avira: dieses programm wurde durch eine gruppenrichtlinie blockiert

aurelie · 07.12.2013, 22:28

Hallo,

ich habe seit einiger Zeit das Problem, dass ich das Programm Avira nicht mehr öffnen kann und auch nicht mehr löschen kann. Es kommt immer folgende Fehlermeldung:
"Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen
erhalten Sie vom Systemadministrator."

Ich habe auch schon diverse Antivirusprogramme runtergeladen, jedoch hat keins der Programme das Problem lösen können (ADWcleaner, Malewarebytes).

Logfile FST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2013 2
Ran by Beni (administrator) on BENI-PC on 07-12-2013 22:07:55
Running from C:\Users\Beni\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Dropbox, Inc.) C:\Users\Beni\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Nike) C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [6202416 2012-07-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-17] (Lenovo)
HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [200560 2011-12-19] (GFI Software)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_E029F8128A0EDF893F9FC50311C077DC] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6604568 2013-12-01] (SUPERAntiSpyware)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-17] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-10-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nike+ Connect] - C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2013-05-03] (Nike)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation)
Startup: C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Beni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: Search Results
CHR DefaultSearchURL: hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=414&sr=0&q={searchTerms}
CHR DefaultSuggestURL: "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00C2\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00C2\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u00C2\u2122 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Wallet) - C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-09-20] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
S4 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)
S4 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-04] (GFI Software)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U0 Partizan; C:\Windows\SysWow64\drivers\Partizan.sys [35816 2013-11-28] (Greatis Software)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SBRE; C:\Windows\SysWow64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-07 22:07 - 2013-12-07 22:08 - 00018453 _____ C:\Users\Beni\Desktop\FRST.txt
2013-12-07 22:07 - 2013-12-07 22:07 - 00000000 ____D C:\FRST
2013-12-07 22:06 - 2013-12-07 22:06 - 01927514 _____ (Farbar) C:\Users\Beni\Desktop\FRST64.exe
2013-12-07 22:04 - 2013-12-07 22:04 - 00000470 _____ C:\Users\Beni\Desktop\defogger_disable.log
2013-12-07 22:04 - 2013-12-07 22:04 - 00000000 _____ C:\Users\Beni\defogger_reenable
2013-12-07 22:02 - 2013-12-07 22:02 - 00050477 _____ C:\Users\Beni\Desktop\Defogger.exe
2013-12-07 21:49 - 2013-12-07 21:49 - 00001830 _____ C:\Users\Beni\Desktop\Fixlist.txt
2013-12-01 18:25 - 2013-12-01 18:25 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a1717e4e-d9dd-4a08-9d65-c63322f55b6d.job
2013-12-01 18:25 - 2013-12-01 18:25 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 60ccec63-0432-4df0-86ab-19f14972ebf9.job
2013-12-01 18:24 - 2013-12-01 18:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-01 18:24 - 2013-12-01 18:24 - 27853504 _____ (SUPERAntiSpyware) C:\Users\Beni\Desktop\SUPERAntiSpyware.exe
2013-12-01 18:24 - 2013-12-01 18:24 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\Users\Beni\AppData\Roaming\SUPERAntiSpyware.com
2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-01 16:58 - 2013-12-03 17:18 - 00002342 _____ C:\Windows\PFRO.log
2013-12-01 16:57 - 2013-12-01 22:07 - 00000203 _____ C:\Users\Beni\Desktop\virus.txt
2013-12-01 14:05 - 2013-12-01 14:05 - 00165376 _____ C:\Users\Beni\Desktop\SystemLook_x64.exe
2013-12-01 13:33 - 2013-12-01 13:33 - 02347384 _____ (ESET) C:\Users\Beni\Desktop\esetsmartinstaller_enu.exe
2013-12-01 13:25 - 2013-12-01 13:25 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-01 13:25 - 2013-12-01 13:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 13:25 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 13:24 - 2013-12-01 13:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Beni\Desktop\mbam-setup-1_75_0_1300.exe
2013-12-01 13:14 - 2013-12-01 13:14 - 22791896 _____ (Microsoft Corporation) C:\Users\Beni\Desktop\Windows-KB890830-x64-V5_6.exe
2013-12-01 12:51 - 2013-12-01 13:04 - 00000000 ____D C:\Windows\erdnt
2013-11-30 18:19 - 2013-11-30 18:19 - 00000000 _____ C:\autoexec.bat
2013-11-30 18:18 - 2013-11-30 18:18 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-30 18:17 - 2013-12-01 12:57 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-29 19:00 - 2013-12-07 21:26 - 02045747 _____ C:\Windows\WindowsUpdate.log
2013-11-29 18:51 - 2013-12-07 19:16 - 00001120 _____ C:\Windows\setupact.log
2013-11-29 18:51 - 2013-11-29 18:51 - 00000000 _____ C:\Windows\setuperr.log
2013-11-28 21:04 - 2013-11-28 21:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Beni\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-28 20:43 - 2013-12-07 19:16 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2013-11-28 20:42 - 2013-11-28 20:42 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2013-11-28 20:39 - 2013-11-28 21:42 - 00000000 ____D C:\ProgramData\RegRun
2013-11-28 20:39 - 2013-11-28 21:41 - 00000000 ____D C:\Users\Beni\Documents\RegRun2
2013-11-28 20:39 - 2013-11-28 21:40 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2013-11-28 20:39 - 2013-11-28 20:39 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2013-11-28 20:39 - 2013-11-28 20:39 - 00000954 _____ C:\Users\Beni\Desktop\UnHackMe.lnk
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\winstart.bat
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2013-11-28 20:39 - 2013-11-28 20:39 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2013-11-28 20:39 - 2013-09-05 10:19 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2013-11-28 20:31 - 2013-11-28 20:31 - 14104877 _____ C:\Users\Beni\Desktop\unhackme.zip
2013-11-28 20:26 - 2013-11-28 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-28 20:25 - 2013-11-28 21:47 - 00000000 ____D C:\Users\Beni\Desktop\mbar
2013-11-28 20:25 - 2013-11-28 21:43 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-28 20:25 - 2013-11-28 20:25 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Beni\Desktop\mbar-1.07.0.1007.exe
2013-11-28 20:13 - 2013-11-28 20:13 - 00000000 ____D C:\Windows\pss
2013-11-28 20:06 - 2013-11-28 20:06 - 00000000 ____D C:\Users\Beni\AppData\Local\SugarSync
2013-11-28 20:03 - 2013-11-28 20:03 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2013-11-28 08:28 - 2013-11-28 08:28 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-28 07:59 - 2013-11-28 08:28 - 00000000 ____D C:\Program Files\CCleaner
2013-11-28 07:57 - 2013-11-28 07:57 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Desktop\ccsetup407_slim.exe
2013-11-28 07:56 - 2013-11-28 07:56 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Downloads\ccsetup407_slim.exe
2013-11-24 20:15 - 2013-11-24 20:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 20:14 - 2013-11-24 20:14 - 01091882 _____ C:\Users\Beni\Desktop\adwcleaner.exe
2013-11-24 20:14 - 2013-11-24 20:14 - 01034531 _____ (Thisisu) C:\Users\Beni\Desktop\JRT.exe
2013-11-24 19:43 - 2013-11-24 19:43 - 00000000 ____D C:\Users\Beni\Documents\Security
2013-11-24 19:18 - 2013-11-24 19:18 - 00000000 ____D C:\ProgramData\APN
2013-11-24 18:59 - 2013-11-24 18:59 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 18:59 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-24 18:58 - 2013-11-24 18:58 - 00004915 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-24 18:58 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-24 18:58 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-24 18:58 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-24 17:57 - 2013-11-24 17:57 - 00013105 _____ C:\Users\Beni\Desktop\Avira Free Antivirus - Verknüpfung.lnk
2013-11-24 17:40 - 2013-11-24 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-24 17:39 - 2013-11-24 17:39 - 00000000 ____D C:\Program Files (x86)\NoVirusThanks
2013-11-24 11:11 - 2013-11-24 11:11 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\Users\Beni\AppData\Roaming\Malwarebytes
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-23 17:35 - 2013-11-23 17:35 - 00001078 _____ C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-11-23 00:33 - 2013-11-24 17:37 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-22 23:34 - 2013-11-28 08:31 - 00000000 ____D C:\AdwCleaner
2013-11-22 00:02 - 2013-11-22 09:04 - 105626457 _____ C:\Windows\SysWOW64\䕇蚚‘
2013-11-07 20:32 - 2013-11-07 20:32 - 00000000 ____D C:\Users\Beni\AppData\Local\{819BC073-9BA3-41E5-A53C-9F3539D0879E}

==================== One Month Modified Files and Folders =======

2013-12-07 22:08 - 2013-12-07 22:07 - 00018453 _____ C:\Users\Beni\Desktop\FRST.txt
2013-12-07 22:07 - 2013-12-07 22:07 - 00000000 ____D C:\FRST
2013-12-07 22:06 - 2013-12-07 22:06 - 01927514 _____ (Farbar) C:\Users\Beni\Desktop\FRST64.exe
2013-12-07 22:04 - 2013-12-07 22:04 - 00000470 _____ C:\Users\Beni\Desktop\defogger_disable.log
2013-12-07 22:04 - 2013-12-07 22:04 - 00000000 _____ C:\Users\Beni\defogger_reenable
2013-12-07 22:04 - 2012-10-08 15:21 - 00000000 ____D C:\Users\Beni
2013-12-07 22:03 - 2012-10-09 06:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-07 22:02 - 2013-12-07 22:02 - 00050477 _____ C:\Users\Beni\Desktop\Defogger.exe
2013-12-07 22:01 - 2012-07-17 08:50 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-07 21:49 - 2013-12-07 21:49 - 00001830 _____ C:\Users\Beni\Desktop\Fixlist.txt
2013-12-07 21:26 - 2013-11-29 19:00 - 02045747 _____ C:\Windows\WindowsUpdate.log
2013-12-07 21:26 - 2013-04-01 19:01 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-07 21:26 - 2012-10-08 15:21 - 02578448 _____ C:\FaceProv.log
2013-12-07 21:26 - 2012-07-17 08:50 - 00000000 ____D C:\ProgramData\VeriFace
2013-12-07 19:26 - 2009-07-14 05:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-07 19:26 - 2009-07-14 05:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-07 19:19 - 2012-10-08 19:54 - 00000000 ____D C:\Users\Beni\AppData\Roaming\Dropbox
2013-12-07 19:18 - 2012-10-08 19:58 - 00000000 ___RD C:\Users\Beni\Dropbox
2013-12-07 19:17 - 2012-07-17 08:52 - 00121886 _____ C:\Windows\system32\fastboot.set
2013-12-07 19:17 - 2012-07-17 08:46 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2013-12-07 19:16 - 2013-11-29 18:51 - 00001120 _____ C:\Windows\setupact.log
2013-12-07 19:16 - 2013-11-28 20:43 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2013-12-07 19:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-07 19:15 - 2012-10-24 20:03 - 00000000 ____D C:\Users\Beni\AppData\Roaming\SoftGrid Client
2013-12-07 18:54 - 2013-09-09 15:43 - 00000000 ____D C:\Users\Beni\Documents\Nuzed
2013-12-07 14:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-04 08:41 - 2012-11-06 08:35 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-12-03 17:18 - 2013-12-01 16:58 - 00002342 _____ C:\Windows\PFRO.log
2013-12-01 22:07 - 2013-12-01 16:57 - 00000203 _____ C:\Users\Beni\Desktop\virus.txt
2013-12-01 18:25 - 2013-12-01 18:25 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a1717e4e-d9dd-4a08-9d65-c63322f55b6d.job
2013-12-01 18:25 - 2013-12-01 18:25 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 60ccec63-0432-4df0-86ab-19f14972ebf9.job
2013-12-01 18:25 - 2013-12-01 18:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-01 18:24 - 2013-12-01 18:24 - 27853504 _____ (SUPERAntiSpyware) C:\Users\Beni\Desktop\SUPERAntiSpyware.exe
2013-12-01 18:24 - 2013-12-01 18:24 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\Users\Beni\AppData\Roaming\SUPERAntiSpyware.com
2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-01 14:05 - 2013-12-01 14:05 - 00165376 _____ C:\Users\Beni\Desktop\SystemLook_x64.exe
2013-12-01 13:33 - 2013-12-01 13:33 - 02347384 _____ (ESET) C:\Users\Beni\Desktop\esetsmartinstaller_enu.exe
2013-12-01 13:25 - 2013-12-01 13:25 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-01 13:25 - 2013-12-01 13:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 13:25 - 2013-12-01 13:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Beni\Desktop\mbam-setup-1_75_0_1300.exe
2013-12-01 13:14 - 2013-12-01 13:14 - 22791896 _____ (Microsoft Corporation) C:\Users\Beni\Desktop\Windows-KB890830-x64-V5_6.exe
2013-12-01 13:06 - 2009-07-14 04:20 - 00000000 ___HD C:\Users\Default
2013-12-01 13:04 - 2013-12-01 12:51 - 00000000 ____D C:\Windows\erdnt
2013-12-01 13:03 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-01 12:57 - 2013-11-30 18:17 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-30 18:19 - 2013-11-30 18:19 - 00000000 _____ C:\autoexec.bat
2013-11-30 18:18 - 2013-11-30 18:18 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-30 17:16 - 2012-07-17 08:24 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-30 17:16 - 2012-07-17 08:24 - 00000000 ____D C:\Windows\system32\NV
2013-11-30 17:16 - 2012-07-17 08:23 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-30 11:44 - 2012-07-17 08:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-30 11:44 - 2012-07-17 08:08 - 00000000 ____D C:\Program Files (x86)\Intel
2013-11-29 18:51 - 2013-11-29 18:51 - 00000000 _____ C:\Windows\setuperr.log
2013-11-28 21:47 - 2013-11-28 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-28 21:47 - 2013-11-28 20:25 - 00000000 ____D C:\Users\Beni\Desktop\mbar
2013-11-28 21:43 - 2013-11-28 20:25 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-28 21:42 - 2013-11-28 20:39 - 00000000 ____D C:\ProgramData\RegRun
2013-11-28 21:41 - 2013-11-28 20:39 - 00000000 ____D C:\Users\Beni\Documents\RegRun2
2013-11-28 21:40 - 2013-11-28 20:39 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2013-11-28 21:04 - 2013-11-28 21:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Beni\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-28 20:42 - 2013-11-28 20:42 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2013-11-28 20:39 - 2013-11-28 20:39 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2013-11-28 20:39 - 2013-11-28 20:39 - 00000954 _____ C:\Users\Beni\Desktop\UnHackMe.lnk
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\winstart.bat
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2013-11-28 20:39 - 2013-11-28 20:39 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2013-11-28 20:31 - 2013-11-28 20:31 - 14104877 _____ C:\Users\Beni\Desktop\unhackme.zip
2013-11-28 20:25 - 2013-11-28 20:25 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Beni\Desktop\mbar-1.07.0.1007.exe
2013-11-28 20:13 - 2013-11-28 20:13 - 00000000 ____D C:\Windows\pss
2013-11-28 20:06 - 2013-11-28 20:06 - 00000000 ____D C:\Users\Beni\AppData\Local\SugarSync
2013-11-28 20:06 - 2012-10-08 15:26 - 00000000 ___RD C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-28 20:03 - 2013-11-28 20:03 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2013-11-28 08:31 - 2013-11-22 23:34 - 00000000 ____D C:\AdwCleaner
2013-11-28 08:28 - 2013-11-28 08:28 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-28 08:28 - 2013-11-28 07:59 - 00000000 ____D C:\Program Files\CCleaner
2013-11-28 08:05 - 2012-12-02 18:54 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-11-28 08:05 - 2012-10-09 19:48 - 00000000 ____D C:\Users\Beni\AppData\Local\CrashDumps
2013-11-28 08:05 - 2011-02-24 18:03 - 00000000 ____D C:\Windows\Panther
2013-11-28 07:57 - 2013-11-28 07:57 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Desktop\ccsetup407_slim.exe
2013-11-28 07:56 - 2013-11-28 07:56 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Downloads\ccsetup407_slim.exe
2013-11-26 08:27 - 2013-05-09 08:03 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-24 20:15 - 2013-11-24 20:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 20:14 - 2013-11-24 20:14 - 01091882 _____ C:\Users\Beni\Desktop\adwcleaner.exe
2013-11-24 20:14 - 2013-11-24 20:14 - 01034531 _____ (Thisisu) C:\Users\Beni\Desktop\JRT.exe
2013-11-24 19:43 - 2013-11-24 19:43 - 00000000 ____D C:\Users\Beni\Documents\Security
2013-11-24 19:18 - 2013-11-24 19:18 - 00000000 ____D C:\ProgramData\APN
2013-11-24 18:59 - 2013-11-24 18:59 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 18:58 - 2013-11-24 18:58 - 00004915 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-24 18:58 - 2013-06-23 13:36 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-24 17:57 - 2013-11-24 17:57 - 00013105 _____ C:\Users\Beni\Desktop\Avira Free Antivirus - Verknüpfung.lnk
2013-11-24 17:40 - 2013-11-24 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-24 17:39 - 2013-11-24 17:39 - 00000000 ____D C:\Program Files (x86)\NoVirusThanks
2013-11-24 17:37 - 2013-11-23 00:33 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-24 11:43 - 2012-07-17 08:51 - 00000000 ____D C:\Program Files\Google
2013-11-24 11:43 - 2012-07-17 08:50 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-24 11:31 - 2012-10-08 15:30 - 00000000 ____D C:\Users\Beni\AppData\Local\Google
2013-11-24 11:11 - 2013-11-24 11:11 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\Users\Beni\AppData\Roaming\Malwarebytes
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-23 17:35 - 2013-11-23 17:35 - 00001078 _____ C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-11-22 09:04 - 2013-11-22 00:02 - 105626457 _____ C:\Windows\SysWOW64\䕇蚚‘
2013-11-19 11:21 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-14 18:32 - 2013-11-05 10:23 - 00000000 ____D C:\Users\Beni\AppData\Roaming\TeamViewer
2013-11-08 16:50 - 2013-09-25 20:44 - 00000000 ____D C:\Users\Beni\AppData\Roaming\FreeVideoConverter
2013-11-08 16:50 - 2012-10-08 15:21 - 00000000 ____D C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-11-08 16:50 - 2011-10-10 09:19 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-08 16:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-08 16:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-08 13:53 - 2012-10-08 15:27 - 00000000 ____D C:\Users\Beni\AppData\Local\Adobe
2013-11-08 10:18 - 2009-07-14 05:45 - 00431264 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-08 10:05 - 2012-10-08 19:29 - 00000000 ____D C:\Users\Beni\Documents\Aurelie
2013-11-07 20:32 - 2013-11-07 20:32 - 00000000 ____D C:\Users\Beni\AppData\Local\{819BC073-9BA3-41E5-A53C-9F3539D0879E}
2013-11-07 16:00 - 2012-10-13 09:11 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Beni\AppData\Local\Temp\fbf8h2jn.dll
C:\Users\Beni\AppData\Local\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-01 16:25

==================== End Of Log ============================

Ich bin sehr dankbar für Hilfe!!

Aurelie

schrauber · 08.12.2013, 06:31

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

aurelie · 08.12.2013, 11:50

Hallo,

vielen Dank für die Anwort.

Hier der log-file:

Code:

ATTFilter

ComboFix 13-12-07.01 - Beni 08.12.2013  11:37:27.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8094.5856 [GMT 1:00]
ausgeführt von:: c:\users\Beni\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\ntuser.dat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-08 bis 2013-12-08  ))))))))))))))))))))))))))))))
.
.
2013-12-08 10:42 . 2013-12-08 10:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-08 10:42 . 2013-12-08 10:42	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-12-08 10:03 . 2013-12-08 10:04	--------	d-----w-	c:\programdata\Max Secure
2013-12-08 10:01 . 2013-12-08 10:01	--------	d-----w-	c:\users\Beni\AppData\Local\Max Secure Software
2013-12-08 10:01 . 2013-12-08 10:01	--------	d-----w-	c:\users\Beni\AppData\Roaming\GetRightToGo
2013-12-07 21:07 . 2013-12-07 21:07	--------	d-----w-	C:\FRST
2013-11-30 17:18 . 2013-11-30 17:18	--------	d-----w-	c:\program files\Enigma Software Group
2013-11-30 17:17 . 2013-12-01 11:57	--------	d-----w-	c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-30 17:17 . 2013-11-30 17:17	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-11-28 19:42 . 2013-11-28 19:42	40208	----a-w-	c:\windows\system32\Partizan.exe
2013-11-28 19:39 . 2013-11-28 20:42	--------	d-----w-	c:\programdata\RegRun
2013-11-28 19:39 . 2013-11-28 19:39	2	--shatr-	c:\windows\winstart.bat
2013-11-28 19:39 . 2013-12-08 10:34	--------	d-----w-	c:\program files (x86)\UnHackMe
2013-11-28 19:26 . 2013-11-28 20:47	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-28 19:06 . 2013-11-28 19:06	--------	d-----w-	c:\users\Beni\AppData\Local\SugarSync
2013-11-28 19:03 . 2013-11-28 19:03	--------	d-----w-	c:\program files (x86)\DLLSuite
2013-11-24 19:15 . 2013-11-24 19:15	--------	d-----w-	c:\windows\ERUNT
2013-11-24 18:18 . 2013-11-24 18:18	--------	d-----w-	c:\programdata\APN
2013-11-24 17:59 . 2013-11-24 17:59	--------	d-----w-	c:\programdata\Oracle
2013-11-24 17:59 . 2013-11-24 17:59	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-11-24 17:58 . 2013-10-08 06:50	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-24 16:39 . 2013-11-24 16:39	--------	d-----w-	c:\program files (x86)\NoVirusThanks
2013-11-24 10:11 . 2013-11-24 10:11	--------	d-----w-	c:\programdata\Ad-Aware Antivirus
2013-11-23 23:00 . 2013-11-23 23:00	--------	d-----w-	c:\users\Beni\AppData\Roaming\Malwarebytes
2013-11-23 23:00 . 2013-11-23 23:00	--------	d-----w-	c:\programdata\Malwarebytes
2013-11-22 22:34 . 2013-11-28 07:31	--------	d-----w-	C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-07 20:26 . 2013-04-01 18:01	107416	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-11-26 07:27 . 2013-05-09 07:03	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-11-19 10:21 . 2010-11-21 03:27	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-11-07 15:00 . 2012-10-13 08:11	82896128	----a-w-	c:\windows\system32\MRT.exe
2013-10-31 18:25 . 2013-04-01 18:01	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-10-31 18:25 . 2013-04-01 18:01	132600	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-10-09 06:14 . 2012-10-09 05:40	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 06:14 . 2012-10-09 05:40	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-23 18:37 . 2013-09-23 18:37	0	----a-w-	c:\windows\SysWow64\sho7188.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Beni\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Beni\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Beni\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_E029F8128A0EDF893F9FC50311C077DC"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-12-04 863184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-20 507744]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2011-11-24 548864]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-07-17 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-25 337776]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-10-31 683576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Nike+ Connect"="c:\program files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2013-05-03 70656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Beni\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R4 DamageGuard;DamageGuard;c:\windows\system32\DRIVERS\DamageGuardX64.sys;c:\windows\SYSNATIVE\DRIVERS\DamageGuardX64.sys [x]
R4 DamageGuardSvc;Lenovo Instant Reset Service;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe [x]
R4 dgFltr;dgFltr;c:\windows\system32\drivers\dgFltrX64.sys;c:\windows\SYSNATIVE\drivers\dgFltrX64.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-07 14:01	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-23 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-09-20 14:03]
.
2013-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 06:14]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cec8a2d4ca1415.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 07:50]
.
2013-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 07:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Beni\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Beni\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Beni\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Beni\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-07-17 07:50	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-12-15 564352]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\btvstack.exe" [2012-04-28 1022592]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\athbttray.exe" [2012-04-28 801920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-07-17 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-07-17 6202416]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-07-17 206176]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2011-12-19 200560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\Beni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-08  11:44:24
ComboFix-quarantined-files.txt  2013-12-08 10:44
.
Vor Suchlauf: 19 Verzeichnis(se), 391.945.232.384 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 391.664.447.488 Bytes frei
.
- - End Of File - - 4BB26C31B88A59A15BF833B04BF68EF5

schrauber · 08.12.2013, 16:37

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

aurelie · 08.12.2013, 19:49

Hallo Schrauber,

ich habe die Programme durchlaufen lassen und folgende logfiles erhalten:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Beni :: BENI-PC [Administrator]

08.12.2013 18:08:10
mbam-log-2013-12-08 (18-08-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 417126
Laufzeit: 1 Stunde(n), 11 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

# AdwCleaner v3.014 - Bericht erstellt am 08/12/2013 um 19:23:53
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Beni - BENI-PC
# Gestartet von : C:\Users\Beni\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Beni\AppData\Local\Max Secure Software

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\SIEN SA
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : search_url

*************************

AdwCleaner[R0].txt - [10459 octets] - [22/11/2013 23:34:40]
AdwCleaner[R10].txt - [4309 octets] - [24/11/2013 20:16:43]
AdwCleaner[R11].txt - [2099 octets] - [28/11/2013 08:31:07]
AdwCleaner[R12].txt - [2270 octets] - [08/12/2013 19:21:55]
AdwCleaner[R1].txt - [1057 octets] - [22/11/2013 23:54:07]
AdwCleaner[R2].txt - [1178 octets] - [23/11/2013 00:00:32]
AdwCleaner[R3].txt - [1298 octets] - [23/11/2013 00:16:27]
AdwCleaner[R4].txt - [1419 octets] - [23/11/2013 00:28:45]
AdwCleaner[R5].txt - [1479 octets] - [23/11/2013 15:37:38]
AdwCleaner[R6].txt - [1599 octets] - [23/11/2013 17:37:06]
AdwCleaner[R7].txt - [1719 octets] - [23/11/2013 20:20:57]
AdwCleaner[R8].txt - [1839 octets] - [24/11/2013 09:27:31]
AdwCleaner[R9].txt - [1899 octets] - [24/11/2013 11:25:09]
AdwCleaner[S0].txt - [9319 octets] - [22/11/2013 23:46:55]
AdwCleaner[S1].txt - [1119 octets] - [22/11/2013 23:56:22]
AdwCleaner[S2].txt - [1240 octets] - [23/11/2013 00:01:42]
AdwCleaner[S3].txt - [1360 octets] - [23/11/2013 00:23:10]
AdwCleaner[S4].txt - [1540 octets] - [23/11/2013 15:38:25]
AdwCleaner[S5].txt - [1660 octets] - [23/11/2013 17:37:40]
AdwCleaner[S6].txt - [1780 octets] - [23/11/2013 20:21:25]
AdwCleaner[S7].txt - [3899 octets] - [24/11/2013 20:17:38]
AdwCleaner[S8].txt - [2192 octets] - [08/12/2013 19:23:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2252 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Beni on 08.12.2013 at 19:32:50,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho7188.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC186.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Beni\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Beni\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{0277BA67-269F-4895-A87A-DB98F81B5E84}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{03B88F03-14D4-46C0-9B6A-9A42B0381920}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{0C103C69-D7B6-4C2E-8993-E0EFA73D488D}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{0F490E1E-0A0A-410D-812A-24AEF8F2E44F}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{15685AE4-2C5A-4794-9059-0AFCC7BDB119}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{18B45D49-4545-476C-AFDC-3C0E258D236E}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{2171B3A5-CF04-4801-B836-5368F2FF7FC0}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{2234A366-8067-4E81-9AAE-6E326CCA8AF1}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{231F1506-CC00-4A44-8224-9B70F4878A83}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{252FBA2A-1578-4841-8D59-FAEB0234A77B}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{30025E53-2691-46FE-BAB4-B80B4A32E565}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{3010580B-7101-426C-890B-47A77C13B1CB}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{33A72EC4-B845-4135-97DA-0D2FAE2592D9}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{33F304E7-9524-42BC-A0C7-826B26A3B886}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{3869C6E9-73DF-4EA7-805B-9CD50CF5CDB5}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{3872BD4F-1C01-4D72-95E2-3F89421B55BD}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{38B10ECA-521C-44C2-9EA0-57B26EC26839}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{39DA646A-AE01-49C5-B5C2-E7766463CECD}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{3AFB7BDD-4FCF-457A-82E3-D1C5B548BB8A}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{440C6A81-6433-455B-91DC-1A6F07F2594D}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{47899D83-17BB-49F1-B552-54023EAAAB39}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{4A6C0ACA-2E2B-4865-ACC2-139C7BA55258}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{4D6FF671-12AF-41A0-8367-57F1DBF5B44B}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{4E4AF955-D5F1-4661-820B-0C67CBDB0108}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{51B4915A-AA61-4DE6-B659-D7166E636037}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{51D97031-7D91-4E6D-8B2C-BCA279B8F023}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{55F39C3E-14F7-41DC-8AB0-00DF6504A6B6}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{56744785-71BC-4F36-8990-C7366B4A745F}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{5AAE410D-D719-4C16-BA25-B4E313E5C6CC}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{5AD9A42A-CE38-4554-B2E5-766AA091110A}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{5F3F8E82-EA48-48EE-97BD-A993B5F220EF}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{5F9A0170-8144-4D2C-AF59-84F55DE736CA}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{6503A05F-9A55-45A3-B2FC-9FA0A5D6C930}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{67D7419F-7EF1-4ABC-9FF3-A68557C15646}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{6F64A3AD-96E0-4247-840B-57335AD182A3}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{77D9B396-08BE-4B5A-9009-718A79492F5D}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{7CA12F8C-7120-4807-BF14-5045A130FC7E}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{7CAAB5AB-0407-44FA-95DA-DE19877282D2}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{7D005DC4-8D88-46E3-901A-926089588765}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{804AD583-833A-4C53-852A-569957128C0C}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{819BC073-9BA3-41E5-A53C-9F3539D0879E}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{822548B9-9A41-4B0F-AE2B-00897BEA87BE}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{85E72282-85E4-4AF4-85E5-12CF2AAB228D}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{8600170A-377D-435B-9F4B-84173CE6C841}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{8AA369A2-B0EA-4EF2-B003-62AA86E2E28C}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{95CAA392-77B3-4023-B106-5696B874A937}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{96DE6261-B83B-40CC-81DA-2B282BEE6A5C}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{9918903B-67AE-4398-A0FF-1F49FBABC9F8}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{9B057A3C-4301-4029-8939-E05E19D91B13}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{9CB6ABF8-64B2-47AA-B8CE-AD858654ABDB}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{9D4C8413-CB79-45FE-989A-AB52C13B3BBF}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{9D50A5BE-8C56-4FF7-B825-3195479BC15F}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{9DE7342F-23B8-4FEB-8EEB-46AA14937799}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{A0698BCF-302A-4260-BDE6-5520E7E9611D}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{A1624893-A92C-4451-8A9B-0794862D8E6C}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{A2FEBC91-E1B5-49DF-AF6A-FC68022A43E2}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{A30B1B3C-1514-4D36-8444-0C88F6660FDE}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{A51BD351-9050-46C2-9948-5AA844B22EB5}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{A7EE2B40-6D78-44ED-8FC6-C2A94164F9BE}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{A8F32345-F561-4388-95DF-D06FFCAB38F0}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{AD31B997-8F1F-4FE7-AECA-CD348FE09AAE}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{AFEBEE0B-78A8-419F-A7FB-6C5FF93D1844}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{BDA17B61-1B4D-4FD7-8A27-F18BB6323CD1}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{BEAF2021-45E0-4A08-B3D6-F7114920B8ED}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{BFAF7481-22D3-40AA-A98D-C752C21272A2}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{C47CE47A-5BE7-4D68-9497-39A431F0A07C}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{C5C4B74F-8BF8-4FD2-AA33-1269A0DA0808}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{C7918C67-626D-41E9-9807-D684F0D0BA29}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{C7A8CEA4-70D9-41EC-9F34-3EA4C5B3A236}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{CA49D029-1C48-4CD8-8658-E9C93B3C1000}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{D34318C0-147B-4418-9426-8B52A56736A4}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{D661B01B-F416-4E81-B969-12B09EBE21CF}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{DB0DE0F2-497A-4074-87AB-4F1E7A6C2ED9}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{E7DC64C9-2BE9-4BA1-A1BA-CF2BB31BABF0}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{E9D77723-FD0D-426B-B1DE-E3C4624EE07E}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{F444DE91-B741-4F4B-AE07-280CF0DEBFF7}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{F73D96FA-DC54-42C8-8AD6-808EFE59A633}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{F85F026F-2940-4491-9842-0DAB7B9E62E3}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{F9F9E8C0-596A-487C-A6C6-52E7E4C27FEB}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{FA901666-D52A-44F2-80BA-A478E41F754B}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{FD13E9DD-5AA9-4997-A766-90F9B3E8CCB3}
Successfully deleted: [Empty Folder] C:\Users\Beni\appdata\local\{FF2C2239-058B-4104-9B54-08C965FE3E0F}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.12.2013 at 19:37:30,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2013 2
Ran by Beni (administrator) on BENI-PC on 08-12-2013 19:41:57
Running from C:\Users\Beni\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\Beni\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nike) C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [6202416 2012-07-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-17] (Lenovo)
HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [200560 2011-12-19] (GFI Software)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_E029F8128A0EDF893F9FC50311C077DC] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-17] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-10-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nike+ Connect] - C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2013-05-03] (Nike)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation)
Startup: C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Beni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: Search Results
CHR DefaultSearchURL: hxxp://www.google.com
CHR DefaultSuggestURL:       "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00C2\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00C2\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u00C2\u2122 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Wallet) - C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-09-20] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
S4 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)
S4 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-04] (GFI Software)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S1 SBRE; C:\Windows\SysWow64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 BcmSqlStartupSvc; 
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 Oasis2Service; 
U0 Partizan; system32\drivers\Partizan.sys [x]
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-08 19:37 - 2013-12-08 19:37 - 00009942 _____ C:\Users\Beni\Desktop\JRT.txt
2013-12-08 19:32 - 2013-12-08 19:32 - 01034531 _____ (Thisisu) C:\Users\Beni\Desktop\JRT.exe
2013-12-08 19:20 - 2013-12-08 19:39 - 00000000 ____D C:\Users\Beni\Desktop\log
2013-12-08 19:20 - 2013-12-08 19:20 - 01110034 _____ C:\Users\Beni\Desktop\adwcleaner.exe
2013-12-08 18:06 - 2013-12-08 18:06 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-08 18:06 - 2013-12-08 18:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-08 18:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-08 18:05 - 2013-12-08 18:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Beni\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-08 11:50 - 2013-12-08 19:25 - 00003882 _____ C:\FaceProv.log
2013-12-08 11:50 - 2013-12-08 11:50 - 00025439 _____ C:\Users\Beni\Desktop\combofix.txt
2013-12-08 11:44 - 2013-12-08 11:44 - 00025439 _____ C:\ComboFix.txt
2013-12-08 11:35 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-08 11:35 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-08 11:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-08 11:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-08 11:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-08 11:35 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-08 11:35 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-08 11:35 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-08 11:28 - 2013-12-08 11:44 - 00000000 ____D C:\Qoobox
2013-12-08 11:09 - 2013-12-08 11:09 - 05153293 ____R (Swearware) C:\Users\Beni\Desktop\ComboFix.exe
2013-12-08 11:03 - 2013-12-08 11:04 - 00000000 ____D C:\ProgramData\Max Secure
2013-12-08 11:01 - 2013-12-08 11:01 - 00000000 ____D C:\Users\Beni\AppData\Roaming\GetRightToGo
2013-12-07 22:08 - 2013-12-07 22:08 - 00021966 _____ C:\Users\Beni\Desktop\Addition.txt
2013-12-07 22:07 - 2013-12-08 19:41 - 00017313 _____ C:\Users\Beni\Desktop\FRST.txt
2013-12-07 22:07 - 2013-12-07 22:07 - 00000000 ____D C:\FRST
2013-12-07 22:06 - 2013-12-07 22:06 - 01927514 _____ (Farbar) C:\Users\Beni\Desktop\FRST64.exe
2013-12-07 22:04 - 2013-12-07 22:04 - 00000470 _____ C:\Users\Beni\Desktop\defogger_disable.log
2013-12-07 22:04 - 2013-12-07 22:04 - 00000000 _____ C:\Users\Beni\defogger_reenable
2013-12-07 22:02 - 2013-12-07 22:02 - 00050477 _____ C:\Users\Beni\Desktop\Defogger.exe
2013-12-07 21:49 - 2013-12-07 21:49 - 00001830 _____ C:\Users\Beni\Desktop\Fixlist.txt
2013-12-01 18:24 - 2013-12-01 18:24 - 27853504 _____ (SUPERAntiSpyware) C:\Users\Beni\Desktop\SUPERAntiSpyware.exe
2013-12-01 16:58 - 2013-12-08 19:24 - 00008984 _____ C:\Windows\PFRO.log
2013-12-01 16:57 - 2013-12-01 22:07 - 00000203 _____ C:\Users\Beni\Desktop\virus.txt
2013-12-01 14:05 - 2013-12-01 14:05 - 00165376 _____ C:\Users\Beni\Desktop\SystemLook_x64.exe
2013-12-01 13:33 - 2013-12-01 13:33 - 02347384 _____ (ESET) C:\Users\Beni\Desktop\esetsmartinstaller_enu.exe
2013-12-01 13:14 - 2013-12-01 13:14 - 22791896 _____ (Microsoft Corporation) C:\Users\Beni\Desktop\Windows-KB890830-x64-V5_6.exe
2013-12-01 12:51 - 2013-12-01 13:04 - 00000000 ____D C:\Windows\erdnt
2013-11-30 18:19 - 2013-11-30 18:19 - 00000000 _____ C:\autoexec.bat
2013-11-30 18:18 - 2013-11-30 18:18 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-30 18:17 - 2013-12-01 12:57 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-29 19:00 - 2013-12-08 19:24 - 01394978 _____ C:\Windows\WindowsUpdate.log
2013-11-29 18:51 - 2013-12-08 19:24 - 00001288 _____ C:\Windows\setupact.log
2013-11-29 18:51 - 2013-11-29 18:51 - 00000000 _____ C:\Windows\setuperr.log
2013-11-28 20:43 - 2013-12-08 11:19 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2013-11-28 20:42 - 2013-11-28 20:42 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2013-11-28 20:39 - 2013-12-08 11:34 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2013-11-28 20:39 - 2013-11-28 21:42 - 00000000 ____D C:\ProgramData\RegRun
2013-11-28 20:39 - 2013-11-28 21:41 - 00000000 ____D C:\Users\Beni\Documents\RegRun2
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\winstart.bat
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2013-11-28 20:31 - 2013-11-28 20:31 - 14104877 _____ C:\Users\Beni\Desktop\unhackme.zip
2013-11-28 20:26 - 2013-11-28 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-28 20:25 - 2013-11-28 21:47 - 00000000 ____D C:\Users\Beni\Desktop\mbar
2013-11-28 20:25 - 2013-11-28 20:25 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Beni\Desktop\mbar-1.07.0.1007.exe
2013-11-28 20:13 - 2013-11-28 20:13 - 00000000 ____D C:\Windows\pss
2013-11-28 20:06 - 2013-11-28 20:06 - 00000000 ____D C:\Users\Beni\AppData\Local\SugarSync
2013-11-28 20:03 - 2013-11-28 20:03 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2013-11-28 07:57 - 2013-11-28 07:57 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Desktop\ccsetup407_slim.exe
2013-11-28 07:56 - 2013-11-28 07:56 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Downloads\ccsetup407_slim.exe
2013-11-24 20:15 - 2013-11-24 20:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 19:43 - 2013-11-24 19:43 - 00000000 ____D C:\Users\Beni\Documents\Security
2013-11-24 18:59 - 2013-11-24 18:59 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 18:59 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-24 18:58 - 2013-11-24 18:58 - 00004915 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-24 18:58 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-24 18:58 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-24 18:58 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-24 17:57 - 2013-11-24 17:57 - 00013105 _____ C:\Users\Beni\Desktop\Avira Free Antivirus - Verknüpfung.lnk
2013-11-24 17:40 - 2013-11-24 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-24 17:39 - 2013-11-24 17:39 - 00000000 ____D C:\Program Files (x86)\NoVirusThanks
2013-11-24 11:11 - 2013-11-24 11:11 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\Users\Beni\AppData\Roaming\Malwarebytes
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-23 17:35 - 2013-11-23 17:35 - 00001078 _____ C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-11-23 00:33 - 2013-11-24 17:37 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-22 23:34 - 2013-12-08 19:23 - 00000000 ____D C:\AdwCleaner
2013-11-22 00:02 - 2013-11-22 09:04 - 105626457 _____ C:\Windows\SysWOW64\䕇蚚‘

==================== One Month Modified Files and Folders =======

2013-12-08 19:42 - 2013-12-07 22:07 - 00017313 _____ C:\Users\Beni\Desktop\FRST.txt
2013-12-08 19:39 - 2013-12-08 19:20 - 00000000 ____D C:\Users\Beni\Desktop\log
2013-12-08 19:37 - 2013-12-08 19:37 - 00009942 _____ C:\Users\Beni\Desktop\JRT.txt
2013-12-08 19:34 - 2009-07-14 05:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 19:34 - 2009-07-14 05:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 19:33 - 2013-11-29 19:00 - 01394978 _____ C:\Windows\WindowsUpdate.log
2013-12-08 19:32 - 2013-12-08 19:32 - 01034531 _____ (Thisisu) C:\Users\Beni\Desktop\JRT.exe
2013-12-08 19:28 - 2012-10-08 19:54 - 00000000 ____D C:\Users\Beni\AppData\Roaming\Dropbox
2013-12-08 19:27 - 2012-10-08 19:58 - 00000000 ___RD C:\Users\Beni\Dropbox
2013-12-08 19:26 - 2012-07-17 08:52 - 00294550 _____ C:\Windows\system32\fastboot.set
2013-12-08 19:26 - 2012-07-17 08:50 - 00000000 ____D C:\ProgramData\VeriFace
2013-12-08 19:25 - 2013-12-08 11:50 - 00003882 _____ C:\FaceProv.log
2013-12-08 19:24 - 2013-12-01 16:58 - 00008984 _____ C:\Windows\PFRO.log
2013-12-08 19:24 - 2013-11-29 18:51 - 00001288 _____ C:\Windows\setupact.log
2013-12-08 19:24 - 2012-07-17 08:46 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2013-12-08 19:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 19:23 - 2013-11-22 23:34 - 00000000 ____D C:\AdwCleaner
2013-12-08 19:20 - 2013-12-08 19:20 - 01110034 _____ C:\Users\Beni\Desktop\adwcleaner.exe
2013-12-08 19:03 - 2012-10-09 06:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-08 19:01 - 2012-07-17 08:50 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-08 18:06 - 2013-12-08 18:06 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-08 18:06 - 2013-12-08 18:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-08 18:05 - 2013-12-08 18:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Beni\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-08 11:50 - 2013-12-08 11:50 - 00025439 _____ C:\Users\Beni\Desktop\combofix.txt
2013-12-08 11:44 - 2013-12-08 11:44 - 00025439 _____ C:\ComboFix.txt
2013-12-08 11:44 - 2013-12-08 11:28 - 00000000 ____D C:\Qoobox
2013-12-08 11:42 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-08 11:34 - 2013-11-28 20:39 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2013-12-08 11:19 - 2013-11-28 20:43 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2013-12-08 11:13 - 2012-10-08 15:26 - 00112496 _____ C:\Users\Beni\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-08 11:12 - 2009-07-14 05:45 - 00431288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-08 11:09 - 2013-12-08 11:09 - 05153293 ____R (Swearware) C:\Users\Beni\Desktop\ComboFix.exe
2013-12-08 11:04 - 2013-12-08 11:03 - 00000000 ____D C:\ProgramData\Max Secure
2013-12-08 11:01 - 2013-12-08 11:01 - 00000000 ____D C:\Users\Beni\AppData\Roaming\GetRightToGo
2013-12-07 22:08 - 2013-12-07 22:08 - 00021966 _____ C:\Users\Beni\Desktop\Addition.txt
2013-12-07 22:07 - 2013-12-07 22:07 - 00000000 ____D C:\FRST
2013-12-07 22:06 - 2013-12-07 22:06 - 01927514 _____ (Farbar) C:\Users\Beni\Desktop\FRST64.exe
2013-12-07 22:04 - 2013-12-07 22:04 - 00000470 _____ C:\Users\Beni\Desktop\defogger_disable.log
2013-12-07 22:04 - 2013-12-07 22:04 - 00000000 _____ C:\Users\Beni\defogger_reenable
2013-12-07 22:04 - 2012-10-08 15:21 - 00000000 ____D C:\Users\Beni
2013-12-07 22:02 - 2013-12-07 22:02 - 00050477 _____ C:\Users\Beni\Desktop\Defogger.exe
2013-12-07 21:49 - 2013-12-07 21:49 - 00001830 _____ C:\Users\Beni\Desktop\Fixlist.txt
2013-12-07 21:26 - 2013-04-01 19:01 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-07 19:15 - 2012-10-24 20:03 - 00000000 ____D C:\Users\Beni\AppData\Roaming\SoftGrid Client
2013-12-07 18:54 - 2013-09-09 15:43 - 00000000 ____D C:\Users\Beni\Documents\Nuzed
2013-12-07 14:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-04 08:41 - 2012-11-06 08:35 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-12-01 22:07 - 2013-12-01 16:57 - 00000203 _____ C:\Users\Beni\Desktop\virus.txt
2013-12-01 18:24 - 2013-12-01 18:24 - 27853504 _____ (SUPERAntiSpyware) C:\Users\Beni\Desktop\SUPERAntiSpyware.exe
2013-12-01 14:05 - 2013-12-01 14:05 - 00165376 _____ C:\Users\Beni\Desktop\SystemLook_x64.exe
2013-12-01 13:33 - 2013-12-01 13:33 - 02347384 _____ (ESET) C:\Users\Beni\Desktop\esetsmartinstaller_enu.exe
2013-12-01 13:14 - 2013-12-01 13:14 - 22791896 _____ (Microsoft Corporation) C:\Users\Beni\Desktop\Windows-KB890830-x64-V5_6.exe
2013-12-01 13:06 - 2009-07-14 04:20 - 00000000 ___HD C:\Users\Default
2013-12-01 13:04 - 2013-12-01 12:51 - 00000000 ____D C:\Windows\erdnt
2013-12-01 12:57 - 2013-11-30 18:17 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-30 18:19 - 2013-11-30 18:19 - 00000000 _____ C:\autoexec.bat
2013-11-30 18:18 - 2013-11-30 18:18 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-30 17:16 - 2012-07-17 08:24 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-30 17:16 - 2012-07-17 08:24 - 00000000 ____D C:\Windows\system32\NV
2013-11-30 17:16 - 2012-07-17 08:23 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-30 11:44 - 2012-07-17 08:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-30 11:44 - 2012-07-17 08:08 - 00000000 ____D C:\Program Files (x86)\Intel
2013-11-29 18:51 - 2013-11-29 18:51 - 00000000 _____ C:\Windows\setuperr.log
2013-11-28 21:47 - 2013-11-28 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-28 21:47 - 2013-11-28 20:25 - 00000000 ____D C:\Users\Beni\Desktop\mbar
2013-11-28 21:42 - 2013-11-28 20:39 - 00000000 ____D C:\ProgramData\RegRun
2013-11-28 21:41 - 2013-11-28 20:39 - 00000000 ____D C:\Users\Beni\Documents\RegRun2
2013-11-28 20:42 - 2013-11-28 20:42 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\winstart.bat
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2013-11-28 20:31 - 2013-11-28 20:31 - 14104877 _____ C:\Users\Beni\Desktop\unhackme.zip
2013-11-28 20:25 - 2013-11-28 20:25 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Beni\Desktop\mbar-1.07.0.1007.exe
2013-11-28 20:13 - 2013-11-28 20:13 - 00000000 ____D C:\Windows\pss
2013-11-28 20:06 - 2013-11-28 20:06 - 00000000 ____D C:\Users\Beni\AppData\Local\SugarSync
2013-11-28 20:06 - 2012-10-08 15:26 - 00000000 ___RD C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-28 20:03 - 2013-11-28 20:03 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2013-11-28 08:05 - 2012-12-02 18:54 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-11-28 08:05 - 2012-10-09 19:48 - 00000000 ____D C:\Users\Beni\AppData\Local\CrashDumps
2013-11-28 08:05 - 2011-02-24 18:03 - 00000000 ____D C:\Windows\Panther
2013-11-28 07:57 - 2013-11-28 07:57 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Desktop\ccsetup407_slim.exe
2013-11-28 07:56 - 2013-11-28 07:56 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Downloads\ccsetup407_slim.exe
2013-11-26 08:27 - 2013-05-09 08:03 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-24 20:15 - 2013-11-24 20:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 19:43 - 2013-11-24 19:43 - 00000000 ____D C:\Users\Beni\Documents\Security
2013-11-24 18:59 - 2013-11-24 18:59 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 18:58 - 2013-11-24 18:58 - 00004915 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-24 18:58 - 2013-06-23 13:36 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-24 17:57 - 2013-11-24 17:57 - 00013105 _____ C:\Users\Beni\Desktop\Avira Free Antivirus - Verknüpfung.lnk
2013-11-24 17:40 - 2013-11-24 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-24 17:39 - 2013-11-24 17:39 - 00000000 ____D C:\Program Files (x86)\NoVirusThanks
2013-11-24 17:37 - 2013-11-23 00:33 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-24 11:43 - 2012-07-17 08:51 - 00000000 ____D C:\Program Files\Google
2013-11-24 11:43 - 2012-07-17 08:50 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-24 11:31 - 2012-10-08 15:30 - 00000000 ____D C:\Users\Beni\AppData\Local\Google
2013-11-24 11:11 - 2013-11-24 11:11 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\Users\Beni\AppData\Roaming\Malwarebytes
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-23 17:35 - 2013-11-23 17:35 - 00001078 _____ C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-11-22 09:04 - 2013-11-22 00:02 - 105626457 _____ C:\Windows\SysWOW64\䕇蚚‘
2013-11-19 11:21 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-14 18:32 - 2013-11-05 10:23 - 00000000 ____D C:\Users\Beni\AppData\Roaming\TeamViewer
2013-11-08 16:50 - 2013-09-25 20:44 - 00000000 ____D C:\Users\Beni\AppData\Roaming\FreeVideoConverter
2013-11-08 16:50 - 2012-10-08 15:21 - 00000000 ____D C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-11-08 16:50 - 2011-10-10 09:19 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-08 16:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-08 16:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-08 13:53 - 2012-10-08 15:27 - 00000000 ____D C:\Users\Beni\AppData\Local\Adobe
2013-11-08 10:05 - 2012-10-08 19:29 - 00000000 ____D C:\Users\Beni\Documents\Aurelie

Some content of TEMP:
====================
C:\Users\Beni\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-01 16:25

==================== End Of Log ============================

--- --- ---

--- --- ---

Zusätzlich ist jetzt noch ein neues problem aufgetreten: jedesmal wenn ich ein neues tap im internetexplorer öffnen will kommt folgende meldung:

schrauber · 09.12.2013, 09:59

Haken setzen bei diese Meldung nicht mehr anzeigen und OK klicken, dann kommt die nicht mehr.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

aurelie · 10.12.2013, 19:33

Super danke, das erste problem scheint gelöst!! Also Avira geht wieder !!

Hier die logfiles:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2013 2
Ran by Beni at 2013-12-09 20:47:24 Run:1
Running from C:\Users\Beni\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
 
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d6f5b7deccbe11499e451ac066a5513b
# engine=16202
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-09 10:45:51
# local_time=2013-12-09 11:45:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 110575 252052441 103354 0
# compatibility_mode=5893 16776574 100 94 36855205 138259001 0 0
# scanned=177982
# found=0
# cleaned=0
# scan_time=10483

Code:

ATTFilter

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2013 2
Ran by Beni (administrator) on BENI-PC on 10-12-2013 07:10:27
Running from C:\Users\Beni\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\Beni\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nike) C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-07-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [6202416 2012-07-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-17] (Lenovo)
HKLM\...\Run: [SBRegRebootCleaner] - C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [200560 2011-12-19] (GFI Software)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_E029F8128A0EDF893F9FC50311C077DC] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-17] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [LockKey] - C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-10-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nike+ Connect] - C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2013-05-03] (Nike)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation)
Startup: C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Beni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: Search Results
CHR DefaultSearchURL: hxxp://www.google.com
CHR DefaultSuggestURL:       "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00C2\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00C2\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u00C2\u2122 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Wallet) - C:\Users\Beni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-09-20] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
S4 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-10] (Lenovo)
S4 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-04] (GFI Software)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S1 SBRE; C:\Windows\SysWow64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 BcmSqlStartupSvc; 
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 Oasis2Service; 
U0 Partizan; system32\drivers\Partizan.sys [x]
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 07:09 - 2013-12-10 07:09 - 00891184 _____ C:\Users\Beni\Desktop\SecurityCheck.exe
2013-12-10 07:04 - 2013-12-10 07:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef56dbea13b61.job
2013-12-09 20:50 - 2013-12-10 07:10 - 00000000 ____D C:\Users\Beni\Desktop\logneu
2013-12-09 20:49 - 2013-12-09 20:49 - 02347384 _____ (ESET) C:\Users\Beni\Desktop\esetsmartinstaller_enu.exe
2013-12-08 19:37 - 2013-12-08 19:37 - 00009942 _____ C:\Users\Beni\Desktop\JRT.txt
2013-12-08 19:32 - 2013-12-08 19:32 - 01034531 _____ (Thisisu) C:\Users\Beni\Desktop\JRT.exe
2013-12-08 19:20 - 2013-12-08 19:46 - 00000000 ____D C:\Users\Beni\Desktop\log
2013-12-08 19:20 - 2013-12-08 19:20 - 01110034 _____ C:\Users\Beni\Desktop\adwcleaner.exe
2013-12-08 18:06 - 2013-12-08 18:06 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-08 18:06 - 2013-12-08 18:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-08 18:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-08 18:05 - 2013-12-08 18:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Beni\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-08 11:50 - 2013-12-10 07:04 - 00006828 _____ C:\FaceProv.log
2013-12-08 11:50 - 2013-12-08 11:50 - 00025439 _____ C:\Users\Beni\Desktop\combofix.txt
2013-12-08 11:44 - 2013-12-08 11:44 - 00025439 _____ C:\ComboFix.txt
2013-12-08 11:35 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-08 11:35 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-08 11:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-08 11:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-08 11:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-08 11:35 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-08 11:35 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-08 11:35 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-08 11:28 - 2013-12-08 11:44 - 00000000 ____D C:\Qoobox
2013-12-08 11:09 - 2013-12-08 11:09 - 05153293 ____R (Swearware) C:\Users\Beni\Desktop\ComboFix.exe
2013-12-08 11:03 - 2013-12-08 11:04 - 00000000 ____D C:\ProgramData\Max Secure
2013-12-08 11:01 - 2013-12-08 11:01 - 00000000 ____D C:\Users\Beni\AppData\Roaming\GetRightToGo
2013-12-07 22:08 - 2013-12-07 22:08 - 00021966 _____ C:\Users\Beni\Desktop\Addition.txt
2013-12-07 22:07 - 2013-12-10 07:10 - 00016763 _____ C:\Users\Beni\Desktop\FRST.txt
2013-12-07 22:07 - 2013-12-07 22:07 - 00000000 ____D C:\FRST
2013-12-07 22:06 - 2013-12-07 22:06 - 01927514 _____ (Farbar) C:\Users\Beni\Desktop\FRST64.exe
2013-12-07 22:04 - 2013-12-07 22:04 - 00000470 _____ C:\Users\Beni\Desktop\defogger_disable.log
2013-12-07 22:04 - 2013-12-07 22:04 - 00000000 _____ C:\Users\Beni\defogger_reenable
2013-12-07 22:02 - 2013-12-07 22:02 - 00050477 _____ C:\Users\Beni\Desktop\Defogger.exe
2013-12-01 18:24 - 2013-12-01 18:24 - 27853504 _____ (SUPERAntiSpyware) C:\Users\Beni\Desktop\SUPERAntiSpyware.exe
2013-12-01 16:58 - 2013-12-08 19:24 - 00008984 _____ C:\Windows\PFRO.log
2013-12-01 16:57 - 2013-12-01 22:07 - 00000203 _____ C:\Users\Beni\Desktop\virus.txt
2013-12-01 14:05 - 2013-12-01 14:05 - 00165376 _____ C:\Users\Beni\Desktop\SystemLook_x64.exe
2013-12-01 13:14 - 2013-12-01 13:14 - 22791896 _____ (Microsoft Corporation) C:\Users\Beni\Desktop\Windows-KB890830-x64-V5_6.exe
2013-12-01 12:51 - 2013-12-01 13:04 - 00000000 ____D C:\Windows\erdnt
2013-11-30 18:19 - 2013-11-30 18:19 - 00000000 _____ C:\autoexec.bat
2013-11-30 18:18 - 2013-11-30 18:18 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-30 18:17 - 2013-12-01 12:57 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-29 19:00 - 2013-12-10 02:12 - 01922588 _____ C:\Windows\WindowsUpdate.log
2013-11-29 18:51 - 2013-12-08 19:24 - 00001288 _____ C:\Windows\setupact.log
2013-11-29 18:51 - 2013-11-29 18:51 - 00000000 _____ C:\Windows\setuperr.log
2013-11-28 20:43 - 2013-12-08 11:19 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2013-11-28 20:42 - 2013-11-28 20:42 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2013-11-28 20:39 - 2013-12-08 11:34 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2013-11-28 20:39 - 2013-11-28 21:42 - 00000000 ____D C:\ProgramData\RegRun
2013-11-28 20:39 - 2013-11-28 21:41 - 00000000 ____D C:\Users\Beni\Documents\RegRun2
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\winstart.bat
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2013-11-28 20:31 - 2013-11-28 20:31 - 14104877 _____ C:\Users\Beni\Desktop\unhackme.zip
2013-11-28 20:26 - 2013-11-28 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-28 20:25 - 2013-11-28 21:47 - 00000000 ____D C:\Users\Beni\Desktop\mbar
2013-11-28 20:25 - 2013-11-28 20:25 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Beni\Desktop\mbar-1.07.0.1007.exe
2013-11-28 20:13 - 2013-11-28 20:13 - 00000000 ____D C:\Windows\pss
2013-11-28 20:06 - 2013-11-28 20:06 - 00000000 ____D C:\Users\Beni\AppData\Local\SugarSync
2013-11-28 20:03 - 2013-11-28 20:03 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2013-11-28 07:57 - 2013-11-28 07:57 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Desktop\ccsetup407_slim.exe
2013-11-28 07:56 - 2013-11-28 07:56 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Downloads\ccsetup407_slim.exe
2013-11-24 20:15 - 2013-11-24 20:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 19:43 - 2013-11-24 19:43 - 00000000 ____D C:\Users\Beni\Documents\Security
2013-11-24 18:59 - 2013-11-24 18:59 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 18:59 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-24 18:58 - 2013-11-24 18:58 - 00004915 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-24 18:58 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-24 18:58 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-24 18:58 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-24 17:57 - 2013-11-24 17:57 - 00013105 _____ C:\Users\Beni\Desktop\Avira Free Antivirus - Verknüpfung.lnk
2013-11-24 17:40 - 2013-11-24 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-24 17:39 - 2013-11-24 17:39 - 00000000 ____D C:\Program Files (x86)\NoVirusThanks
2013-11-24 11:11 - 2013-11-24 11:11 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\Users\Beni\AppData\Roaming\Malwarebytes
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-23 17:35 - 2013-11-23 17:35 - 00001078 _____ C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-11-23 00:33 - 2013-11-24 17:37 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-22 23:34 - 2013-12-08 19:23 - 00000000 ____D C:\AdwCleaner
2013-11-22 00:02 - 2013-11-22 09:04 - 105626457 _____ C:\Windows\SysWOW64\䕇蚚‘

==================== One Month Modified Files and Folders =======

2013-12-10 07:10 - 2013-12-09 20:50 - 00000000 ____D C:\Users\Beni\Desktop\logneu
2013-12-10 07:10 - 2013-12-07 22:07 - 00016763 _____ C:\Users\Beni\Desktop\FRST.txt
2013-12-10 07:10 - 2013-11-29 19:00 - 01922588 _____ C:\Windows\WindowsUpdate.log
2013-12-10 07:09 - 2013-12-10 07:09 - 00891184 _____ C:\Users\Beni\Desktop\SecurityCheck.exe
2013-12-10 07:04 - 2013-12-10 07:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef56dbea13b61.job
2013-12-10 07:04 - 2013-12-08 11:50 - 00006828 _____ C:\FaceProv.log
2013-12-10 07:04 - 2012-10-09 06:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-10 07:04 - 2012-07-17 08:50 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 07:04 - 2012-07-17 08:50 - 00000000 ____D C:\ProgramData\VeriFace
2013-12-09 21:00 - 2012-10-08 19:54 - 00000000 ____D C:\Users\Beni\AppData\Roaming\Dropbox
2013-12-09 20:49 - 2013-12-09 20:49 - 02347384 _____ (ESET) C:\Users\Beni\Desktop\esetsmartinstaller_enu.exe
2013-12-09 20:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-08 19:46 - 2013-12-08 19:20 - 00000000 ____D C:\Users\Beni\Desktop\log
2013-12-08 19:37 - 2013-12-08 19:37 - 00009942 _____ C:\Users\Beni\Desktop\JRT.txt
2013-12-08 19:34 - 2009-07-14 05:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 19:34 - 2009-07-14 05:45 - 00031840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 19:32 - 2013-12-08 19:32 - 01034531 _____ (Thisisu) C:\Users\Beni\Desktop\JRT.exe
2013-12-08 19:27 - 2012-10-08 19:58 - 00000000 ___RD C:\Users\Beni\Dropbox
2013-12-08 19:26 - 2012-07-17 08:52 - 00294550 _____ C:\Windows\system32\fastboot.set
2013-12-08 19:24 - 2013-12-01 16:58 - 00008984 _____ C:\Windows\PFRO.log
2013-12-08 19:24 - 2013-11-29 18:51 - 00001288 _____ C:\Windows\setupact.log
2013-12-08 19:24 - 2012-07-17 08:46 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2013-12-08 19:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 19:23 - 2013-11-22 23:34 - 00000000 ____D C:\AdwCleaner
2013-12-08 19:20 - 2013-12-08 19:20 - 01110034 _____ C:\Users\Beni\Desktop\adwcleaner.exe
2013-12-08 18:06 - 2013-12-08 18:06 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-08 18:06 - 2013-12-08 18:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-08 18:05 - 2013-12-08 18:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Beni\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-08 11:50 - 2013-12-08 11:50 - 00025439 _____ C:\Users\Beni\Desktop\combofix.txt
2013-12-08 11:44 - 2013-12-08 11:44 - 00025439 _____ C:\ComboFix.txt
2013-12-08 11:44 - 2013-12-08 11:28 - 00000000 ____D C:\Qoobox
2013-12-08 11:42 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-08 11:34 - 2013-11-28 20:39 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2013-12-08 11:19 - 2013-11-28 20:43 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2013-12-08 11:13 - 2012-10-08 15:26 - 00112496 _____ C:\Users\Beni\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-08 11:12 - 2009-07-14 05:45 - 00431288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-08 11:09 - 2013-12-08 11:09 - 05153293 ____R (Swearware) C:\Users\Beni\Desktop\ComboFix.exe
2013-12-08 11:04 - 2013-12-08 11:03 - 00000000 ____D C:\ProgramData\Max Secure
2013-12-08 11:01 - 2013-12-08 11:01 - 00000000 ____D C:\Users\Beni\AppData\Roaming\GetRightToGo
2013-12-07 22:08 - 2013-12-07 22:08 - 00021966 _____ C:\Users\Beni\Desktop\Addition.txt
2013-12-07 22:07 - 2013-12-07 22:07 - 00000000 ____D C:\FRST
2013-12-07 22:06 - 2013-12-07 22:06 - 01927514 _____ (Farbar) C:\Users\Beni\Desktop\FRST64.exe
2013-12-07 22:04 - 2013-12-07 22:04 - 00000470 _____ C:\Users\Beni\Desktop\defogger_disable.log
2013-12-07 22:04 - 2013-12-07 22:04 - 00000000 _____ C:\Users\Beni\defogger_reenable
2013-12-07 22:04 - 2012-10-08 15:21 - 00000000 ____D C:\Users\Beni
2013-12-07 22:02 - 2013-12-07 22:02 - 00050477 _____ C:\Users\Beni\Desktop\Defogger.exe
2013-12-07 21:26 - 2013-04-01 19:01 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-07 19:15 - 2012-10-24 20:03 - 00000000 ____D C:\Users\Beni\AppData\Roaming\SoftGrid Client
2013-12-07 18:54 - 2013-09-09 15:43 - 00000000 ____D C:\Users\Beni\Documents\Nuzed
2013-12-04 08:41 - 2012-11-06 08:35 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-12-01 22:07 - 2013-12-01 16:57 - 00000203 _____ C:\Users\Beni\Desktop\virus.txt
2013-12-01 18:24 - 2013-12-01 18:24 - 27853504 _____ (SUPERAntiSpyware) C:\Users\Beni\Desktop\SUPERAntiSpyware.exe
2013-12-01 14:05 - 2013-12-01 14:05 - 00165376 _____ C:\Users\Beni\Desktop\SystemLook_x64.exe
2013-12-01 13:14 - 2013-12-01 13:14 - 22791896 _____ (Microsoft Corporation) C:\Users\Beni\Desktop\Windows-KB890830-x64-V5_6.exe
2013-12-01 13:06 - 2009-07-14 04:20 - 00000000 ___HD C:\Users\Default
2013-12-01 13:04 - 2013-12-01 12:51 - 00000000 ____D C:\Windows\erdnt
2013-12-01 12:57 - 2013-11-30 18:17 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-30 18:19 - 2013-11-30 18:19 - 00000000 _____ C:\autoexec.bat
2013-11-30 18:18 - 2013-11-30 18:18 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-30 17:16 - 2012-07-17 08:24 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-11-30 17:16 - 2012-07-17 08:24 - 00000000 ____D C:\Windows\system32\NV
2013-11-30 17:16 - 2012-07-17 08:23 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-30 11:44 - 2012-07-17 08:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-30 11:44 - 2012-07-17 08:08 - 00000000 ____D C:\Program Files (x86)\Intel
2013-11-29 18:51 - 2013-11-29 18:51 - 00000000 _____ C:\Windows\setuperr.log
2013-11-28 21:47 - 2013-11-28 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-28 21:47 - 2013-11-28 20:25 - 00000000 ____D C:\Users\Beni\Desktop\mbar
2013-11-28 21:42 - 2013-11-28 20:39 - 00000000 ____D C:\ProgramData\RegRun
2013-11-28 21:41 - 2013-11-28 20:39 - 00000000 ____D C:\Users\Beni\Documents\RegRun2
2013-11-28 20:42 - 2013-11-28 20:42 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\winstart.bat
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2013-11-28 20:39 - 2013-11-28 20:39 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2013-11-28 20:31 - 2013-11-28 20:31 - 14104877 _____ C:\Users\Beni\Desktop\unhackme.zip
2013-11-28 20:25 - 2013-11-28 20:25 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Beni\Desktop\mbar-1.07.0.1007.exe
2013-11-28 20:13 - 2013-11-28 20:13 - 00000000 ____D C:\Windows\pss
2013-11-28 20:06 - 2013-11-28 20:06 - 00000000 ____D C:\Users\Beni\AppData\Local\SugarSync
2013-11-28 20:06 - 2012-10-08 15:26 - 00000000 ___RD C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-28 20:03 - 2013-11-28 20:03 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2013-11-28 08:05 - 2012-12-02 18:54 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-11-28 08:05 - 2012-10-09 19:48 - 00000000 ____D C:\Users\Beni\AppData\Local\CrashDumps
2013-11-28 08:05 - 2011-02-24 18:03 - 00000000 ____D C:\Windows\Panther
2013-11-28 07:57 - 2013-11-28 07:57 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Desktop\ccsetup407_slim.exe
2013-11-28 07:56 - 2013-11-28 07:56 - 03302432 _____ (Piriform Ltd) C:\Users\Beni\Downloads\ccsetup407_slim.exe
2013-11-26 08:27 - 2013-05-09 08:03 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-24 20:15 - 2013-11-24 20:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 19:43 - 2013-11-24 19:43 - 00000000 ____D C:\Users\Beni\Documents\Security
2013-11-24 18:59 - 2013-11-24 18:59 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 18:58 - 2013-11-24 18:58 - 00004915 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-24 18:58 - 2013-06-23 13:36 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-24 17:57 - 2013-11-24 17:57 - 00013105 _____ C:\Users\Beni\Desktop\Avira Free Antivirus - Verknüpfung.lnk
2013-11-24 17:40 - 2013-11-24 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-24 17:39 - 2013-11-24 17:39 - 00000000 ____D C:\Program Files (x86)\NoVirusThanks
2013-11-24 17:37 - 2013-11-23 00:33 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-24 11:43 - 2012-07-17 08:51 - 00000000 ____D C:\Program Files\Google
2013-11-24 11:43 - 2012-07-17 08:50 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-24 11:31 - 2012-10-08 15:30 - 00000000 ____D C:\Users\Beni\AppData\Local\Google
2013-11-24 11:11 - 2013-11-24 11:11 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\Users\Beni\AppData\Roaming\Malwarebytes
2013-11-24 00:00 - 2013-11-24 00:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-23 17:35 - 2013-11-23 17:35 - 00001078 _____ C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-11-22 09:04 - 2013-11-22 00:02 - 105626457 _____ C:\Windows\SysWOW64\䕇蚚‘
2013-11-19 11:21 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-14 18:32 - 2013-11-05 10:23 - 00000000 ____D C:\Users\Beni\AppData\Roaming\TeamViewer

Some content of TEMP:
====================
C:\Users\Beni\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 00:18

==================== End Of Log ============================

--- --- ---

--- --- ---

Allerdings findet Adaware immer noch viren, diese kann er aber nicht löschen. Bei jedem start kommen die immer wieder!!

schrauber · 11.12.2013, 11:57

Du siehst aber schon wo der die findet oder?

aurelie · 12.12.2013, 22:08

ups, ich meinte das hier:

schrauber · 13.12.2013, 20:05

Ja, aber da ist keine Pfadangabe dabei. Ich muss schon wissen wo der die findet

11.12.2013, 11:57	#8
schrauber /// the machine /// TB-Ausbilder	avira: dieses programm wurde durch eine gruppenrichtlinie blockiert Du siehst aber schon wo der die findet oder? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

13.12.2013, 20:05	#10
schrauber /// the machine /// TB-Ausbilder	avira: dieses programm wurde durch eine gruppenrichtlinie blockiert Ja, aber da ist keine Pfadangabe dabei. Ich muss schon wissen wo der die findet __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

avira: dieses programm wurde durch eine gruppenrichtlinie blockiert

Log-Analyse und Auswertung: avira: dieses programm wurde durch eine gruppenrichtlinie blockiert