Nation Zoom nicht entfernbar :-(

Krissy · 12.12.2013, 22:47

Hallo zusammen,

ich habe seit gestern ein Problem und zwar lässt sich wie bei vielen anderen meine nation zoom toolbar nicht entfernen. ich habs schon aus dem Programmen in Systemsteuerung rausgelöscht aber es geht dennoch nicht weg auch wenn ich die Startseite ändere.
Ich bin leider überhaupt nicht bekannt mit iwelchen log files usw...

ich habe jetzt mal den Maleware quick scan durchlaufen lassen und hab den nation zoom von 86 "infizierten" dateien als einziges gelöscht. hierzu der log: (glaub ich zumindest mal?!)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
media :: MEDIA-VAIO [Administrator]

12.12.2013 22:25:37
mbam-log-2013-12-12 (22-25-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223602
Laufzeit: 13 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\nationzoomSoftware (PUP.Optional.NationZoom.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\Microsoft\Command Processor|AutoRun (Hijack.Autorun) -> Daten: "C:\Users\media\AppData\Local\Temp\ewoxwauqfgkdiexpa.exe" -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 7
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.NationZoom.A) -> Bösartig: (C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX) Gut: (iexplore.exe) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/web/?type=ds&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX&q={searchTerms}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Keine Aktion durchgeführt.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.NationZoom.A) -> Bösartig: (hxxp://www.nationzoom.com/?type=hp&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\Software\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.NationZoom) -> Bösartig: (hxxp://www.nationzoom.com/web/?type=ds&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX&q={searchTerms}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 10
C:\Users\media\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Roaming\OpenCandy\81822AAA62ED4E3DBA550C064E1BD3AD (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Roaming\OpenCandy\BE2DDA81F65346868106A49CC510C4B9 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\exe (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\PlusHD shopping (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\Qone8 (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\Re-Markit (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 64
C:\Users\media\AppData\Local\Temp\DM\installer.exe (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\parent.txt (PUP.Optional.BundleInstaller) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\software\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\software\tugs_nationzoom.exe (PUP.Optional.SkyTech.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\fullpackage_temp1386709521\Baofeng.exe (PUP.Optional.NationZoom.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\fullpackage_temp1386709521\tmp\NewGdp.exe (PUP.Optional.WpManager.A) -> Keine Aktion durchgeführt.
C:\Users\media\Downloads\SoftonicDownloader_fuer_utorrent (1).exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\media\Downloads\SoftonicDownloader_fuer_utorrent.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Roaming\OpenCandy\81822AAA62ED4E3DBA550C064E1BD3AD\TuneUpUtilities2013_2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Roaming\OpenCandy\BE2DDA81F65346868106A49CC510C4B9\TuneUpUtilities2012_de-DE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\base.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\hdplus.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\jquery.min.js (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\nationzoom.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\position1A.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\position2A.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\position2B.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\position2C.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\position3A.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\position3B.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\position3C.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\position3D.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\position4A.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\remarkit.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\style.css (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\bg_app.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\boton.jpg (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\boton_xl.jpg (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\bullet-short.gif (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\bullet.gif (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\butpause.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\butplay.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\check-close.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\check.jpg (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\check.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\cross.jpg (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\hide.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\less.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\logo-win.jpg (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\more.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\percentage-bg.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\progress.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\progress_small.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\progress_small_bg.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\screen-geaudioconverter.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\screen-gevideoconverter.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\screen-ifish.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\screen-miul.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\screen-olivebrowser.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\screen-printpdf.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\screen-vafmusic.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\screen-vafplayer.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\screen-zipper.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\css\images\show.png (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\exe\box.html (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\exe\close.html (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\exe\finish.html (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\exe\group.html (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\exe\instalando.html (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\exe\options.html (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\exe\welcome.html (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\PlusHD shopping\info.html (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\Qone8\info.html (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\media\AppData\Local\Temp\DM\bin\Re-Markit\info.html (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.

(Ende)

Ich hoffe ihr könnt mir helfen und vergesst bitte nicht, ich bin neuling ....

Liebe Grüße,

Kristina

schrauber · 13.12.2013, 08:21

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Krissy · 14.12.2013, 13:13

Hallo Schrauber,

danke für deine Antwort!

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by media (administrator) on MEDIA-VAIO on 14-12-2013 13:06:10
Running from C:\Users\media\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-17] (Google Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [cgminer] - C:\Users\media\AppData\Local\Temp\Zonyan.exe <===== ATTENTION
HKCU\...\Run: [Herinesi] - C:\Users\media\AppData\Local\Temp\~tmp1463271939624892765.tmp <===== ATTENTION
HKCU\...\Command Processor: "C:\Users\media\AppData\Local\Temp\ewoxwauqfgkdiexpa.exe" <======= ATTENTION
MountPoints2: {c195e1c2-f50f-11df-9719-54424973e4de} - E:\Set-up.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1424088 2012-12-21] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
AppInit_DLLs:   [ ] ()
Startup: C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700.lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX&q={searchTerms}
URLSearchHook: HKCU - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
SearchScopes: HKCU - {1AEDBB16-ED4D-4043-A695-3E1A8DA87EB1} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1E76DAF0-4718-49E9-8C5A-9EE7F8823202} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386709531&from=tugs&uid=HitachiXHTS725050A9A360_100523PCJ400VLHY61TJX&q={searchTerms}
SearchScopes: HKCU - {3B2C063E-3915-40B4-AC35-679EE8625871} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {8741C1B3-C98F-433D-8937-39B70AE3D75B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKCU - {C02E7313-4999-4C99-9D96-161D9781370D} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {F38F01D0-1DBA-46A8-8AD8-5DBB5915998A} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {F89596D6-9C4E-4381-B9FD-2DF58DEFF57B} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR HomePage: hxxp://start.facemoods.com/?a=ddrnw
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL: hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-02] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-12-02] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mi-raysat_3dsmax2011_64; C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [86016 2010-04-01] ()
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-12-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-02] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-21] ()
U3 aq1r5ku5; C:\Windows\System32\Drivers\aq1r5ku5.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 13:06 - 2013-12-14 13:06 - 00015898 _____ C:\Users\media\Desktop\FRST.txt
2013-12-14 13:05 - 2013-12-14 13:05 - 00000000 ____D C:\FRST
2013-12-14 13:04 - 2013-12-14 13:05 - 01927462 _____ (Farbar) C:\Users\media\Desktop\FRST64.exe
2013-12-10 22:06 - 2013-12-12 21:44 - 00000000 ____D C:\ProgramData\WPM
2013-12-10 22:06 - 2013-12-11 11:33 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-10 22:05 - 2013-12-12 21:44 - 00000000 ____D C:\Program Files (x86)\Re-markit
2013-12-07 15:04 - 2013-12-07 15:45 - 125829120 _____ C:\Users\media\Desktop\KonSounds.part1.rar

==================== One Month Modified Files and Folders =======

2013-12-14 13:06 - 2013-12-14 13:06 - 00015898 _____ C:\Users\media\Desktop\FRST.txt
2013-12-14 13:05 - 2013-12-14 13:05 - 00000000 ____D C:\FRST
2013-12-14 13:05 - 2013-12-14 13:04 - 01927462 _____ (Farbar) C:\Users\media\Desktop\FRST64.exe
2013-12-14 13:05 - 2012-12-17 20:55 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-14 13:02 - 2010-10-22 10:26 - 01757437 _____ C:\Windows\WindowsUpdate.log
2013-12-14 12:54 - 2010-10-23 13:36 - 00000000 ____D C:\Users\media\AppData\Local\Google
2013-12-14 12:52 - 2012-04-12 13:56 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-14 12:52 - 2012-04-12 13:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-13 18:55 - 2012-12-17 20:55 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 22:03 - 2012-03-05 17:18 - 00000000 ____D C:\Users\media\AppData\Local\Conduit
2013-12-12 22:00 - 2011-06-02 11:50 - 00000000 ____D C:\Users\media\AppData\Roaming\Gutscheinmieze
2013-12-12 21:44 - 2013-12-10 22:06 - 00000000 ____D C:\ProgramData\WPM
2013-12-12 21:44 - 2013-12-10 22:05 - 00000000 ____D C:\Program Files (x86)\Re-markit
2013-12-12 21:14 - 2010-08-19 18:27 - 00686168 _____ C:\Windows\system32\perfh007.dat
2013-12-12 21:14 - 2010-08-19 18:27 - 00144796 _____ C:\Windows\system32\perfc007.dat
2013-12-12 21:14 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 19:00 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 19:00 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 18:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 18:51 - 2009-07-14 05:51 - 00097386 _____ C:\Windows\setupact.log
2013-12-11 20:50 - 2010-07-29 19:04 - 00146222 _____ C:\Windows\PFRO.log
2013-12-11 11:33 - 2013-12-10 22:06 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-11 11:33 - 2010-10-22 10:29 - 00000000 ___RD C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-10 22:05 - 2012-06-19 22:10 - 00001743 _____ C:\Users\media\Desktop\Explorer.lnk
2013-12-07 15:45 - 2013-12-07 15:04 - 125829120 _____ C:\Users\media\Desktop\KonSounds.part1.rar
2013-12-06 15:00 - 2012-12-17 20:55 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 15:00 - 2012-12-17 20:55 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 12:43 - 2013-07-29 12:21 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-04 18:44 - 2013-04-29 15:12 - 00000000 ____D C:\Users\media\Desktop\Bewerbung
2013-12-02 14:52 - 2013-07-29 20:52 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-02 14:52 - 2013-07-29 12:21 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-02 14:52 - 2013-07-29 12:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-15 11:20 - 2013-05-06 12:46 - 00000000 ____D C:\Users\media\Desktop\Dolmetschen

Files to move or delete:
====================
C:\Users\media\AppData\Roaming\skype.ini


Some content of TEMP:
====================
C:\Users\media\AppData\Local\Temp\avgnt.exe
C:\Users\media\AppData\Local\Temp\BackupSetup.exe
C:\Users\media\AppData\Local\Temp\gmx_mediacenter_setup_bundled.exe
C:\Users\media\AppData\Local\Temp\GMX_Softwareaktualisierung_Setup.exe
C:\Users\media\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe
C:\Users\media\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\media\AppData\Local\Temp\MSN7025.exe
C:\Users\media\AppData\Local\Temp\tbNCH_.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 11:57

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2013 01
Ran by media at 2013-12-14 13:07:22
Running from C:\Users\media\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
µTorrent (x32 Version: 3.2.1.28025)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (x32 Version: 2.6.0.19140)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Content Viewer (x32 Version: 1.4.0)
Adobe Download Assistant (x32 Version: 1.0.0)
Adobe Dreamweaver CS5 (x32 Version: 11.0)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228)
Adobe Flash Player 11 Plugin (x32 Version: 11.0.1.152)
Adobe InDesign CS5.5 (x32 Version: 7.5)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop CS5.1 (x32 Version: 12.1)
Adobe Premiere Elements 8.0 (x32 Version: 8.0)
Adobe Reader 9.5.1 - Deutsch (x32 Version: 9.5.1)
AdobeColorCommonSetRGB (x32 Version: 2.0)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Alps Pointing-device for VAIO
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.115)
ArcSoft WebCam Companion 3 (x32 Version: 3.0.21.390)
Autodesk 123D Catch (x32 Version: 1.0.248)
Autodesk 3ds Max 2011 64-Bit (Version: 13.0)
Autodesk 3ds Max 2011 64-Bit Komponenten (Version: 13.0)
Autodesk 3ds Max 2012 64-bit - German (Version: 14.0)
Autodesk Backburner 2012.0.0 (x32 Version: 2012.0.0)
Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
Autodesk Material Library 2011 (x32 Version: 2.0.0.49)
Autodesk Material Library 2011 Base Image library (x32 Version: 2.0.0.49)
Autodesk Material Library 2011 Medium Image library (x32 Version: 2.0.0.49)
Autodesk Material Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Medium Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Avira Free Antivirus (x32 Version: 14.0.1.759)
B110 (x32 Version: 140.0.142.000)
Bonjour (Version: 3.0.0.10)
BufferChm (x32 Version: 140.0.212.000)
C5300 (x32 Version: 130.0.365.000)
Caesar 3 (x32)
Composite 2011 (64-bit) (Version: 6.0.0)
Composite 2012 64-bit (Version: 7.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Toolbar (x32 Version: 1.1.2.0185)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
DWGeditor (x32 Version: 18.00.5035)
Evernote (x32 Version: 3.5.4.2224)
Express Burn Disc Burning Software (x32)
Free YouTube to MP3 Converter version 3.12.1.320 (x32 Version: 3.12.1.320)
GMX MailCheck für Internet Explorer (x32 Version: 1.9.0.2)
GMX Softwareaktualisierung (x32 Version: 3.0.0.55)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320)
Google Update Helper (x32 Version: 1.3.22.3)
GPBaseService2 (x32 Version: 140.0.211.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6700 - Grundlegende Software für das Gerät (Version: 25.0.619.0)
HP Officejet 6700 Hilfe (x32 Version: 140.0.2.2)
HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.003.000.004)
HPAppStudio (x32 Version: 140.0.95.000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) PROSet/Wireless WiFi-Software (Version: 13.02.1000)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.01.01.1007)
iTunes (Version: 11.1.1.11)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 20 (64-bit) (Version: 6.0.200)
JDownloader 0.9 (x32 Version: 0.9)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Langenscheidt Vokabeltrainer 5.0 Spanisch (x32 Version: 5.0.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
Media Gallery (Version: 1.3.0)
Media Gallery (x32 Version: 1.3.0.06230)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Picture It! Foto Premium 9 (x32 Version: 9.0.0.0000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft VC80 Support DLLs (x32 Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32)
Microsoft Works (x32 Version: 07.03.0512)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Network64 (Version: 140.0.212.000)
Network64 (Version: 140.0.221.000)
NVIDIA Grafiktreiber 266.72 (Version: 266.72)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Systemsteuerung 266.72 (Version: 266.72)
Opera 11.64 (x32 Version: 11.64.1403)
PDF Settings CS5 (x32 Version: 10.0)
PDF24 Creator 4.2.0 (x32)
PDFCreator (x32 Version: 1.1.0)
PhotoView 360 (x32 Version: 18.00.5035)
PMB (x32 Version: 5.3.00.06040)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00)
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00)
Portrait Professional 9.7 Test (x32 Version: 9.7)
PS_AIO_04_C5300_Software_Min (x32 Version: 130.0.365.000)
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000)
PVSonyDll (Version: 1.00.0001)
PxMergeModule (x32 Version: 1.00.0000)
QuickTime (x32 Version: 7.73.80.64)
QuickTransfer (x32 Version: 140.0.98.000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6098)
Remote Play mit PlayStation®3 (x32 Version: 1.0.2.06210)
Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210)
Remote-Tastatur mit PlayStation 3 (x32 Version: 1.0.2.06170)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.1)
Rhinoceros 4.0 (x32 Version: 4.0.20118)
Rosetta Stone Version 3 (x32 Version: 3.4.5.0)
Scan (x32 Version: 140.0.77.000)
Setup-Start von Microsoft Works 2004 (x32)
Shop for HP Supplies (Version: 14.0)
Sierra-Dienstprogramme (x32)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolidWorks 2010 x64 Edition SP0 (Version: 18.100.5035)
SolidWorks 2010 x64 Edition SP0 (x32 Version: 18.0.0.5035)
SolidWorks eDrawings 2010 (x32 Version: 10.0.727)
SolidWorks Explorer 2010 SP0 x64 Edition (Version: 18.00.5035)
SolutionCenter (x32 Version: 140.0.211.000)
Status (x32 Version: 140.0.212.000)
Studie zur Verbesserung von HP Officejet 6700 Produkten (Version: 25.0.619.0)
Toolbox (x32 Version: 140.0.424.000)
TrayApp (x32 Version: 140.0.212.000)
Uninstall 1.0.0.1 (x32)
UnloadSupport (x32 Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VAIO - Media Gallery (x32 Version: 1.3.0.06230)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.5.00.03020)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180)
VAIO Care (x32 Version: 6.4.2.11150)
VAIO Control Center (x32 Version: 4.3.0.05310)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240)
VAIO DVD Menu Data (x32 Version: 2.2.00.05120)
VAIO Gate (x32 Version: 2.2.0.06080)
VAIO Gate Default (x32 Version: 2.2.0.07020)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230)
VAIO Media plus (Version: 2.1.0)
VAIO Media plus (x32 Version: 2.1.0.18210)
VAIO Media plus Opening Movie (x32 Version: 2.1.0.13220)
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040)
VAIO Sample Contents (x32 Version: 1.3.0.06041)
VAIO screensaver (x32 Version: 1.0.0.0)
VAIO Smart Network (x32 Version: 3.3.1.08110)
VAIO Update (x32 Version: 6.1.1.10250)
VAIO-Handbuch (x32 Version: 1.1.0.05280)
VAIO-Support für Übertragungen (x32 Version: 1.2.0.06230)
VU5x64 (Version: 1.1.0)
VU5x86 (x32 Version: 1.0.0)
VU5x86 (x32 Version: 1.1.0)
WebReg (x32 Version: 140.0.212.017)
WIDCOMM Bluetooth Software (Version: 6.3.0.5600)
Win7codecs (x32 Version: 2.6.7)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2011-06-19 15:48 - 00002586 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 practivate.adobe.de
127.0.0.1 ereg.adobe.de
127.0.0.1 activate.wip3.adobe.de

There are 11 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1AA0D98D-F189-4375-87EE-9E3D91367D43} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: {25979411-43EA-4A30-9B5E-B739EB527D22} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {29D1D46F-2DDA-42BF-8C98-D042B3441C02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {2FC61F4F-2F70-4657-9938-228BE77C8CEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {456AA771-4B1D-42C3-BF79-414784518A74} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {4C9668F8-BB5E-42BD-9498-F425E0A6E6AA} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {52149220-53F4-4253-B335-BD768A3E16FC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7009CF0A-8AB0-4D76-BC00-9BE055465177} - System32\Tasks\AdobeAAMUpdater-1.0-media-VAIO-media => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {72CE9157-5779-4712-A432-7F482749A119} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {830626A1-9C1E-47C5-AEE8-CD40AFD28FB8} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {88C9930A-46CD-4CB4-AAA6-02DA3F162929} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {8E95BF33-8F1A-4277-BDA8-7DECD957F62B} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {9C5601C6-3AAE-4A8B-A1DA-1F00FB25B0ED} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-06-08] (Sony Corporation)
Task: {A04236B6-79C7-4380-8359-EDFCB3BA4F2B} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {AE5DF77D-CC02-4AF0-BE1C-55E14BB4D807} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12] (Adobe Systems Incorporated)
Task: {C2412493-8FB8-4B13-8700-2C476F834022} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
Task: {D85E44F7-B74E-4451-BCF2-B7DD8E2E64AF} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {E4740671-0436-42BC-AC10-5DC4D3A59D75} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
Task: {F2D367EA-D75D-4BE0-BAD8-EDDA1026AB15} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-06-08] (Sony Corporation)
Task: {FB474520-48FC-4ECB-930F-36324C390CB3} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:20C3AB27

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2013 06:55:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15506

Error: (12/13/2013 06:55:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15506

Error: (12/13/2013 06:55:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/13/2013 05:45:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15444

Error: (12/13/2013 05:45:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15444

Error: (12/13/2013 05:45:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/12/2013 09:27:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16470, Zeitstempel: 0x510c8801
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b83c8a
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x1354
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (12/12/2013 09:10:27 PM) (Source: Application Hang) (User: )
Description: Programm avscan.exe, Version 14.0.1.645 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1278

Startzeit: 01cef775f47164ad

Endzeit: 35115

Anwendungspfad: C:\program files (x86)\avira\antivir desktop\avscan.exe

Berichts-ID: 59823e3a-6369-11e3-ae89-c44619b343c3

Error: (12/12/2013 09:04:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1645280

Error: (12/12/2013 09:04:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1645280


System errors:
=============
Error: (12/12/2013 08:24:39 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy4" den Befehl "chkdsk" aus.

Error: (12/12/2013 08:24:39 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy4" den Befehl "chkdsk" aus.

Error: (12/12/2013 08:24:39 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy4" den Befehl "chkdsk" aus.

Error: (12/12/2013 08:24:39 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy4" den Befehl "chkdsk" aus.

Error: (12/12/2013 08:24:25 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy5" den Befehl "chkdsk" aus.

Error: (12/12/2013 08:24:25 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy5" den Befehl "chkdsk" aus.

Error: (12/12/2013 08:24:25 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy5" den Befehl "chkdsk" aus.

Error: (12/12/2013 08:24:25 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy5" den Befehl "chkdsk" aus.

Error: (12/12/2013 08:24:11 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus.

Error: (12/12/2013 08:24:11 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 6124.93 MB
Available physical RAM: 3409.2 MB
Total Pagefile: 12248.05 MB
Available Pagefile: 8635.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:452.87 GB) (Free:271.51 GB) NTFS
Drive d: (23 Sep 2013) (CDROM) (Total:0.69 GB) (Free:0.3 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 38BE5EAC)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 15.12.2013, 07:12

Malwarebytes updaten, Quick Scan, Funde auch löschen lassen.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.

Starte die sc-cleaner.exe mit einem Doppelclick.
Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
Eine Logdatei wird sich öffnen (sc-cleaner.txt).
Poste den Inhalt mit deiner nächsten Antwort.

und ein frisches FRST log bitte.

Krissy · 15.12.2013, 19:55

Okay, Malwarebytes hab ich alle Funde löschen lassen,... waren schon recht viele.

hier die jeweiligen logdateien :-)

Code:

ATTFilter

# AdwCleaner v3.015 - Bericht erstellt am 15/12/2013 um 19:27:16
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : media - MEDIA-VAIO
# Gestartet von : C:\Users\media\Desktop\adwcleaner.exe
# Option : Loschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Geloscht : C:\ProgramData\boost_interprocess
Ordner Geloscht : C:\ProgramData\NCH Software
Ordner Geloscht : C:\ProgramData\Partner
Ordner Geloscht : C:\Program Files (x86)\Conduit
Ordner Geloscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Geloscht : C:\Program Files (x86)\MyPC Backup
Ordner Geloscht : C:\Program Files (x86)\NCH Software
Ordner Geloscht : C:\Program Files (x86)\Re-markit
Ordner Geloscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Geloscht : C:\Users\media\AppData\Local\Conduit
Ordner Geloscht : C:\Users\media\AppData\Local\Temp\OCS
Ordner Geloscht : C:\Users\media\AppData\LocalLow\Conduit
Ordner Geloscht : C:\Users\media\AppData\Roaming\dvdvideosoftiehelpers
Ordner Geloscht : C:\Users\media\AppData\Roaming\NCH Software
Datei Geloscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Geloscht : C:\Windows\System32\Tasks\NCH Software

***** [ Verknupfungen ] *****

Verknupfung Desinfiziert : C:\Users\media\Desktop\Explorer.lnk
Verknupfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

***** [ Registrierungsdatenbank ] *****

Schlussel Geloscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlussel Geloscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlussel Geloscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlussel Geloscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_utorrent_RASAPI32
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_utorrent_RASMANCS
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlussel Geloscht : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlussel Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlussel Geloscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlussel Geloscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Geloscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Geloscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Geloscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Geloscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlussel Geloscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlussel Geloscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlussel Geloscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlussel Geloscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Wert Geloscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Geloscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlussel Geloscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlussel Geloscht : HKCU\Software\Conduit
Schlussel Geloscht : HKCU\Software\dt soft\daemon tools toolbar
Schlussel Geloscht : HKCU\Software\NCH Software
Schlussel Geloscht : HKCU\Software\OCS
Schlussel Geloscht : HKCU\Software\Softonic
Schlussel Geloscht : HKCU\Software\YahooPartnerToolbar
Schlussel Geloscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlussel Geloscht : HKCU\Software\AppDataLow\Software\Conduit
Schlussel Geloscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlussel Geloscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlussel Geloscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlussel Geloscht : HKLM\Software\Conduit
Schlussel Geloscht : HKLM\Software\dt soft\daemon tools toolbar
Schlussel Geloscht : HKLM\Software\NCH Software
Schlussel Geloscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Daten Geloscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local;127.0.0.1:9421;

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16470

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v

[ Datei : C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Geloscht : homepage
Geloscht : search_url

*************************

AdwCleaner[R0].txt - [11148 octets] - [15/12/2013 19:07:00]
AdwCleaner[R1].txt - [9403 octets] - [15/12/2013 19:24:37]
AdwCleaner[S0].txt - [8147 octets] - [15/12/2013 19:27:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8207 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by media on 15.12.2013 at 19:37:45,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{04AA20D8-F887-495E-9FD9-26CE078B7A86}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{06C97E68-B4AB-400C-B7D0-2CB2D4CA57DF}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{080FA570-371A-4B83-A811-FAB73FD3FD3E}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{0C72C7A6-D0BD-4F03-B666-8EC0E7868C9A}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{0D024592-A449-4E9D-9F93-FFA286A48E5A}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{0F4FF557-F740-4567-9FBA-3EB4C8656C06}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{0F537C46-0920-4BA8-924B-B205F564D7E2}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{1134FB1A-1849-4424-A37B-587A2B66F950}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{11B09326-7E96-4B23-8B32-FBFE9FDDBDE9}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{11B3BB20-FD64-4ABC-B68A-083B9775306B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{11BF2BAE-D777-4858-B40C-66677078B34A}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{12872522-ABD4-4AD5-8410-4C4AA0EF5EA1}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{136BAC23-13B9-482A-A70A-324BC547A604}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{137D577F-F735-437C-A13E-B28C4112237B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{141C5A0E-6C4D-41E2-AE36-3E58A3A11085}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{144CAC89-8356-4C0A-9D59-7D89F1DEF4D6}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{1569E868-A183-435B-94CA-40A351203F59}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{16D08DAF-7BF3-46C3-86DC-37DC36C3ACB5}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{17852DF1-F26F-47AC-B665-A51333AEFF4F}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{17E614BB-C509-4296-8F84-413C981A5F3C}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{19175CDD-BA01-44C0-98A9-AC7FD1B12D61}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{1A6C7AFD-CEC2-49DC-8958-AC11F262D3E1}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{1C434040-8D9E-48F6-A975-A7BDC4722729}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{1CD69DE3-BD4C-4BC4-97FF-93226F59E4AF}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{1F4F82D6-2503-4DC7-8BE1-77CCEA4F8DE4}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{1F79E539-B588-4A19-B18A-06CA5EB5E306}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{203298DD-888E-4346-A494-4DAE198D16AA}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{206010EE-CAD6-439E-9FA0-9C483C92D3AF}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{216B5A1C-B046-4FD8-A617-62E196A6E8C1}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{24A37588-6FE9-47B7-B379-29468C38789B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{25E077B6-C1A7-4872-9D50-97E5BFCC4C79}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{266A01D0-FA1E-481C-BA21-0FEF15FAF40F}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{2857F09A-D7DD-4014-A6B0-1E13017466B8}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{29ACCFCE-79F6-4AF4-BDE5-B3AD00BF830B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{2B9912F0-4631-413A-929E-A74239EEF817}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{2E38A6F5-C84F-47B8-835D-A900D3EF005E}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{2FC0CAB9-DA97-4E7C-8740-F278C32D7933}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{31B71EAE-09B9-485F-A507-AD0ABD6E7F0A}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{339DDFB8-211D-4432-98CE-ABB8F563F318}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{33D27983-9795-41C1-8B94-D4F863FCA410}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{36314D18-D6F4-45AD-9490-637C2759F2ED}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{38499BCF-8BB5-46F4-83E4-E31809BBE958}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{38DF52C8-252B-49F5-94F4-3397DC8C71B0}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{3F06F20F-5805-4E2E-BD13-49D1BD4BDE9E}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{426CB905-E936-460F-B388-872AFA68AF1F}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{442CF709-9037-402F-912B-26D98D50E89B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{498C51C1-BA6F-4BC0-A745-CBFCB0BB7F27}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{49E775EB-4C43-4F00-AA63-BB8C72ADD396}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{5099831F-820C-4543-A52E-800F70E617B7}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{525C57BB-93A5-4F21-A706-58F61CB7D11B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{58C83E43-7C95-4EAF-93FD-2EE4A72E324E}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{59B2A4F6-A533-40A0-8681-CAFEFE8CC92C}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{5D0C1006-54F1-4A83-8741-E814CC6C5BC9}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{5FAC382C-AB93-4B6E-8CF4-FD18F67DD7DF}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{6823144B-BBB5-4440-9C66-7E9C4A7CFE4A}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{7148B7E2-8F19-47BF-88B1-C55F8A301DEC}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{72210433-E317-4699-8741-197191A24E98}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{745A1162-B1D2-4143-B51D-B312B13B9019}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{77F4B060-B5F7-46D9-A869-EA75FBC93269}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{796A0463-B4A1-4B44-A50D-D9DE05376945}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{797D23AD-0A50-4E13-9494-2B7419B0C4F9}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{79FAD98A-6D00-44A8-B2BE-33F5962FFA22}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{7AFC0DE6-6789-4B2C-AB24-A4876F398CE5}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{7F5B581F-7640-4175-AC96-745148E3CB4D}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{82C7F558-D90C-4257-BD33-594FAD5D5913}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{8414B747-E83C-4F4A-AA73-446EF411D0D6}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{87BD31F1-4126-4591-A351-C8882B46CF28}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{8B1AD4F2-197B-4066-A993-C160D68BDFC2}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{8E1A68CC-CB8B-4C85-98A4-056462CD3111}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{8FAE2A22-834D-410A-BC07-74A1D4E593A0}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{9F381297-F0F2-47BC-9316-8E336400C6F2}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{A0C48ABC-3BC2-4BAA-AFDB-B2CD6FB2281B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{A4D94E61-29F7-4ED8-8F2E-DEB502356CC1}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{A58EDF1E-02CD-4B0E-9BDC-3CF7B1EADDC0}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{AAE0CD44-DCB2-4C56-A497-0E7EF75D9CE9}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{ADEBFAC0-412F-411D-8C25-9EE20DF6D705}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{B08922F9-8A3A-4608-8F9F-EBA1EABB5F8A}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{B2F49B5A-0D70-46FD-9E4A-FE08EB4046B7}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{B32B2839-79E6-4C9F-940D-5F64F41FE70B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{B92C2BF3-31A5-4256-8765-8FE884A6BFB6}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{B9D0550E-0D20-4EDE-8E5E-CF33FF0DC48B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{BB78D229-87B4-4F3F-AF79-127EE143C947}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{BE60B5F0-D0E2-40F9-8B1D-5D15DF8E41FE}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{C1D1618F-960A-48E3-8F31-BAA8B71B2AA7}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{C455EE45-F0B8-4D09-9F2F-CE508715A645}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{C671891E-089B-4970-BA93-4D5C6EDBD4B9}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{C8CBDB6B-B8FF-42C9-97CA-01A39555648B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{CA7EB736-4400-4C76-810D-9360853658B7}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{CBF67C21-87C3-48DF-A68A-3234B68931D5}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{CC3CBF41-767F-424A-94DB-5AEAFBFAAEBC}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{CCBECF6B-1618-4D15-8708-0CB824AC8FA7}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{D7B8BEE9-39BD-45DC-923C-69F02693DA0D}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{DB868BC0-717C-4400-A50A-6F18E3BDB39F}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{DCA3C697-0C96-4225-A8C3-DC11653CABE4}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{DE8614D2-1D11-42D3-BFBC-F08E09581EA1}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{DE9B9C7C-5ED8-4769-9F2C-2735AEF682B1}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{E016FBF0-4F54-4490-B931-FCB8DC3C54EB}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{E167394F-B595-4CE9-A56D-E4570C373E6B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{E375A8AA-97C1-4F6F-AB22-8B3D6CAB7B05}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{E6EE49B2-446A-4945-9CE6-19BDD5F374E8}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{E86E18B9-2FEF-4441-9A5B-1BA953336C5C}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{E88DB5E0-90BD-4464-8AEF-F6666F540B17}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{E8D7EDB6-2926-446C-BBF4-B8D08E23D38B}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{EB64C68C-15B7-4B01-AF7C-8101D14A66F9}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{EDF63BC9-6364-4D41-8F34-655C66366B46}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{F4938CAB-8D88-46E9-9E95-078FFEA7A76E}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{F7652C86-8E17-4C7F-ABB4-037A05660A56}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{FBB88C57-C0A7-4426-9777-61FB2A2D1987}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{FC342DBE-FD5A-4AC5-A10B-6C00630CCC1F}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{FDE8CB65-085D-43FF-B049-BA1B168917FA}
Successfully deleted: [Empty Folder] C:\Users\media\appdata\local\{FF4D251F-B36A-4A77-BC34-48BBBE702346}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.12.2013 at 19:42:38,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Shortcut Cleaner 1.2.6 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 12/15/2013 07:46:43 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\media\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\media\Desktop


0 bad shortcuts found.

Program finished at: 12/15/2013 07:46:50 PM
Execution time: 0 hours(s), 0 minute(s), and 6 seconds(s)

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01
Ran by media (administrator) on MEDIA-VAIO on 15-12-2013 19:53:54
Running from C:\Users\media\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-17] (Google Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [cgminer] - C:\Users\media\AppData\Local\Temp\Zonyan.exe <===== ATTENTION
HKCU\...\Run: [Herinesi] - C:\Users\media\AppData\Local\Temp\~tmp1463271939624892765.tmp <===== ATTENTION
MountPoints2: {c195e1c2-f50f-11df-9719-54424973e4de} - E:\Set-up.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1424088 2012-12-21] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
AppInit_DLLs:   [ ] ()
Startup: C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700.lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
URLSearchHook: HKCU - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1AEDBB16-ED4D-4043-A695-3E1A8DA87EB1} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1E76DAF0-4718-49E9-8C5A-9EE7F8823202} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {3B2C063E-3915-40B4-AC35-679EE8625871} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {8741C1B3-C98F-433D-8937-39B70AE3D75B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C02E7313-4999-4C99-9D96-161D9781370D} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {F38F01D0-1DBA-46A8-8AD8-5DBB5915998A} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {F89596D6-9C4E-4381-B9FD-2DF58DEFF57B} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL: hxxp://www.google.com

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-02] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-12-02] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mi-raysat_3dsmax2011_64; C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [86016 2010-04-01] ()
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-12-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-02] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-21] ()
U3 atqnl20j; C:\Windows\System32\Drivers\atqnl20j.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-15 19:49 - 2013-12-15 19:53 - 00011482 _____ C:\Users\media\Desktop\FRST.txt
2013-12-15 19:49 - 2013-12-15 19:49 - 00000000 ____D C:\Users\media\Desktop\FRST-OlderVersion
2013-12-15 19:46 - 2013-12-15 19:46 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\media\Desktop\sc-cleaner.exe
2013-12-15 19:46 - 2013-12-15 19:46 - 00001796 _____ C:\sc-cleaner.txt
2013-12-15 19:42 - 2013-12-15 19:42 - 00012393 _____ C:\Users\media\Desktop\JRT.txt
2013-12-15 19:36 - 2013-12-15 19:36 - 00000000 ____D C:\Windows\ERUNT
2013-12-15 19:34 - 2013-12-15 19:34 - 01034531 _____ (Thisisu) C:\Users\media\Desktop\JRT.exe
2013-12-15 19:06 - 2013-12-15 19:27 - 00000000 ____D C:\AdwCleaner
2013-12-15 19:04 - 2013-12-15 19:04 - 01226750 _____ C:\Users\media\Desktop\adwcleaner.exe
2013-12-14 13:05 - 2013-12-15 19:49 - 00000000 ____D C:\FRST
2013-12-14 13:04 - 2013-12-15 19:49 - 01927796 _____ (Farbar) C:\Users\media\Desktop\FRST64.exe
2013-12-10 22:06 - 2013-12-12 21:44 - 00000000 ____D C:\ProgramData\WPM

==================== One Month Modified Files and Folders =======

2013-12-15 19:53 - 2013-12-15 19:49 - 00011482 _____ C:\Users\media\Desktop\FRST.txt
2013-12-15 19:53 - 2010-12-15 17:37 - 00000000 ____D C:\Users\media\Desktop\musik
2013-12-15 19:49 - 2013-12-15 19:49 - 00000000 ____D C:\Users\media\Desktop\FRST-OlderVersion
2013-12-15 19:49 - 2013-12-14 13:05 - 00000000 ____D C:\FRST
2013-12-15 19:49 - 2013-12-14 13:04 - 01927796 _____ (Farbar) C:\Users\media\Desktop\FRST64.exe
2013-12-15 19:46 - 2013-12-15 19:46 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\media\Desktop\sc-cleaner.exe
2013-12-15 19:46 - 2013-12-15 19:46 - 00001796 _____ C:\sc-cleaner.txt
2013-12-15 19:42 - 2013-12-15 19:42 - 00012393 _____ C:\Users\media\Desktop\JRT.txt
2013-12-15 19:36 - 2013-12-15 19:36 - 00000000 ____D C:\Windows\ERUNT
2013-12-15 19:36 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-15 19:36 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 19:34 - 2013-12-15 19:34 - 01034531 _____ (Thisisu) C:\Users\media\Desktop\JRT.exe
2013-12-15 19:33 - 2010-10-22 10:26 - 01971142 _____ C:\Windows\WindowsUpdate.log
2013-12-15 19:33 - 2010-08-19 18:27 - 00686168 _____ C:\Windows\system32\perfh007.dat
2013-12-15 19:33 - 2010-08-19 18:27 - 00144796 _____ C:\Windows\system32\perfc007.dat
2013-12-15 19:33 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-15 19:29 - 2012-12-17 20:55 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 19:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-15 19:28 - 2009-07-14 05:51 - 00097554 _____ C:\Windows\setupact.log
2013-12-15 19:27 - 2013-12-15 19:06 - 00000000 ____D C:\AdwCleaner
2013-12-15 19:27 - 2012-06-19 22:10 - 00001074 _____ C:\Users\media\Desktop\Explorer.lnk
2013-12-15 19:20 - 2012-04-12 13:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-15 19:20 - 2010-07-29 19:04 - 00166972 _____ C:\Windows\PFRO.log
2013-12-15 19:19 - 2012-04-12 13:56 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-15 19:05 - 2012-12-17 20:55 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-15 19:04 - 2013-12-15 19:04 - 01226750 _____ C:\Users\media\Desktop\adwcleaner.exe
2013-12-14 14:29 - 2013-05-06 12:46 - 00000000 ____D C:\Users\media\Desktop\Dolmetschen
2013-12-14 12:54 - 2010-10-23 13:36 - 00000000 ____D C:\Users\media\AppData\Local\Google
2013-12-12 22:00 - 2011-06-02 11:50 - 00000000 ____D C:\Users\media\AppData\Roaming\Gutscheinmieze
2013-12-12 21:44 - 2013-12-10 22:06 - 00000000 ____D C:\ProgramData\WPM
2013-12-11 11:33 - 2010-10-22 10:29 - 00000000 ___RD C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-06 15:00 - 2012-12-17 20:55 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 15:00 - 2012-12-17 20:55 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 12:43 - 2013-07-29 12:21 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-04 18:44 - 2013-04-29 15:12 - 00000000 ____D C:\Users\media\Desktop\Bewerbung
2013-12-02 14:52 - 2013-07-29 20:52 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-02 14:52 - 2013-07-29 12:21 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-02 14:52 - 2013-07-29 12:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

Files to move or delete:
====================
C:\Users\media\AppData\Roaming\skype.ini


Some content of TEMP:
====================
C:\Users\media\AppData\Local\Temp\avgnt.exe
C:\Users\media\AppData\Local\Temp\BackupSetup.exe
C:\Users\media\AppData\Local\Temp\gmx_mediacenter_setup_bundled.exe
C:\Users\media\AppData\Local\Temp\GMX_Softwareaktualisierung_Setup.exe
C:\Users\media\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe
C:\Users\media\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\media\AppData\Local\Temp\MSN7025.exe
C:\Users\media\AppData\Local\Temp\Quarantine.exe
C:\Users\media\AppData\Local\Temp\tbNCH_.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 11:57

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 16.12.2013, 11:47

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\...\Run: [cgminer] - C:\Users\media\AppData\Local\Temp\Zonyan.exe <===== ATTENTION
HKCU\...\Run: [Herinesi] - C:\Users\media\AppData\Local\Temp\~tmp1463271939624892765.tmp <===== ATTENTION
AppInit_DLLs:   [ ] ()
C:\Users\media\AppData\Roaming\skype.ini

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Krissy · 16.12.2013, 23:42

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-12-2013 02
Ran by media at 2013-12-16 19:58:53 Run:1
Running from C:\Users\media\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [cgminer] - C:\Users\media\AppData\Local\Temp\Zonyan.exe <===== ATTENTION
HKCU\...\Run: [Herinesi] - C:\Users\media\AppData\Local\Temp\~tmp1463271939624892765.tmp <===== ATTENTION
AppInit_DLLs:   [ ] ()
C:\Users\media\AppData\Roaming\skype.ini

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3617f7dc1cad414baa9dd4d342aeff70
# engine=16289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-16 10:23:24
# local_time=2013-12-16 11:23:24 (+0100, Mitteleuropдische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 15831 157903909 8604 0
# compatibility_mode=5893 16776574 100 94 12652804 138862454 0 0
# scanned=338153
# found=2
# cleaned=0
# scan_time=11970
sh=3C2D77543C70C2165A13BE006AAEB5F69B19E396 ft=1 fh=c0add1ba2c07051b vn="multiple threats" ac=I fn="C:\Users\media\AppData\Local\Temp\DM\software\Re-markit_2040-2081.exe"
sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="multiple threats" ac=I fn="C:\Users\media\AppData\Local\Temp\{08A80DF1-42F6-449C-B9B2-9709B148358B}\setup.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-12-2013 02
Ran by media (administrator) on MEDIA-VAIO on 16-12-2013 23:41:25
Running from C:\Users\media\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [212480 2010-05-14] (Alps Electric Co., Ltd.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-17] (Google Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -update activex [353440 2012-04-12] (Adobe Systems Incorporated)
MountPoints2: {c195e1c2-f50f-11df-9719-54424973e4de} - E:\Set-up.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1424088 2012-12-21] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-12-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Startup: C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700.lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
URLSearchHook: HKCU - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1AEDBB16-ED4D-4043-A695-3E1A8DA87EB1} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {1E76DAF0-4718-49E9-8C5A-9EE7F8823202} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {3B2C063E-3915-40B4-AC35-679EE8625871} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {8741C1B3-C98F-433D-8937-39B70AE3D75B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {C02E7313-4999-4C99-9D96-161D9781370D} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {F38F01D0-1DBA-46A8-8AD8-5DBB5915998A} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {F89596D6-9C4E-4381-B9FD-2DF58DEFF57B} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: facemoods
CHR DefaultSearchURL: hxxp://www.google.com

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-02] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-12-02] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mi-raysat_3dsmax2011_64; C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [86016 2010-04-01] ()
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-12-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-02] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-21] ()
U3 ani6isxs; C:\Windows\System32\Drivers\ani6isxs.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-16 23:35 - 2013-12-16 23:35 - 00891200 _____ C:\Users\media\Desktop\SecurityCheck.exe
2013-12-15 19:49 - 2013-12-16 23:41 - 00011440 _____ C:\Users\media\Desktop\FRST.txt
2013-12-15 19:49 - 2013-12-16 19:58 - 00000000 ____D C:\Users\media\Desktop\FRST-OlderVersion
2013-12-15 19:46 - 2013-12-15 19:46 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\media\Desktop\sc-cleaner.exe
2013-12-15 19:46 - 2013-12-15 19:46 - 00001796 _____ C:\sc-cleaner.txt
2013-12-15 19:42 - 2013-12-15 19:42 - 00012393 _____ C:\Users\media\Desktop\JRT.txt
2013-12-15 19:36 - 2013-12-15 19:36 - 00000000 ____D C:\Windows\ERUNT
2013-12-15 19:34 - 2013-12-15 19:34 - 01034531 _____ (Thisisu) C:\Users\media\Desktop\JRT.exe
2013-12-15 19:06 - 2013-12-15 19:27 - 00000000 ____D C:\AdwCleaner
2013-12-15 19:04 - 2013-12-15 19:04 - 01226750 _____ C:\Users\media\Desktop\adwcleaner.exe
2013-12-14 13:05 - 2013-12-16 19:58 - 00000000 ____D C:\FRST
2013-12-14 13:04 - 2013-12-16 19:58 - 01927940 _____ (Farbar) C:\Users\media\Desktop\FRST64.exe
2013-12-10 22:06 - 2013-12-12 21:44 - 00000000 ____D C:\ProgramData\WPM

==================== One Month Modified Files and Folders =======

2013-12-16 23:41 - 2013-12-15 19:49 - 00011440 _____ C:\Users\media\Desktop\FRST.txt
2013-12-16 23:35 - 2013-12-16 23:35 - 00891200 _____ C:\Users\media\Desktop\SecurityCheck.exe
2013-12-16 23:19 - 2012-04-12 13:56 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-16 23:19 - 2012-04-12 13:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-16 23:05 - 2012-12-17 20:55 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-16 21:58 - 2010-12-15 17:37 - 00000000 ____D C:\Users\media\Desktop\musik
2013-12-16 21:50 - 2010-10-22 10:26 - 02060739 _____ C:\Windows\WindowsUpdate.log
2013-12-16 20:03 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-16 20:03 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-16 19:58 - 2013-12-15 19:49 - 00000000 ____D C:\Users\media\Desktop\FRST-OlderVersion
2013-12-16 19:58 - 2013-12-14 13:05 - 00000000 ____D C:\FRST
2013-12-16 19:58 - 2013-12-14 13:04 - 01927940 _____ (Farbar) C:\Users\media\Desktop\FRST64.exe
2013-12-16 19:58 - 2010-08-19 18:27 - 00686168 _____ C:\Windows\system32\perfh007.dat
2013-12-16 19:58 - 2010-08-19 18:27 - 00144796 _____ C:\Windows\system32\perfc007.dat
2013-12-16 19:58 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 19:54 - 2012-12-17 20:55 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-16 19:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-16 19:53 - 2009-07-14 05:51 - 00097610 _____ C:\Windows\setupact.log
2013-12-15 19:46 - 2013-12-15 19:46 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\media\Desktop\sc-cleaner.exe
2013-12-15 19:46 - 2013-12-15 19:46 - 00001796 _____ C:\sc-cleaner.txt
2013-12-15 19:42 - 2013-12-15 19:42 - 00012393 _____ C:\Users\media\Desktop\JRT.txt
2013-12-15 19:36 - 2013-12-15 19:36 - 00000000 ____D C:\Windows\ERUNT
2013-12-15 19:34 - 2013-12-15 19:34 - 01034531 _____ (Thisisu) C:\Users\media\Desktop\JRT.exe
2013-12-15 19:27 - 2013-12-15 19:06 - 00000000 ____D C:\AdwCleaner
2013-12-15 19:27 - 2012-06-19 22:10 - 00001074 _____ C:\Users\media\Desktop\Explorer.lnk
2013-12-15 19:20 - 2010-07-29 19:04 - 00166972 _____ C:\Windows\PFRO.log
2013-12-15 19:04 - 2013-12-15 19:04 - 01226750 _____ C:\Users\media\Desktop\adwcleaner.exe
2013-12-14 14:29 - 2013-05-06 12:46 - 00000000 ____D C:\Users\media\Desktop\Dolmetschen
2013-12-14 12:54 - 2010-10-23 13:36 - 00000000 ____D C:\Users\media\AppData\Local\Google
2013-12-12 22:00 - 2011-06-02 11:50 - 00000000 ____D C:\Users\media\AppData\Roaming\Gutscheinmieze
2013-12-12 21:44 - 2013-12-10 22:06 - 00000000 ____D C:\ProgramData\WPM
2013-12-11 11:33 - 2010-10-22 10:29 - 00000000 ___RD C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-06 15:00 - 2012-12-17 20:55 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 15:00 - 2012-12-17 20:55 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 12:43 - 2013-07-29 12:21 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-04 18:44 - 2013-04-29 15:12 - 00000000 ____D C:\Users\media\Desktop\Bewerbung
2013-12-02 14:52 - 2013-07-29 20:52 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-02 14:52 - 2013-07-29 12:21 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-02 14:52 - 2013-07-29 12:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

Some content of TEMP:
====================
C:\Users\media\AppData\Local\Temp\avgnt.exe
C:\Users\media\AppData\Local\Temp\BackupSetup.exe
C:\Users\media\AppData\Local\Temp\gmx_mediacenter_setup_bundled.exe
C:\Users\media\AppData\Local\Temp\GMX_Softwareaktualisierung_Setup.exe
C:\Users\media\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe
C:\Users\media\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\media\AppData\Local\Temp\MSN7025.exe
C:\Users\media\AppData\Local\Temp\Quarantine.exe
C:\Users\media\AppData\Local\Temp\tbNCH_.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 11:57

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

ein kleiner klick der solche Fehler verursachen kann... echt sagenhaft

))) OMG!!

schrauber · 17.12.2013, 12:13

Java und Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Krissy · 17.12.2013, 21:32

JUHUUUUU

es ist weg!!! ich danke dir vielmals!!! Danke danke danke!!!!!!!

schrauber · 18.12.2013, 10:43

Gern Geschehen

18.12.2013, 10:43	#10
schrauber /// the machine /// TB-Ausbilder	Nation Zoom nicht entfernbar :-( Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Nation Zoom nicht entfernbar :-(

Log-Analyse und Auswertung: Nation Zoom nicht entfernbar :-(