sun Java Runtime Environment 6.0.230 
 Java(TM) 6 Update 23  
 Java 7 Update 11  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 11.5.502.146 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (23.0.1) 
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by shegeftfardn (administrator) on 29-08-2013 20:19:18
Running from C:\Users\shegeftfardn\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe
(Aventail Corporation) C:\Windows\system32\ngvpnmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
(Avira GmbH) C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Matrix42 AG) C:\Windows\System32\Empirum\ERIS_UI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Matrix42 AG) C:\Windows\system32\Empirum\eris_ui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
() C:\Users\shegeftfardn\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2010-05-07] (IDT, Inc.)
HKLM\...\Run: [erisui] - "C:\Windows\system32\Empirum\eris_ui" /hide [x]
HKLM\...\Run: [SWDepot] - C:\WINDOWS\system32\EMPIRUM\SWDepot.exe \\spk20035\Configurator$\User\SWDepot.dds /K7200 /I /B /F /S /T0 /Z1 /Y1 [x]
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKCU\...\Run: [Gadwin PrintScreen] - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2010-10-14] (Gadwin Systems, Inc)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
HKU\sysadmemp.PFM-AG\...\Run: [Gadwin PrintScreen] - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2010-10-14] (Gadwin Systems, Inc)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - URL hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q={searchTerms}
SearchScopes: HKLM-x32 - SuggestionsURL_JSON hxxp://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66920&gid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&dbCode=1&command={searchTerms}
SearchScopes: HKLM-x32 - TopResultURLFallback hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1377625489794&tguid=66920-6787-1377625489794-2F5A277FC9FFE5640002CAE35A30FEDD&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - 1274F1985CBD479BA483902CC40F94AD URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\shegeftfardn\AppData\Roaming\Mozilla\Firefox\Profiles\2pc7fvnn.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U23) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\SHEGEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [89600 2010-05-07] (Andrea Electronics Corporation)
R2 AntiVir Security Management Center Agent; C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [636161 2009-04-01] (Avira GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-18] (Avira Operations GmbH & Co. KG)
S2 ERIS; C:\Windows\system32\Empirum\Eris.exe [220536 2012-04-26] (Matrix42 AG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R2 NgVpnMgr; C:\Windows\system32\ngvpnmgr.exe [436296 2010-09-13] (Aventail Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe [240640 2010-05-07] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [25672 2010-09-13] (Aventail Corporation)
R3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [31304 2010-09-13] (Aventail Corporation)
R3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [102984 2010-09-13] (Aventail Corporation)
R3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [28744 2010-09-13] (Aventail Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-09-19] (STMicroelectronics)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 19:20 - 2013-08-29 19:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-29 19:19 - 2013-08-29 19:20 - 02347384 _____ (ESET) C:\Users\shegeftfardn\Downloads\esetsmartinstaller_enu.exe
2013-08-29 14:29 - 2013-08-29 14:29 - 00001833 _____ C:\Users\shegeftfardn\Desktop\JRT.txt
2013-08-29 14:24 - 2013-08-29 14:24 - 01023533 _____ (Thisisu) C:\Users\shegeftfardn\Downloads\JRT.exe
2013-08-29 14:24 - 2013-08-29 14:24 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 13:57 - 2013-08-29 14:00 - 00000000 ____D C:\AdwCleaner
2013-08-29 13:56 - 2013-08-29 13:57 - 00994642 _____ C:\Users\shegeftfardn\Downloads\adwcleaner.exe
2013-08-29 13:35 - 2013-08-29 13:35 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Malwarebytes
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 13:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 13:34 - 2013-08-29 13:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\shegeftfardn\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 11:22 - 2013-08-29 11:22 - 00027777 _____ C:\ComboFix.txt
2013-08-29 10:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-29 10:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-29 10:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-29 10:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-29 10:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-29 10:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-29 10:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-29 10:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-29 10:56 - 2013-08-29 11:22 - 00000000 ____D C:\Qoobox
2013-08-29 10:55 - 2013-08-29 11:19 - 00000000 ____D C:\Windows\erdnt
2013-08-29 10:54 - 2013-08-29 10:55 - 05115711 _____ (Swearware) C:\Users\shegeftfardn\Downloads\ComboFix (1).exe
2013-08-29 10:53 - 2013-08-29 10:54 - 05115711 ____R (Swearware) C:\Users\shegeftfardn\Downloads\ComboFix.exe
2013-08-28 21:42 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-28 21:42 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-28 21:42 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-28 21:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-28 21:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-28 21:42 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-28 21:42 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-28 21:42 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-28 21:42 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-28 21:42 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-28 21:42 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-28 18:10 - 2013-08-28 18:10 - 00021926 _____ C:\Users\shegeftfardn\Downloads\Addition.txt
2013-08-28 18:08 - 2013-08-28 18:08 - 01579080 _____ (Farbar) C:\Users\shegeftfardn\Downloads\FRST64.exe
2013-08-28 18:08 - 2013-08-28 18:08 - 00000000 ____D C:\FRST
2013-08-28 16:12 - 2013-08-28 16:12 - 00012222 _____ C:\Users\shegeftfardn\Documents\hijackthis.log
2013-08-28 12:17 - 2013-08-28 12:17 - 00000000 ____D C:\Users\shegeftfardn\Documents\Fax
2013-08-27 23:06 - 2013-08-27 23:06 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-27 22:44 - 2013-08-27 22:44 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 ____D C:\EmpirumAgent
2013-08-27 22:32 - 2013-08-27 22:32 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\TrojanHunter
2013-08-27 20:47 - 2013-08-27 22:33 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-08-27 20:47 - 2013-08-27 20:47 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-08-27 20:37 - 2013-08-27 20:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-27 20:37 - 2013-08-27 20:37 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-27 19:50 - 2013-08-28 16:02 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-27 19:47 - 2013-08-27 22:54 - 00003806 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-08-27 19:46 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-27 19:41 - 2013-08-27 19:41 - 00000215 _____ C:\Users\shegeftfardn\Desktop\Amazon.url
2013-08-26 23:04 - 2013-08-27 19:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 12:58 - 2013-08-17 13:00 - 00000000 ____D C:\Users\shegeftfardn\Desktop\PrintScreen Files
2013-08-17 11:50 - 2013-08-17 11:50 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-16 22:18 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 22:18 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 22:18 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 22:18 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 22:18 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 22:18 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 22:18 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 22:18 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 22:18 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 22:18 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 22:18 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 22:18 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 22:18 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 22:18 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 22:17 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 22:10 - 2013-08-16 22:11 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 22:04 - 2013-08-16 22:03 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-16 22:02 - 2013-08-16 22:02 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-16 22:02 - 2013-08-16 22:02 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Avira
2013-08-16 22:01 - 2013-07-18 08:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-16 22:01 - 2013-07-18 08:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-16 22:01 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-16 21:46 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 21:46 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 21:46 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 21:46 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 21:46 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 21:46 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 21:46 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 21:46 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 21:46 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 21:46 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 21:45 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 21:45 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 21:45 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 21:45 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 21:45 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-16 21:45 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-08-29 20:15 - 2013-08-29 20:15 - 00891115 _____ C:\Users\shegeftfardn\Downloads\SecurityCheck.exe
2013-08-29 19:32 - 2013-01-25 16:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 19:21 - 2013-01-14 11:39 - 01310420 _____ C:\Windows\WindowsUpdate.log
2013-08-29 19:20 - 2013-08-29 19:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-29 19:20 - 2013-08-29 19:19 - 02347384 _____ (ESET) C:\Users\shegeftfardn\Downloads\esetsmartinstaller_enu.exe
2013-08-29 19:20 - 2013-05-13 23:40 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 19:18 - 2011-04-12 09:26 - 00710886 _____ C:\Windows\system32\perfh007.dat
2013-08-29 19:18 - 2011-04-12 09:26 - 00153946 _____ C:\Windows\system32\perfc007.dat
2013-08-29 19:18 - 2009-07-14 07:13 - 01650180 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 19:16 - 2009-07-14 06:51 - 00043450 _____ C:\Windows\setupact.log
2013-08-29 18:02 - 2009-07-14 06:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 18:02 - 2009-07-14 06:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 17:56 - 2013-05-13 23:40 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-29 17:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 14:29 - 2013-08-29 14:29 - 00001833 _____ C:\Users\shegeftfardn\Desktop\JRT.txt
2013-08-29 14:24 - 2013-08-29 14:24 - 01023533 _____ (Thisisu) C:\Users\shegeftfardn\Downloads\JRT.exe
2013-08-29 14:24 - 2013-08-29 14:24 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 14:00 - 2013-08-29 13:57 - 00000000 ____D C:\AdwCleaner
2013-08-29 13:57 - 2013-08-29 13:56 - 00994642 _____ C:\Users\shegeftfardn\Downloads\adwcleaner.exe
2013-08-29 13:49 - 2010-11-21 05:47 - 00054808 _____ C:\Windows\PFRO.log
2013-08-29 13:35 - 2013-08-29 13:35 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Malwarebytes
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 13:35 - 2013-08-29 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 13:34 - 2013-08-29 13:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\shegeftfardn\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 11:22 - 2013-08-29 11:22 - 00027777 _____ C:\ComboFix.txt
2013-08-29 11:22 - 2013-08-29 10:56 - 00000000 ____D C:\Qoobox
2013-08-29 11:22 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-29 11:19 - 2013-08-29 10:55 - 00000000 ____D C:\Windows\erdnt
2013-08-29 11:14 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-29 10:55 - 2013-08-29 10:54 - 05115711 _____ (Swearware) C:\Users\shegeftfardn\Downloads\ComboFix (1).exe
2013-08-29 10:54 - 2013-08-29 10:53 - 05115711 ____R (Swearware) C:\Users\shegeftfardn\Downloads\ComboFix.exe
2013-08-28 23:46 - 2013-01-14 12:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-28 23:36 - 2013-01-14 11:59 - 01628074 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-28 23:27 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2013-08-28 19:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-28 18:10 - 2013-08-28 18:10 - 00021926 _____ C:\Users\shegeftfardn\Downloads\Addition.txt
2013-08-28 18:08 - 2013-08-28 18:08 - 01579080 _____ (Farbar) C:\Users\shegeftfardn\Downloads\FRST64.exe
2013-08-28 18:08 - 2013-08-28 18:08 - 00000000 ____D C:\FRST
2013-08-28 16:12 - 2013-08-28 16:12 - 00012222 _____ C:\Users\shegeftfardn\Documents\hijackthis.log
2013-08-28 16:02 - 2013-08-27 19:50 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-28 12:17 - 2013-08-28 12:17 - 00000000 ____D C:\Users\shegeftfardn\Documents\Fax
2013-08-27 23:06 - 2013-08-27 23:06 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-27 23:05 - 2013-08-27 23:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-27 22:54 - 2013-08-27 19:47 - 00003806 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-08-27 22:44 - 2013-08-27 22:44 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 ____D C:\EmpirumAgent
2013-08-27 22:33 - 2013-08-27 20:47 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 5.5
2013-08-27 22:32 - 2013-08-27 22:32 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\TrojanHunter
2013-08-27 20:47 - 2013-08-27 20:47 - 00059392 ____R C:\Windows\SysWOW64\streamhlp.dll
2013-08-27 20:39 - 2013-08-27 20:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-27 20:37 - 2013-08-27 20:37 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-08-27 19:55 - 2013-05-04 00:18 - 00000000 ____D C:\Windows\Minidump
2013-08-27 19:46 - 2013-08-26 23:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-27 19:41 - 2013-08-27 19:41 - 00000215 _____ C:\Users\shegeftfardn\Desktop\Amazon.url
2013-08-27 19:15 - 2013-01-25 12:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 13:00 - 2013-08-17 12:58 - 00000000 ____D C:\Users\shegeftfardn\Desktop\PrintScreen Files
2013-08-17 11:50 - 2013-08-17 11:50 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-17 11:50 - 2013-05-13 23:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-16 22:11 - 2013-08-16 22:10 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 22:09 - 2013-04-22 23:46 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 22:06 - 2013-07-28 13:13 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Skype
2013-08-16 22:03 - 2013-08-16 22:04 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-16 22:02 - 2013-08-16 22:02 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-16 22:02 - 2013-08-16 22:02 - 00000000 ____D C:\Users\shegeftfardn\AppData\Roaming\Avira
2013-08-16 22:01 - 2013-01-14 11:58 - 00000000 ____D C:\ProgramData\Avira
2013-08-16 22:01 - 2013-01-14 11:58 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-13 08:38 - 2013-08-27 19:46 - 00032328 _____ C:\Windows\Launcher.exe

Files to move or delete:
====================
C:\Users\SHEGEF~1\AppData\Local\Temp\Quarantine.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe
C:\Users\SHEGEF~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-28 18:54

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 30.08.2013, 12:58

Java und Flash Player updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

nazzza · 31.08.2013, 13:50

Hallo Schrauber!

Tausend Dank für deine Hilfe. Ich liebe Malwarebytes und WinPatrol! Mein Laptop fühlt sich jetzt "sauber" an

Toll, dass du die Zeit findest um solchen verzweifelten Menschen wie mir zu helfen!

Viel Erfolg beim Studium!

Liebe Grüße!

schrauber · 31.08.2013, 14:32

Gern Geschehen

29.08.2013, 13:00	#8
schrauber /// the machine /// TB-Ausbilder	Browser Hijacker-Wie bekomme ich es weg? Logs bitte zusammen posten wenn Du sie hast __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

31.08.2013, 14:32	#14
schrauber /// the machine /// TB-Ausbilder	Browser Hijacker-Wie bekomme ich es weg? Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Browser Hijacker-Wie bekomme ich es weg?

Log-Analyse und Auswertung: Browser Hijacker-Wie bekomme ich es weg?