BKA-Trojaner?

maxlh · 19.01.2014, 11:02

Servus Leute,

ich bin mir nicht ganz sicher, ob ich mir hier einen Virus eingefangen hab.
Ich habe plötzlich beim surfen in Firefox gemerkt, dass sich ein Fensteraufgetan hatte, dies war dann die Polizei-Warnung usw. nach zahlung von 100 Euro, wäre dann alles wieder in Ordnung....
Nun lässt sich diese Seite leider nicht mehr schließen, es kommt vielmehr immer wieder die Warnung: Wollen sie diese Seite verlassen? Beim klick auf Seite verlassen passiert nichts...

Ich habe jetzt keine Ahnung, wie ich da weitertun soll? Mach ich etwas kaputt wenn ich den PC neu starte und hoff, dass das nicht mehr erscheint?
Hab ich mir damit ein Virus eingefangen oder ist das halt nur eine nervige Seite die nicht mehr zu geht.

Ich weiß nicht ob, das relevant ist, ich habe ein Windows-Betriebssystem auf mein macbook gebootet, geschützt ist Windows mit Avira Antivir Premium 2013.
Das ganze Problem ist jetzt auch unter Windows.

Vielen Dank für Eure Hilfe

LG

schrauber · 19.01.2014, 11:08

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

maxlh · 19.01.2014, 11:21

Also hier die Frst-Datei

Code:

ATTFilter

2014-01-07 15:09 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-07 15:09 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-07 15:09 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-07 15:09 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-07 15:09 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-07 15:09 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-07 15:09 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-07 15:09 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-07 15:09 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-07 15:09 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-07 15:09 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-07 15:09 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-07 15:09 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-07 15:09 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-07 15:09 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-07 15:09 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-07 15:09 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-07 15:09 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-07 15:09 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-07 15:09 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-07 15:09 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-07 15:09 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-07 15:09 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-07 15:09 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-29 21:15 - 2013-12-30 14:56 - 02225904 _____ C:\Users\Max\Desktop\E2.pln
2013-12-29 21:15 - 2013-12-29 21:15 - 01972032 _____ C:\Users\Max\Desktop\E2.bpn
2013-12-29 21:15 - 2013-12-29 21:15 - 00000054 _____ C:\Users\Max\Desktop\E2.pln.lck
2013-12-29 19:17 - 2013-12-29 19:17 - 00000000 ____D C:\Users\Max\AppData\Local\Apple Computer
2013-12-28 12:11 - 2012-02-17 17:05 - 00000000 ____D C:\Users\Max\Desktop\ArchiCAD Grundlagen ITL
2013-12-28 11:47 - 2013-12-28 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 11:43 - 2013-12-28 11:49 - 233384784 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-4005-HOTFIX2-WIN64.exe
2013-12-28 11:40 - 2013-12-28 12:11 - 00000000 ____D C:\Users\Max\Documents\BIMx
2013-12-28 11:39 - 2013-12-29 19:20 - 00000000 ____D C:\Users\Max\Graphisoft
2013-12-28 11:39 - 2013-12-28 12:08 - 00000000 ____D C:\Users\Max\AppData\Local\Graphisoft
2013-12-28 11:39 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Roaming\Graphisoft
2013-12-28 11:37 - 2013-12-28 11:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Apple Computer
2013-12-28 11:33 - 2013-12-28 11:33 - 00001241 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2013-12-28 11:33 - 2013-12-28 11:33 - 00001066 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00001853 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-28 11:30 - 2013-12-28 11:53 - 00007861 _____ C:\Windows\vpd.properties
2013-12-28 11:27 - 2013-12-28 11:27 - 00000000 ____D C:\Program Files\GRAPHISOFT
2013-12-28 11:22 - 2013-12-28 11:51 - 00000000 ____D C:\Users\Max\AppData\Roaming\Install.GS
2013-12-28 11:22 - 2013-12-28 11:21 - 00866720 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-12-28 11:22 - 2013-12-28 11:21 - 00263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 11:21 - 2013-12-28 11:21 - 00095648 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 11:12 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-28 11:12 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-28 11:10 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-28 11:10 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-28 10:58 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-28 10:58 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-28 10:57 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-28 10:57 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-28 10:56 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-28 10:56 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-28 10:50 - 2013-12-28 11:11 - 890298112 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-AUT64.exe
2013-12-28 10:50 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-28 10:50 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-28 10:50 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-28 10:50 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-28 10:50 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-28 10:50 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-28 10:50 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-28 10:50 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

==================== One Month Modified Files and Folders =======

2014-01-19 10:16 - 2014-01-19 09:14 - 00014143 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-19 10:15 - 2014-01-19 10:15 - 00031685 _____ C:\Users\Max\Desktop\FRST.txt
2014-01-19 10:12 - 2013-04-06 16:40 - 00000000 ____D C:\Users\Max\AppData\Local\Akamai
2014-01-19 09:43 - 2012-05-16 13:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-19 09:17 - 2011-12-04 01:20 - 01348799 _____ C:\Windows\WindowsUpdate.log
2014-01-19 09:16 - 2014-01-19 09:14 - 00026212 _____ C:\Users\Max\Downloads\Addition.txt
2014-01-19 09:13 - 2014-01-19 09:13 - 00000000 ____D C:\FRST
2014-01-19 09:13 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 09:13 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 09:09 - 2014-01-19 09:09 - 02076160 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-19 05:49 - 2013-01-13 19:08 - 00000000 ____D C:\Users\Max\AppData\Roaming\Skype
2014-01-16 16:56 - 2009-07-14 06:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-16 15:40 - 2012-05-12 17:03 - 00000000 ____D C:\Users\Max\AppData\Local\cache
2014-01-16 14:13 - 2014-01-14 20:32 - 00001018 _____ C:\Windows\setupact.log
2014-01-16 11:58 - 2012-06-11 07:47 - 00001321 _____ C:\Users\Max\Documents\plot.log
2014-01-16 11:50 - 2014-01-16 11:50 - 00076569 _____ C:\Users\Max\Downloads\HWOOD5E1.pat
2014-01-16 11:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-16 11:25 - 2009-07-14 05:45 - 00426592 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 11:07 - 2013-02-14 21:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 11:06 - 2013-09-17 10:38 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 11:05 - 2012-05-12 17:01 - 00000000 ____D C:\ProgramData\FLEXnet
2014-01-16 11:02 - 2011-12-03 23:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 19:15 - 2013-02-06 14:31 - 00036352 ___SH C:\Users\Max\Thumbs.db
2014-01-15 09:14 - 2013-10-23 10:08 - 00000000 ____D C:\Users\Max\Documents\E2
2014-01-14 22:32 - 2012-12-11 17:09 - 125385161 _____ C:\Users\Max\Desktop\RhinoCrashDump.3dm
2014-01-14 22:29 - 2014-01-14 22:29 - 00000000 _____ C:\Users\Max\Desktop\RhinoCrashDump.dmp
2014-01-14 20:32 - 2014-01-14 20:32 - 00000000 _____ C:\Windows\setuperr.log
2014-01-14 20:13 - 2013-08-18 18:19 - 00000000 ____D C:\Users\Max\Desktop\TG
2014-01-14 10:17 - 2011-12-04 01:16 - 00000000 ____D C:\Windows\Panther
2014-01-13 18:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-13 10:31 - 2014-01-13 08:16 - 00000040 ____H C:\Users\Max\Desktop\TG_neu.3dm.rhl
2014-01-07 22:07 - 2012-06-26 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 14:56 - 2013-12-29 21:15 - 02225904 _____ C:\Users\Max\Desktop\E2.pln
2013-12-30 14:49 - 2013-06-24 16:09 - 00000000 ____D C:\Users\Max\Documents\Material
2013-12-30 14:44 - 2011-12-04 13:44 - 00000600 _____ C:\Users\Max\AppData\Roaming\winscp.rnd
2013-12-29 21:15 - 2013-12-29 21:15 - 01972032 _____ C:\Users\Max\Desktop\E2.bpn
2013-12-29 21:15 - 2013-12-29 21:15 - 00000054 _____ C:\Users\Max\Desktop\E2.pln.lck
2013-12-29 19:20 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\Graphisoft
2013-12-29 19:17 - 2013-12-29 19:17 - 00000000 ____D C:\Users\Max\AppData\Local\Apple Computer
2013-12-28 12:11 - 2013-12-28 11:40 - 00000000 ____D C:\Users\Max\Documents\BIMx
2013-12-28 12:08 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Local\Graphisoft
2013-12-28 11:53 - 2013-12-28 11:30 - 00007861 _____ C:\Windows\vpd.properties
2013-12-28 11:51 - 2013-12-28 11:22 - 00000000 ____D C:\Users\Max\AppData\Roaming\Install.GS
2013-12-28 11:49 - 2013-12-28 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 11:49 - 2013-12-28 11:43 - 233384784 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-4005-HOTFIX2-WIN64.exe
2013-12-28 11:39 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Roaming\Graphisoft
2013-12-28 11:39 - 2011-12-03 20:45 - 00000000 ____D C:\Users\Max
2013-12-28 11:37 - 2013-12-28 11:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Apple Computer
2013-12-28 11:33 - 2013-12-28 11:33 - 00001241 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2013-12-28 11:33 - 2013-12-28 11:33 - 00001066 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00001853 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-28 11:27 - 2013-12-28 11:27 - 00000000 ____D C:\Program Files\GRAPHISOFT
2013-12-28 11:21 - 2013-12-28 11:22 - 00866720 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-12-28 11:21 - 2013-12-28 11:22 - 00263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 11:21 - 2013-12-28 11:21 - 00095648 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 11:21 - 2012-01-10 15:15 - 00788896 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-12-28 11:21 - 2012-01-10 15:15 - 00174496 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-28 11:21 - 2012-01-10 15:15 - 00174496 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-28 11:21 - 2012-01-10 15:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-28 11:11 - 2013-12-28 10:50 - 890298112 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-AUT64.exe
2013-12-28 10:45 - 2012-05-16 13:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-28 10:44 - 2012-05-16 13:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-28 10:44 - 2011-12-05 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-28 10:43 - 2013-05-08 06:22 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-28 10:43 - 2013-04-06 11:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-28 10:43 - 2013-04-06 11:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Files to move or delete:
====================
C:\Users\Max\SimCity 4 Extra Cheats Plugin.dll


Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-13 18:21

==================== End Of Log ============================

und hier das add:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2014 03
Ran by Max at 2014-01-19 10:18:32
Running from C:\Users\Max\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Aerosoft's - Aerosoft Launcher (x32 Version: 1.1.0.1 - Aerosoft)
Akamai NetSession Interface (HKCU Version:  - Akamai Technologies, Inc)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ANNO 1404 (x32 Version: 1.01.0000 - Ubisoft)
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArchiCAD 17 AUT (Version: 17.0 - GRAPHISOFT)
Ask Toolbar (x32 Version: 1.13.2.0 - Ask.com) <==== ATTENTION
AutoCAD 2013 - Deutsch (German) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - Deutsch (German) (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - Deutsch (German) (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion Plugin for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Material Library 2012 (x32 Version: 2.5.0.8 - Autodesk)
Autodesk Material Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13 - Autodesk)
Autodesk Sync (Version: 3.5.24.0 - Autodesk, Inc.)
Avira Antivirus Premium (x32 Version: 14.0.2.286 - Avira)
Boot Camp Services (Version: 4.0.4033 - Apple Inc.)
Carambis Registry Cleaner (x32 Version: 1.0.0.1148 - MEDIA FOG LTD.)
CCleaner (Version: 4.06 - Piriform)
Corel Ventura 10 (x32 Version:  - )
Corel Ventura 10 (x32 Version: 10 - Corel) Hidden
Deutsch (Apple) by Isg (Version: 1.0.3.40 - Isg-Software)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2 - FARO Scanner Production)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118 - Intel Corporation)
Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 21 (x32 Version: 6.0.210 - Oracle)
Langenscheidt Kurs 6.0 Spanisch (x32 Version: 01.00.00.00 - Langenscheidt)
lingDIALOG (x32 Version: 3.0908 - WEVOSYS)
lingDIALOG (x32 Version: 3.0908 - WEVOSYS) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Keyboard Layout Creator 1.4 (x32 Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (x32 Version: 1.0.0 - McNeel & Associates)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Neon 1.0 (Version: 1.0.18049 - LBP Development)
Neon 1.0 (x32 Version: 1.0.19162 - LBP Development)
Network Addon Mod Version 30 mit Essentials r132 (HKCU Version: Version 30 mit Essentials r132 - Das NAM Team)
NVIDIA Drivers (Version: 1.8 - )
OMSI - Addon Wien (x32 Version: 1.00 - aerosoft)
OMSI - Der Omnibussimulator (x32 Version: 1.04 - aerosoft)
OMSI Addon Manager Version 1.2.4 (x32 Version: 1.2.4 - Jan Kiesewalter)
Patrizier II Gold (x32 Version:  - )
PDF Architect (x32 Version: 1.0.41.8362 - pdfforge)
PDF to Image (x32 Version:  - Quick PDF)
PDFCreator (x32 Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
Railway Addon Mod - Single Track Rail Set 1 (x32 Version: Set 1 - Das RAM Team)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Rhinoceros 4.0 Testversion (x32 Version: 4.0.60309 - Robert McNeel & Associates)
Rhinoceros 5 (x32 Version: 5.6.31028.18305 - Robert McNeel & Associates)
Rhinoceros 5.0 (64-bit) (Version: 5.1.20927.2215 - Robert McNeel & Associates)
Rhinoceros 5.0 Help Media (x32 Version: 5.1.20828.1435 - Robert McNeel & Associates)
Rhinoceros 5.0 Language Pack Installer (en-US) (x32 Version: 5.1.20927.2215 - Robert McNeel & Associates)
rmDATA Software (x32 Version: 4.10.3819 - rmDATA)
Sentinel Protection Installer 7.5.0 (x32 Version: 7.5.0 - SafeNet, Inc.)
Servicepacks (x32 Version:  - )
SimCity 4 Deluxe (x32 Version:  - )
Skype™ 6.7 (x32 Version: 6.7.102 - Skype Technologies S.A.)
SweetIM for Messenger 3.6 (x32 Version: 3.6.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks Toolbar for Internet Explorer 4.6 (x32 Version: 4.6.0002 - SweetIM Technologies Ltd.) <==== ATTENTION
Universal Document Converter (Demo) (x32 Version: 5.6 - fCoder Group, Inc.)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Update Manager for SweetPacks 1.0 (x32 Version: 1.0.0005 - SweetIM Technologies Ltd.) <==== ATTENTION
Veoh Web Player (x32 Version: 1.1.2.0000 - Veoh Networks, Inc.)
VLC media player 2.0.5 (x32 Version: 2.0.5 - VideoLAN)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (Version: 06/27/2007 2.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (Version: 10/25/2007 2.0.1.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) (Version: 04/05/2011 3.2.0.8 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) (Version: 01/17/2011 3.2.0.0 - Apple Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net  (11/13/2010 9.2.0.113) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows Driver Package - Broadcom (b57nd60a) Net  (12/02/2010 14.4.2.2) (Version: 12/02/2010 14.4.2.2 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net  (04/06/2011 5.100.198.22) (Version: 04/06/2011 5.100.198.22 - Broadcom)
Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost  (01/18/2011 1.0.0.220) (Version: 01/18/2011 1.0.0.220 - Broadcom Corporation)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (12/03/2010 6.6001.1.30) (Version: 12/03/2010 6.6001.1.30 - Cirrus Logic, Inc.)
Windows Driver Package - Intel (e1express) Net  (03/26/2010 9.13.41.0) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows Driver Package - Intel (e1kexpress) Net  (04/12/2010 11.6.92.0) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows Driver Package - Intel (e1qexpress) Net  (12/04/2009 11.4.7.0) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows Driver Package - Intel (e1rexpress) Net  (01/07/2010 11.4.16.0) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows Driver Package - Intel (e1yexpress) Net  (04/07/2010 10.1.9.0) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows Driver Package - Intel System  (07/20/2007 1.2.76.0) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows Driver Package - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinRAR 4.11 (32-Bit) (x32 Version: 4.11.0 - win.rar GmbH)
WinSCP 4.3.5 (x32 Version: 4.3.5 - Martin Prikryl)

==================== Restore Points  =========================

16-01-2014 10:01:25 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02FEE6F1-310A-4CF1-BC85-D3292CDE78C4} - System32\Tasks\{AE8D2C6E-22EC-4090-AA90-AF8078F98DAC} => C:\Program Files (x86)\Corel\Ventura 10\Programs\ventura.exe [2002-08-29] (Corel Corporation)
Task: {36252D95-CE73-4066-9843-9108CE719A27} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2011-11-17] ()
Task: {4BF5F685-1127-4C93-8B61-75285059E682} - System32\Tasks\{FBFBC204-64CC-4E20-8A14-7C0E8BC077FF} => C:\Program Files (x86)\Corel\Ventura 10\Programs\ventura.exe [2002-08-29] (Corel Corporation)
Task: {4E300883-715B-446F-829F-1CE6E332B048} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {576AD972-AA0C-4D98-BC42-90BD102ED821} - System32\Tasks\{BF48CCF1-F4C7-4AFC-9FCE-F03BD8D7B209} => C:\Users\Max\Downloads\CVE0701_de\CVE0701\Setup32.exe [2003-06-18] (Corel Corporation) <==== ATTENTION
Task: {6D1AD71A-43FC-406F-BE29-26CCC3E6DFF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-28] (Adobe Systems Incorporated)
Task: {6FD9854F-4404-45CD-8B48-F1DCD0E3325A} - System32\Tasks\{C9F0E68A-34F8-45F2-AC17-6BBC2C3EB43F} => C:\Program Files (x86)\Corel\Ventura 10\Programs\ventura.exe [2002-08-29] (Corel Corporation)
Task: {74C04A59-295D-40B3-A322-8629AC7549A4} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2012-12-30] (Veoh Networks)
Task: {A8B44806-97E1-4255-915B-989C830D3F49} - System32\Tasks\{48023F3F-D01A-414E-9A87-0214EAFB1C1A} => C:\Program Files (x86)\Corel\Ventura 10\Programs\ventura.exe [2002-08-29] (Corel Corporation)
Task: {B7B6ABED-7982-4637-B102-1AAAA012A39E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-06-21 12:55 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-04-06 11:13 - 2013-04-06 11:01 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-06-20 14:37 - 2011-06-20 14:37 - 10836992 _____ () C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
2011-06-20 12:32 - 2011-06-20 12:32 - 00266752 _____ () C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
2011-06-20 12:21 - 2011-06-20 12:21 - 07994880 _____ () C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
2011-06-20 12:04 - 2011-06-20 12:04 - 02233344 _____ () C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
2011-06-21 14:48 - 2011-06-21 14:48 - 00910336 _____ () C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
2011-06-20 12:52 - 2011-06-20 12:52 - 01283584 _____ () C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
2011-05-26 10:38 - 2011-05-26 10:38 - 00022016 _____ () C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
2011-05-26 10:38 - 2011-05-26 10:38 - 00120320 _____ () C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
2013-04-17 08:40 - 2013-04-17 08:40 - 00096768 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\MemHandler.dll
2013-05-24 12:58 - 2013-05-24 12:58 - 00962560 _____ () C:\Program Files (x86)\Neon 1.0\Egret.10.v50.x86.rhp
2013-12-28 11:47 - 2013-12-28 11:49 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-28 10:44 - 2013-12-28 10:44 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Host Controller
Description: Bluetooth USB Host Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2014 10:12:35 AM) (Source: MsiInstaller) (User: Max-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Max\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (01/19/2014 09:37:20 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume C:\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (01/19/2014 08:14:40 AM) (Source: MsiInstaller) (User: Max-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Max\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (01/19/2014 05:49:41 AM) (Source: MsiInstaller) (User: Max-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Max\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (01/18/2014 07:43:21 PM) (Source: MsiInstaller) (User: Max-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Max\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (01/18/2014 07:43:02 PM) (Source: MsiInstaller) (User: Max-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Max\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (01/16/2014 03:29:16 PM) (Source: MsiInstaller) (User: Max-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Max\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (01/16/2014 03:28:38 PM) (Source: MsiInstaller) (User: Max-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Max\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (01/16/2014 11:02:53 AM) (Source: MsiInstaller) (User: Max-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Max\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (01/16/2014 11:01:50 AM) (Source: MsiInstaller) (User: Max-PC)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Max\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.


System errors:
=============
Error: (01/16/2014 11:00:14 AM) (Source: DCOM) (User: )
Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (01/16/2014 11:00:13 AM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service failed to start due to the following error: 
%%1053

Error: (01/16/2014 11:00:13 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.

Error: (01/15/2014 09:05:29 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (01/14/2014 10:28:31 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (01/13/2014 08:19:30 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (01/08/2014 03:12:17 PM) (Source: Service Control Manager) (User: )
Description: The McNeel Update Service 5.0 service failed to start due to the following error: 
%%1053

Error: (01/08/2014 03:12:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McNeel Update Service 5.0 service to connect.

Error: (01/08/2014 03:11:47 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service failed to start due to the following error: 
%%1053

Error: (01/08/2014 03:11:47 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 73%
Total physical RAM: 4006.73 MB
Available physical RAM: 1063.95 MB
Total Pagefile: 8011.65 MB
Available Pagefile: 4428.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:93.33 GB) (Free:14.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Macintosh HD) (Fixed) (Total:203.96 GB) (Free:107.16 GB) HFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 00000BD5)

Partition: GPT Partition TypePartition 2: (Not Active) - (Size=204 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=93 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 19.01.2014, 11:27

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

maxlh · 19.01.2014, 11:48

hier die Datei die nach durchlaufen des Combofix erschien

Code:

ATTFilter

ComboFix 14-01-16.03 - Max 19.01.2014  10:37:14.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4007.1413 [GMT 1:00]
Running from: c:\users\Max\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Max\AppData\Local\TempDIR
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-19 to 2014-01-19  )))))))))))))))))))))))))))))))
.
.
2014-01-19 09:41 . 2014-01-19 09:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-19 09:36 . 2014-01-19 09:36	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EC1A146-7C77-4AAE-A4B0-4BC64001BFC5}\offreg.dll
2014-01-19 08:13 . 2014-01-19 08:13	--------	d-----w-	C:\FRST
2014-01-17 09:55 . 2013-12-04 03:28	10315576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EC1A146-7C77-4AAE-A4B0-4BC64001BFC5}\mpengine.dll
2014-01-15 08:17 . 2013-11-27 01:41	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2014-01-15 08:17 . 2013-11-27 01:41	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2014-01-15 08:17 . 2013-11-27 01:41	53248	----a-w-	c:\windows\system32\drivers\usbehci.sys
2014-01-15 08:17 . 2013-11-27 01:41	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2014-01-15 08:17 . 2013-11-27 01:41	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2014-01-15 08:17 . 2013-11-27 01:41	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2014-01-15 08:17 . 2013-11-27 01:41	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2014-01-15 08:17 . 2013-11-26 10:32	3156480	----a-w-	c:\windows\system32\win32k.sys
2014-01-15 08:17 . 2013-11-26 11:40	376768	----a-w-	c:\windows\system32\drivers\netio.sys
2014-01-07 14:11 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2014-01-07 14:11 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-07 14:11 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2014-01-07 14:11 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2014-01-07 14:11 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2013-12-30 13:31 . 2013-12-30 13:31	--------	d-----w-	c:\users\Max\AppData\Local\GS-LW-Temp
2013-12-29 18:17 . 2013-12-29 18:17	--------	d-----w-	c:\users\Max\AppData\Local\Apple Computer
2013-12-28 10:39 . 2013-12-28 11:08	--------	d-----w-	c:\users\Max\AppData\Local\Graphisoft
2013-12-28 10:39 . 2013-12-29 18:20	--------	d-----w-	c:\users\Max\Graphisoft
2013-12-28 10:39 . 2013-12-28 10:39	--------	d-----w-	c:\users\Max\AppData\Roaming\Graphisoft
2013-12-28 10:37 . 2013-12-28 10:37	--------	d-----w-	c:\users\Max\AppData\Roaming\Apple Computer
2013-12-28 10:32 . 2013-12-28 10:32	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-12-28 10:32 . 2013-12-28 10:32	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-12-28 10:32 . 2013-12-28 10:32	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-12-28 10:32 . 2013-12-28 10:32	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-12-28 10:32 . 2013-12-28 10:32	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-12-28 10:32 . 2013-12-28 10:32	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-12-28 10:32 . 2013-12-28 10:32	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-12-28 10:32 . 2013-12-28 10:32	--------	d-----w-	c:\program files (x86)\QuickTime
2013-12-28 10:32 . 2013-12-28 10:32	--------	d-----w-	c:\programdata\Apple Computer
2013-12-28 10:31 . 2013-12-28 10:31	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2013-12-28 10:27 . 2013-12-28 10:27	--------	d-----w-	c:\program files\GRAPHISOFT
2013-12-28 10:22 . 2013-12-28 10:51	--------	d-----w-	c:\users\Max\AppData\Roaming\Install.GS
2013-12-28 10:22 . 2013-12-28 10:22	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-12-28 10:22 . 2013-12-28 10:21	866720	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-12-28 10:21 . 2013-12-28 10:21	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-28 10:12 . 2013-11-23 18:26	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-12-28 10:12 . 2013-11-23 17:47	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-12-28 10:10 . 2013-10-30 02:32	335360	----a-w-	c:\windows\system32\msieftp.dll
2013-12-28 10:10 . 2013-10-30 02:19	301568	----a-w-	c:\windows\SysWow64\msieftp.dll
2013-12-28 09:58 . 2013-10-19 02:18	81408	----a-w-	c:\windows\system32\imagehlp.dll
2013-12-28 09:58 . 2013-10-19 01:36	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-12-28 09:57 . 2013-11-12 02:23	2048	----a-w-	c:\windows\system32\tzres.dll
2013-12-28 09:57 . 2013-11-12 02:07	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-12-28 09:56 . 2013-10-04 02:16	116736	----a-w-	c:\windows\system32\drivers\drmk.sys
2013-12-28 09:56 . 2013-10-04 01:36	230400	----a-w-	c:\windows\system32\drivers\portcls.sys
2013-12-28 09:50 . 2013-10-12 02:32	150016	----a-w-	c:\windows\system32\wshom.ocx
2013-12-28 09:50 . 2013-10-12 02:31	202752	----a-w-	c:\windows\system32\scrrun.dll
2013-12-28 09:50 . 2013-10-12 02:04	121856	----a-w-	c:\windows\SysWow64\wshom.ocx
2013-12-28 09:50 . 2013-10-12 02:03	163840	----a-w-	c:\windows\SysWow64\scrrun.dll
2013-12-28 09:50 . 2013-10-12 01:33	156160	----a-w-	c:\windows\system32\cscript.exe
2013-12-28 09:50 . 2013-10-12 01:33	168960	----a-w-	c:\windows\system32\wscript.exe
2013-12-28 09:50 . 2013-10-12 01:15	141824	----a-w-	c:\windows\SysWow64\wscript.exe
2013-12-28 09:50 . 2013-10-12 01:15	126976	----a-w-	c:\windows\SysWow64\cscript.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 10:02 . 2011-12-03 22:31	86054176	----a-w-	c:\windows\system32\MRT.exe
2013-12-28 10:21 . 2012-01-10 14:15	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-12-28 09:44 . 2012-05-16 12:08	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-28 09:44 . 2011-12-05 07:06	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-28 09:43 . 2013-05-08 05:22	84720	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-12-28 09:43 . 2013-04-06 10:13	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-12-28 09:43 . 2013-04-06 10:13	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-12-03 20:24 . 2013-12-03 20:24	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:24 . 2013-12-03 20:24	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-12-03 20:24 . 2013-12-03 20:24	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 20:24 . 2013-12-03 20:24	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2013-12-03 20:24 . 2013-12-03 20:24	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-12-03 20:24 . 2013-12-03 20:24	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-12-03 20:24 . 2013-12-03 20:24	34816	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 20:24 . 2013-12-03 20:24	337408	----a-w-	c:\windows\SysWow64\html.iec
2013-12-03 20:24 . 2013-12-03 20:24	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-12-03 20:24 . 2013-12-03 20:24	235008	----a-w-	c:\windows\system32\elshyph.dll
2013-12-03 20:24 . 2013-12-03 20:24	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2013-12-03 20:24 . 2013-12-03 20:24	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 20:24 . 2013-12-03 20:24	942592	----a-w-	c:\windows\system32\jsIntl.dll
2013-12-03 20:24 . 2013-12-03 20:24	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 20:24 . 2013-12-03 20:24	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-12-03 20:24 . 2013-12-03 20:24	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:24 . 2013-12-03 20:24	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 20:24 . 2013-12-03 20:24	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 20:24 . 2013-12-03 20:24	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-12-03 20:24 . 2013-12-03 20:24	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2013-12-03 20:24 . 2013-12-03 20:24	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-12-03 20:24 . 2013-12-03 20:24	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-12-03 20:24 . 2013-12-03 20:24	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-12-03 20:24 . 2013-12-03 20:24	247808	----a-w-	c:\windows\system32\msls31.dll
2013-12-03 20:24 . 2013-12-03 20:24	195584	----a-w-	c:\windows\system32\msrating.dll
2013-12-03 20:24 . 2013-12-03 20:24	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-12-03 20:24 . 2013-12-03 20:24	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2013-12-03 20:24 . 2013-12-03 20:24	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2013-12-03 20:24 . 2013-12-03 20:24	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2013-12-03 20:24 . 2013-12-03 20:24	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-12-03 20:24 . 2013-12-03 20:24	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-12-03 20:24 . 2013-12-03 20:24	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 20:24 . 2013-12-03 20:24	84992	----a-w-	c:\windows\system32\mshtmled.dll
2013-12-03 20:24 . 2013-12-03 20:24	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2013-12-03 20:24 . 2013-12-03 20:24	81408	----a-w-	c:\windows\system32\icardie.dll
2013-12-03 20:24 . 2013-12-03 20:24	774144	----a-w-	c:\windows\system32\jscript.dll
2013-12-03 20:24 . 2013-12-03 20:24	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-12-03 20:24 . 2013-12-03 20:24	626176	----a-w-	c:\windows\system32\msfeeds.dll
2013-12-03 20:24 . 2013-12-03 20:24	62464	----a-w-	c:\windows\system32\pngfilt.dll
2013-12-03 20:24 . 2013-12-03 20:24	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2013-12-03 20:24 . 2013-12-03 20:24	548352	----a-w-	c:\windows\system32\vbscript.dll
2013-12-03 20:24 . 2013-12-03 20:24	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-12-03 20:24 . 2013-12-03 20:24	48128	----a-w-	c:\windows\system32\imgutil.dll
2013-12-03 20:24 . 2013-12-03 20:24	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2013-12-03 20:24 . 2013-12-03 20:24	413696	----a-w-	c:\windows\system32\html.iec
2013-12-03 20:24 . 2013-12-03 20:24	40448	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:24 . 2013-12-03 20:24	30208	----a-w-	c:\windows\system32\licmgr10.dll
2013-12-03 20:24 . 2013-12-03 20:24	296960	----a-w-	c:\windows\system32\dxtrans.dll
2013-12-03 20:24 . 2013-12-03 20:24	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2013-12-03 20:24 . 2013-12-03 20:24	243200	----a-w-	c:\windows\system32\webcheck.dll
2013-12-03 20:24 . 2013-12-03 20:24	235520	----a-w-	c:\windows\system32\url.dll
2013-12-03 20:24 . 2013-12-03 20:24	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-12-03 20:24 . 2013-12-03 20:24	147968	----a-w-	c:\windows\system32\occache.dll
2013-12-03 20:24 . 2013-12-03 20:24	143872	----a-w-	c:\windows\system32\wextract.exe
2013-12-03 20:24 . 2013-12-03 20:24	13824	----a-w-	c:\windows\system32\mshta.exe
2013-12-03 20:24 . 2013-12-03 20:24	135680	----a-w-	c:\windows\system32\iepeers.dll
2013-12-03 20:24 . 2013-12-03 20:24	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-12-03 20:24 . 2013-12-03 20:24	105984	----a-w-	c:\windows\system32\iesysprep.dll
2013-12-03 20:24 . 2013-12-03 20:24	101376	----a-w-	c:\windows\system32\inseng.dll
2013-11-26 12:46 . 2013-04-06 10:13	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-11-26 11:25 . 2011-12-03 22:10	267936	------w-	c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-17 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-17 17:29	1515688	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-04-24 12:24	1310000	----a-w-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-04-24 1310000]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-17 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-12-30 4686848]
"Akamai NetSession Interface"="c:\users\Max\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-11-17 901800]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-28 684600]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OMSI Addon Manager.lnk - c:\program files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe -silent [2012-12-27 737280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys;c:\windows\SYSNATIVE\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys;c:\windows\SYSNATIVE\DRIVERS\applemtp.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys;c:\windows\SYSNATIVE\DRIVERS\CS420x64.sys [x]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys;c:\windows\SYSNATIVE\DRIVERS\IRFilter.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys;c:\windows\SYSNATIVE\DRIVERS\KeyMagic.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 09:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=15838
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.at
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NDV2&o=15835&locale=en_US&apn_uid=EB3696CE-CC2C-4137-B6F4-21BB13210032&apn_ptnrs=D8&apn_sauid=A9338CB0-C2FE-433A-B342-D8C602F4F856&apn_dtid=YYYYYYYYAT&&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-19  10:44:23
ComboFix-quarantined-files.txt  2014-01-19 09:44
.
Pre-Run: 15.264.432.128 bytes free
Post-Run: 15.149.555.712 bytes free
.
- - End Of File - - 590C6F2009254B941F7EF82EABEAF677
A36C5E4F47E84449FF07ED3517B43A31

Firefox wurde anscheindend irgendwie geschlossen, da war das Polizeifenster weg, aber jetzt als ich firefox wieder gestartet hab ist es auch wieder da
Den Rechner neu starten musste ich aber nicht

schrauber · 19.01.2014, 13:29

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

maxlh · 20.01.2014, 09:51

So hier das file von Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.19.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Max :: MAX-PC [Administrator]

Schutz: Aktiviert

19.01.2014 12:40:08
mbam-log-2014-01-19 (12-40-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212192
Laufzeit: 4 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (PUP.Optional.SweetIM) -> 3356 -> Löschen bei Neustart.

Infizierte Speichermodule: 4
C:\Program Files (x86)\SweetIM\Communicator\mgcommon.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart.
C:\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart.
C:\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart.
C:\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 6
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Sweetpacks Communicator (PUP.Optional.SweetIM) -> Daten: C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SweetIM (PUP.Optional.SweetIM) -> Daten: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {CED7A249-BB97-11E1-9E2D-3C07543FBFB2} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {CED7A249-BB97-11E1-9E2D-3C07543FBFB2} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE (PUP.Optional.SweetIM.A) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL (PUP.Optional.SweetIM.A) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 10
C:\Users\Max\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\OpenCandy\4AE311EC0DE94703A6451EE672210451 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 105
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (PUP.Optional.SweetIM) -> Löschen bei Neustart.
C:\Program Files (x86)\SweetIM\Communicator\mgcommon.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart.
C:\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart.
C:\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart.
C:\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart.
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Desktop\BundleSweetIMSetup.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\SoftonicDownloader_fuer_pdfcreator.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\SoftonicDownloader_fuer_winrar.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\VeohWebPlayer.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\2519bc.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\2519c2.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\2519c8.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\OpenCandy\4AE311EC0DE94703A6451EE672210451\RealPlayerR71POC6_p2v1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Jetzt muss ich den PC neustarten

So nun vom AWD cleaner

Code:

ATTFilter

# AdwCleaner v3.017 - Report created 19/01/2014 at 14:00:33
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Max - MAX-PC
# Running from : C:\Users\Max\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Max\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Max\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Max\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default\Extensions\toolbar@ask.com
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Max\Desktop\sweetpcfix.url
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default\searchplugins\SweetIm.xml
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdfcreator_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pdfcreator_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4183178B-4D4E-48A7-9257-454BA90A760E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Features\758F5690DAAD39F40845E0E23C8C5C0B
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Products\758F5690DAAD39F40845E0E23C8C5C0B
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ File : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default\prefs.js ]

Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NDV2&o=15835&locale=en_US&apn_uid=EB3696CE-CC2C-4137-B6F4-21BB13210032&apn_ptnrs=D8&apn_sauid=A9338CB0-C2FE-433A-B342-D8[...]
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={CED7A249-BB97-11E1-9E2D-3C07543FBFB2}");

*************************

AdwCleaner[R0].txt - [8359 octets] - [19/01/2014 13:57:19]
AdwCleaner[S0].txt - [8211 octets] - [19/01/2014 14:00:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8271 octets] ##########

Nach den neustarts kommt das Polizeifenster nicht mehr

und noch vom Junckware removal tool

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Max on 19.01.2014 at 14:12:11,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\veohplugin



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-152208797-2327209521-2237396039-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{26B714C1-E64C-40A3-8D36-7A0FA4180CD0}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\oikfjd5j.default\minidumps [94 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.01.2014 at 14:20:18,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und hier das frst

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014
Ran by Max (administrator) on MAX-PC on 19-01-2014 14:24:07
Running from C:\Users\Max\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Veoh Networks) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Max\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Policies\Explorer: [] 
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk
ShortcutTarget: OMSI Addon Manager.lnk -> C:\Program Files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?l=dis&o=15838
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5004357C08B2CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-11-02]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-04]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896056 2013-12-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-28] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192 2013-10-28] (Robert McNeel & Associates)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-11] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [226592 2008-07-11] (SafeNet, Inc)

==================== Drivers (Whitelisted) ====================

R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-03-25] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-03-25] (Apple Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-12] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-19 14:23 - 2014-01-19 14:23 - 00000000 ____D C:\Users\Max\Downloads\FRST-OlderVersion
2014-01-19 14:20 - 2014-01-19 14:20 - 00001335 _____ C:\Users\Max\Desktop\JRT.txt
2014-01-19 14:12 - 2014-01-19 14:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 14:10 - 2014-01-19 14:11 - 01037068 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe
2014-01-19 13:56 - 2014-01-19 14:00 - 00000000 ____D C:\AdwCleaner
2014-01-19 13:55 - 2014-01-19 13:55 - 01236282 _____ C:\Users\Max\Desktop\adwcleaner.exe
2014-01-19 12:49 - 2014-01-19 12:49 - 00033976 _____ C:\Windows\PFRO.log
2014-01-19 12:37 - 2014-01-19 12:37 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 12:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-19 12:36 - 2014-01-19 12:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Max\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 10:44 - 2014-01-19 10:44 - 00026615 _____ C:\ComboFix.txt
2014-01-19 10:34 - 2014-01-19 10:44 - 00000000 ____D C:\Qoobox
2014-01-19 10:34 - 2014-01-19 10:44 - 00000000 ____D C:\ComboFix
2014-01-19 10:34 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-19 10:34 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-19 10:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-19 10:33 - 2014-01-19 10:43 - 00000000 ____D C:\Windows\erdnt
2014-01-19 10:28 - 2014-01-19 10:29 - 05167985 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe
2014-01-19 10:15 - 2014-01-19 10:15 - 00031685 _____ C:\Users\Max\Desktop\FRST.txt
2014-01-19 09:14 - 2014-01-19 14:24 - 00010800 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-19 09:14 - 2014-01-19 10:20 - 00026412 _____ C:\Users\Max\Downloads\Addition.txt
2014-01-19 09:13 - 2014-01-19 14:23 - 00000000 ____D C:\FRST
2014-01-19 09:09 - 2014-01-19 14:23 - 02076672 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-16 11:50 - 2014-01-16 11:50 - 00076569 _____ C:\Users\Max\Downloads\HWOOD5E1.pat
2014-01-15 09:17 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:17 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 09:17 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 22:29 - 2014-01-14 22:29 - 00000000 _____ C:\Users\Max\Desktop\RhinoCrashDump.dmp
2014-01-14 20:32 - 2014-01-19 14:02 - 00001130 _____ C:\Windows\setupact.log
2014-01-14 20:32 - 2014-01-14 20:32 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 08:16 - 2014-01-13 10:31 - 00000040 ____H C:\Users\Max\Desktop\TG_neu.3dm.rhl
2014-01-07 15:11 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-07 15:11 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-07 15:11 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-07 15:11 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-07 15:09 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-07 15:09 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-07 15:09 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-07 15:09 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-07 15:09 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-07 15:09 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-07 15:09 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-07 15:09 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-07 15:09 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-07 15:09 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-07 15:09 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-07 15:09 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-07 15:09 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-07 15:09 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-07 15:09 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-07 15:09 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-07 15:09 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-07 15:09 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-07 15:09 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-07 15:09 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-07 15:09 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-07 15:09 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-07 15:09 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-07 15:09 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-07 15:09 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-07 15:09 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-07 15:09 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-07 15:09 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-07 15:09 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-07 15:09 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-07 15:09 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-29 21:15 - 2013-12-30 14:56 - 02225904 _____ C:\Users\Max\Desktop\E2.pln
2013-12-29 21:15 - 2013-12-29 21:15 - 01972032 _____ C:\Users\Max\Desktop\E2.bpn
2013-12-29 21:15 - 2013-12-29 21:15 - 00000054 _____ C:\Users\Max\Desktop\E2.pln.lck
2013-12-29 19:17 - 2013-12-29 19:17 - 00000000 ____D C:\Users\Max\AppData\Local\Apple Computer
2013-12-28 12:11 - 2012-02-17 17:05 - 00000000 ____D C:\Users\Max\Desktop\ArchiCAD Grundlagen ITL
2013-12-28 11:47 - 2013-12-28 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 11:43 - 2013-12-28 11:49 - 233384784 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-4005-HOTFIX2-WIN64.exe
2013-12-28 11:40 - 2013-12-28 12:11 - 00000000 ____D C:\Users\Max\Documents\BIMx
2013-12-28 11:39 - 2013-12-29 19:20 - 00000000 ____D C:\Users\Max\Graphisoft
2013-12-28 11:39 - 2013-12-28 12:08 - 00000000 ____D C:\Users\Max\AppData\Local\Graphisoft
2013-12-28 11:39 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Roaming\Graphisoft
2013-12-28 11:37 - 2013-12-28 11:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Apple Computer
2013-12-28 11:33 - 2013-12-28 11:33 - 00001241 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2013-12-28 11:33 - 2013-12-28 11:33 - 00001066 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00001853 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-28 11:30 - 2013-12-28 11:53 - 00007861 _____ C:\Windows\vpd.properties
2013-12-28 11:27 - 2013-12-28 11:27 - 00000000 ____D C:\Program Files\GRAPHISOFT
2013-12-28 11:22 - 2013-12-28 11:51 - 00000000 ____D C:\Users\Max\AppData\Roaming\Install.GS
2013-12-28 11:22 - 2013-12-28 11:21 - 00866720 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-12-28 11:22 - 2013-12-28 11:21 - 00263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 11:21 - 2013-12-28 11:21 - 00095648 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 11:12 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-28 11:12 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-28 11:10 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-28 11:10 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-28 10:58 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-28 10:58 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-28 10:57 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-28 10:57 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-28 10:56 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-28 10:56 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-28 10:50 - 2013-12-28 11:11 - 890298112 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-AUT64.exe
2013-12-28 10:50 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-28 10:50 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-28 10:50 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-28 10:50 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-28 10:50 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-28 10:50 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-28 10:50 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-28 10:50 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

==================== One Month Modified Files and Folders =======

2014-01-19 14:25 - 2014-01-19 09:14 - 00010800 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-19 14:23 - 2014-01-19 14:23 - 00000000 ____D C:\Users\Max\Downloads\FRST-OlderVersion
2014-01-19 14:23 - 2014-01-19 09:13 - 00000000 ____D C:\FRST
2014-01-19 14:23 - 2014-01-19 09:09 - 02076672 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-19 14:20 - 2014-01-19 14:20 - 00001335 _____ C:\Users\Max\Desktop\JRT.txt
2014-01-19 14:12 - 2014-01-19 14:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 14:11 - 2014-01-19 14:10 - 01037068 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe
2014-01-19 14:10 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 14:10 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 14:02 - 2014-01-14 20:32 - 00001130 _____ C:\Windows\setupact.log
2014-01-19 14:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 14:00 - 2014-01-19 13:56 - 00000000 ____D C:\AdwCleaner
2014-01-19 14:00 - 2011-12-04 01:20 - 01385178 _____ C:\Windows\WindowsUpdate.log
2014-01-19 13:55 - 2014-01-19 13:55 - 01236282 _____ C:\Users\Max\Desktop\adwcleaner.exe
2014-01-19 12:53 - 2013-04-06 16:40 - 00000000 ____D C:\Users\Max\AppData\Local\Akamai
2014-01-19 12:49 - 2014-01-19 12:49 - 00033976 _____ C:\Windows\PFRO.log
2014-01-19 12:43 - 2012-05-16 13:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-19 12:37 - 2014-01-19 12:37 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 12:36 - 2014-01-19 12:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Max\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 10:44 - 2014-01-19 10:44 - 00026615 _____ C:\ComboFix.txt
2014-01-19 10:44 - 2014-01-19 10:34 - 00000000 ____D C:\Qoobox
2014-01-19 10:44 - 2014-01-19 10:34 - 00000000 ____D C:\ComboFix
2014-01-19 10:44 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-19 10:43 - 2014-01-19 10:33 - 00000000 ____D C:\Windows\erdnt
2014-01-19 10:42 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-19 10:29 - 2014-01-19 10:28 - 05167985 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe
2014-01-19 10:20 - 2014-01-19 09:14 - 00026412 _____ C:\Users\Max\Downloads\Addition.txt
2014-01-19 10:15 - 2014-01-19 10:15 - 00031685 _____ C:\Users\Max\Desktop\FRST.txt
2014-01-19 05:49 - 2013-01-13 19:08 - 00000000 ____D C:\Users\Max\AppData\Roaming\Skype
2014-01-16 16:56 - 2009-07-14 06:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-16 15:40 - 2012-05-12 17:03 - 00000000 ____D C:\Users\Max\AppData\Local\cache
2014-01-16 11:58 - 2012-06-11 07:47 - 00001321 _____ C:\Users\Max\Documents\plot.log
2014-01-16 11:50 - 2014-01-16 11:50 - 00076569 _____ C:\Users\Max\Downloads\HWOOD5E1.pat
2014-01-16 11:25 - 2009-07-14 05:45 - 00426592 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 11:07 - 2013-02-14 21:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 11:06 - 2013-09-17 10:38 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 11:05 - 2012-05-12 17:01 - 00000000 ____D C:\ProgramData\FLEXnet
2014-01-16 11:02 - 2011-12-03 23:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 19:15 - 2013-02-06 14:31 - 00036352 ___SH C:\Users\Max\Thumbs.db
2014-01-15 09:14 - 2013-10-23 10:08 - 00000000 ____D C:\Users\Max\Documents\E2
2014-01-14 22:32 - 2012-12-11 17:09 - 125385161 _____ C:\Users\Max\Desktop\RhinoCrashDump.3dm
2014-01-14 22:29 - 2014-01-14 22:29 - 00000000 _____ C:\Users\Max\Desktop\RhinoCrashDump.dmp
2014-01-14 20:32 - 2014-01-14 20:32 - 00000000 _____ C:\Windows\setuperr.log
2014-01-14 20:13 - 2013-08-18 18:19 - 00000000 ____D C:\Users\Max\Desktop\TG
2014-01-14 10:17 - 2011-12-04 01:16 - 00000000 ____D C:\Windows\Panther
2014-01-13 18:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-13 10:31 - 2014-01-13 08:16 - 00000040 ____H C:\Users\Max\Desktop\TG_neu.3dm.rhl
2014-01-07 22:07 - 2012-06-26 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 14:56 - 2013-12-29 21:15 - 02225904 _____ C:\Users\Max\Desktop\E2.pln
2013-12-30 14:49 - 2013-06-24 16:09 - 00000000 ____D C:\Users\Max\Documents\Material
2013-12-30 14:44 - 2011-12-04 13:44 - 00000600 _____ C:\Users\Max\AppData\Roaming\winscp.rnd
2013-12-29 21:15 - 2013-12-29 21:15 - 01972032 _____ C:\Users\Max\Desktop\E2.bpn
2013-12-29 21:15 - 2013-12-29 21:15 - 00000054 _____ C:\Users\Max\Desktop\E2.pln.lck
2013-12-29 19:20 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\Graphisoft
2013-12-29 19:17 - 2013-12-29 19:17 - 00000000 ____D C:\Users\Max\AppData\Local\Apple Computer
2013-12-28 12:11 - 2013-12-28 11:40 - 00000000 ____D C:\Users\Max\Documents\BIMx
2013-12-28 12:08 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Local\Graphisoft
2013-12-28 11:53 - 2013-12-28 11:30 - 00007861 _____ C:\Windows\vpd.properties
2013-12-28 11:51 - 2013-12-28 11:22 - 00000000 ____D C:\Users\Max\AppData\Roaming\Install.GS
2013-12-28 11:49 - 2013-12-28 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 11:49 - 2013-12-28 11:43 - 233384784 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-4005-HOTFIX2-WIN64.exe
2013-12-28 11:39 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Roaming\Graphisoft
2013-12-28 11:39 - 2011-12-03 20:45 - 00000000 ____D C:\Users\Max
2013-12-28 11:37 - 2013-12-28 11:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Apple Computer
2013-12-28 11:33 - 2013-12-28 11:33 - 00001241 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2013-12-28 11:33 - 2013-12-28 11:33 - 00001066 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00001853 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-28 11:27 - 2013-12-28 11:27 - 00000000 ____D C:\Program Files\GRAPHISOFT
2013-12-28 11:21 - 2013-12-28 11:22 - 00866720 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-12-28 11:21 - 2013-12-28 11:22 - 00263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 11:21 - 2013-12-28 11:21 - 00095648 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 11:21 - 2012-01-10 15:15 - 00788896 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-12-28 11:21 - 2012-01-10 15:15 - 00174496 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-28 11:21 - 2012-01-10 15:15 - 00174496 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-28 11:21 - 2012-01-10 15:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-28 11:11 - 2013-12-28 10:50 - 890298112 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-AUT64.exe
2013-12-28 10:45 - 2012-05-16 13:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-28 10:44 - 2012-05-16 13:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-28 10:44 - 2011-12-05 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-28 10:43 - 2013-05-08 06:22 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-28 10:43 - 2013-04-06 11:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-28 10:43 - 2013-04-06 11:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Files to move or delete:
====================
C:\Users\Max\SimCity 4 Extra Cheats Plugin.dll


Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-13 18:21

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Bin ich damit jetzt praktisch wieder viren/trojanerfrei?
LG

schrauber · 21.01.2014, 09:29

fast

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

maxlh · 21.01.2014, 18:01

Das log-file vom eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b172578f3aa0d0458cf4ad6e27c42607
# engine=16727
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-21 04:42:22
# local_time=2014-01-21 05:42:22 (+0100, W. Europe Standard Time)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 27907 141952392 0 0
# scanned=883446
# found=0
# cleaned=0
# scan_time=27599

vom securityscan

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Carambis Registry Cleaner   
 Java(TM) 6 Update 21  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (26.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log``````````````````````

und hier das FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by Max (administrator) on MAX-PC on 21-01-2014 17:58:00
Running from C:\Users\Max\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Max\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Policies\Explorer: [] 
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk
ShortcutTarget: OMSI Addon Manager.lnk -> C:\Program Files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?l=dis&o=15838
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5004357C08B2CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-11-02]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-04]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896056 2013-12-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-28] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192 2013-10-28] (Robert McNeel & Associates)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-11] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [226592 2008-07-11] (SafeNet, Inc)

==================== Drivers (Whitelisted) ====================

R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-03-25] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-03-25] (Apple Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-12] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 17:52 - 2014-01-21 17:51 - 00987425 _____ C:\Users\Max\Desktop\SecurityCheck.exe
2014-01-21 17:51 - 2014-01-21 17:51 - 00987425 _____ C:\Users\Max\Downloads\SecurityCheck.exe
2014-01-21 12:17 - 2014-01-16 16:35 - 00004854 _____ C:\Users\Max\Desktop\13_Bauaufnahmen.ctb
2014-01-21 09:56 - 2014-01-21 09:57 - 02347384 _____ (ESET) C:\Users\Max\Downloads\esetsmartinstaller_enu.exe
2014-01-20 15:28 - 2014-01-20 17:23 - 00000170 _____ C:\Neon_console.log
2014-01-19 14:23 - 2014-01-21 17:57 - 00000000 ____D C:\Users\Max\Downloads\FRST-OlderVersion
2014-01-19 14:20 - 2014-01-19 14:20 - 00001335 _____ C:\Users\Max\Desktop\JRT.txt
2014-01-19 14:12 - 2014-01-19 14:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 14:10 - 2014-01-19 14:11 - 01037068 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe
2014-01-19 13:56 - 2014-01-19 14:00 - 00000000 ____D C:\AdwCleaner
2014-01-19 13:55 - 2014-01-19 13:55 - 01236282 _____ C:\Users\Max\Desktop\adwcleaner.exe
2014-01-19 12:49 - 2014-01-19 12:49 - 00033976 _____ C:\Windows\PFRO.log
2014-01-19 12:37 - 2014-01-19 12:37 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 12:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-19 12:36 - 2014-01-19 12:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Max\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 10:44 - 2014-01-19 10:44 - 00026615 _____ C:\ComboFix.txt
2014-01-19 10:34 - 2014-01-19 10:44 - 00000000 ____D C:\Qoobox
2014-01-19 10:34 - 2014-01-19 10:44 - 00000000 ____D C:\ComboFix
2014-01-19 10:34 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-19 10:34 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-19 10:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-19 10:33 - 2014-01-19 10:43 - 00000000 ____D C:\Windows\erdnt
2014-01-19 10:28 - 2014-01-19 10:29 - 05167985 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe
2014-01-19 10:15 - 2014-01-19 10:15 - 00031685 _____ C:\Users\Max\Desktop\FRST.txt
2014-01-19 09:14 - 2014-01-21 17:58 - 00010767 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-19 09:14 - 2014-01-19 10:20 - 00026412 _____ C:\Users\Max\Downloads\Addition.txt
2014-01-19 09:13 - 2014-01-21 17:57 - 00000000 ____D C:\FRST
2014-01-19 09:09 - 2014-01-21 17:57 - 02077184 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-16 11:50 - 2014-01-16 11:50 - 00076569 _____ C:\Users\Max\Downloads\HWOOD5E1.pat
2014-01-15 09:17 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:17 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 09:17 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 22:29 - 2014-01-14 22:29 - 00000000 _____ C:\Users\Max\Desktop\RhinoCrashDump.dmp
2014-01-14 20:32 - 2014-01-21 08:50 - 00001186 _____ C:\Windows\setupact.log
2014-01-14 20:32 - 2014-01-14 20:32 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 08:16 - 2014-01-13 10:31 - 00000040 ____H C:\Users\Max\Desktop\TG_neu.3dm.rhl
2014-01-07 15:11 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-07 15:11 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-07 15:11 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-07 15:11 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-07 15:09 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-07 15:09 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-07 15:09 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-07 15:09 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-07 15:09 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-07 15:09 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-07 15:09 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-07 15:09 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-07 15:09 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-07 15:09 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-07 15:09 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-07 15:09 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-07 15:09 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-07 15:09 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-07 15:09 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-07 15:09 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-07 15:09 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-07 15:09 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-07 15:09 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-07 15:09 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-07 15:09 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-07 15:09 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-07 15:09 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-07 15:09 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-07 15:09 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-07 15:09 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-07 15:09 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-07 15:09 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-07 15:09 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-07 15:09 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-07 15:09 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-29 21:15 - 2013-12-30 14:56 - 02225904 _____ C:\Users\Max\Desktop\E2.pln
2013-12-29 21:15 - 2013-12-29 21:15 - 01972032 _____ C:\Users\Max\Desktop\E2.bpn
2013-12-29 21:15 - 2013-12-29 21:15 - 00000054 _____ C:\Users\Max\Desktop\E2.pln.lck
2013-12-29 19:17 - 2013-12-29 19:17 - 00000000 ____D C:\Users\Max\AppData\Local\Apple Computer
2013-12-28 12:11 - 2012-02-17 17:05 - 00000000 ____D C:\Users\Max\Desktop\ArchiCAD Grundlagen ITL
2013-12-28 11:47 - 2013-12-28 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 11:43 - 2013-12-28 11:49 - 233384784 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-4005-HOTFIX2-WIN64.exe
2013-12-28 11:40 - 2013-12-28 12:11 - 00000000 ____D C:\Users\Max\Documents\BIMx
2013-12-28 11:39 - 2013-12-29 19:20 - 00000000 ____D C:\Users\Max\Graphisoft
2013-12-28 11:39 - 2013-12-28 12:08 - 00000000 ____D C:\Users\Max\AppData\Local\Graphisoft
2013-12-28 11:39 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Roaming\Graphisoft
2013-12-28 11:37 - 2013-12-28 11:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Apple Computer
2013-12-28 11:33 - 2013-12-28 11:33 - 00001241 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2013-12-28 11:33 - 2013-12-28 11:33 - 00001066 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00001853 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-28 11:30 - 2013-12-28 11:53 - 00007861 _____ C:\Windows\vpd.properties
2013-12-28 11:27 - 2013-12-28 11:27 - 00000000 ____D C:\Program Files\GRAPHISOFT
2013-12-28 11:22 - 2013-12-28 11:51 - 00000000 ____D C:\Users\Max\AppData\Roaming\Install.GS
2013-12-28 11:22 - 2013-12-28 11:21 - 00866720 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-12-28 11:22 - 2013-12-28 11:21 - 00263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 11:21 - 2013-12-28 11:21 - 00095648 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 11:12 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-28 11:12 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-28 11:10 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-28 11:10 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-28 10:58 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-28 10:58 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-28 10:57 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-28 10:57 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-28 10:56 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-28 10:56 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-28 10:50 - 2013-12-28 11:11 - 890298112 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-AUT64.exe
2013-12-28 10:50 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-28 10:50 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-28 10:50 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-28 10:50 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-28 10:50 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-28 10:50 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-28 10:50 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-28 10:50 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

==================== One Month Modified Files and Folders =======

2014-01-21 17:58 - 2014-01-19 09:14 - 00010767 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-21 17:57 - 2014-01-19 14:23 - 00000000 ____D C:\Users\Max\Downloads\FRST-OlderVersion
2014-01-21 17:57 - 2014-01-19 09:13 - 00000000 ____D C:\FRST
2014-01-21 17:57 - 2014-01-19 09:09 - 02077184 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-21 17:51 - 2014-01-21 17:52 - 00987425 _____ C:\Users\Max\Desktop\SecurityCheck.exe
2014-01-21 17:51 - 2014-01-21 17:51 - 00987425 _____ C:\Users\Max\Downloads\SecurityCheck.exe
2014-01-21 17:43 - 2012-05-16 13:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 17:38 - 2011-12-04 01:20 - 01469478 _____ C:\Windows\WindowsUpdate.log
2014-01-21 15:53 - 2013-04-06 16:40 - 00000000 ____D C:\Users\Max\AppData\Local\Akamai
2014-01-21 12:21 - 2013-10-23 10:08 - 00000000 ____D C:\Users\Max\Documents\E2
2014-01-21 12:16 - 2012-05-12 17:03 - 00000000 ____D C:\Users\Max\AppData\Local\cache
2014-01-21 09:59 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 09:59 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 09:57 - 2014-01-21 09:56 - 02347384 _____ (ESET) C:\Users\Max\Downloads\esetsmartinstaller_enu.exe
2014-01-21 08:50 - 2014-01-14 20:32 - 00001186 _____ C:\Windows\setupact.log
2014-01-21 08:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 17:23 - 2014-01-20 15:28 - 00000170 _____ C:\Neon_console.log
2014-01-20 15:51 - 2009-07-14 06:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 14:20 - 2014-01-19 14:20 - 00001335 _____ C:\Users\Max\Desktop\JRT.txt
2014-01-19 14:12 - 2014-01-19 14:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 14:11 - 2014-01-19 14:10 - 01037068 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe
2014-01-19 14:00 - 2014-01-19 13:56 - 00000000 ____D C:\AdwCleaner
2014-01-19 13:55 - 2014-01-19 13:55 - 01236282 _____ C:\Users\Max\Desktop\adwcleaner.exe
2014-01-19 12:49 - 2014-01-19 12:49 - 00033976 _____ C:\Windows\PFRO.log
2014-01-19 12:37 - 2014-01-19 12:37 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 12:36 - 2014-01-19 12:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Max\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 10:44 - 2014-01-19 10:44 - 00026615 _____ C:\ComboFix.txt
2014-01-19 10:44 - 2014-01-19 10:34 - 00000000 ____D C:\Qoobox
2014-01-19 10:44 - 2014-01-19 10:34 - 00000000 ____D C:\ComboFix
2014-01-19 10:44 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-19 10:43 - 2014-01-19 10:33 - 00000000 ____D C:\Windows\erdnt
2014-01-19 10:42 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-19 10:29 - 2014-01-19 10:28 - 05167985 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe
2014-01-19 10:20 - 2014-01-19 09:14 - 00026412 _____ C:\Users\Max\Downloads\Addition.txt
2014-01-19 10:15 - 2014-01-19 10:15 - 00031685 _____ C:\Users\Max\Desktop\FRST.txt
2014-01-19 05:49 - 2013-01-13 19:08 - 00000000 ____D C:\Users\Max\AppData\Roaming\Skype
2014-01-16 16:35 - 2014-01-21 12:17 - 00004854 _____ C:\Users\Max\Desktop\13_Bauaufnahmen.ctb
2014-01-16 11:58 - 2012-06-11 07:47 - 00001321 _____ C:\Users\Max\Documents\plot.log
2014-01-16 11:50 - 2014-01-16 11:50 - 00076569 _____ C:\Users\Max\Downloads\HWOOD5E1.pat
2014-01-16 11:25 - 2009-07-14 05:45 - 00426592 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 11:07 - 2013-02-14 21:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 11:06 - 2013-09-17 10:38 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 11:05 - 2012-05-12 17:01 - 00000000 ____D C:\ProgramData\FLEXnet
2014-01-16 11:02 - 2011-12-03 23:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 19:15 - 2013-02-06 14:31 - 00036352 ___SH C:\Users\Max\Thumbs.db
2014-01-14 22:32 - 2012-12-11 17:09 - 125385161 _____ C:\Users\Max\Desktop\RhinoCrashDump.3dm
2014-01-14 22:29 - 2014-01-14 22:29 - 00000000 _____ C:\Users\Max\Desktop\RhinoCrashDump.dmp
2014-01-14 20:32 - 2014-01-14 20:32 - 00000000 _____ C:\Windows\setuperr.log
2014-01-14 20:13 - 2013-08-18 18:19 - 00000000 ____D C:\Users\Max\Desktop\TG
2014-01-14 10:17 - 2011-12-04 01:16 - 00000000 ____D C:\Windows\Panther
2014-01-13 18:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-13 10:31 - 2014-01-13 08:16 - 00000040 ____H C:\Users\Max\Desktop\TG_neu.3dm.rhl
2014-01-07 22:07 - 2012-06-26 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 14:56 - 2013-12-29 21:15 - 02225904 _____ C:\Users\Max\Desktop\E2.pln
2013-12-30 14:49 - 2013-06-24 16:09 - 00000000 ____D C:\Users\Max\Documents\Material
2013-12-30 14:44 - 2011-12-04 13:44 - 00000600 _____ C:\Users\Max\AppData\Roaming\winscp.rnd
2013-12-29 21:15 - 2013-12-29 21:15 - 01972032 _____ C:\Users\Max\Desktop\E2.bpn
2013-12-29 21:15 - 2013-12-29 21:15 - 00000054 _____ C:\Users\Max\Desktop\E2.pln.lck
2013-12-29 19:20 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\Graphisoft
2013-12-29 19:17 - 2013-12-29 19:17 - 00000000 ____D C:\Users\Max\AppData\Local\Apple Computer
2013-12-28 12:11 - 2013-12-28 11:40 - 00000000 ____D C:\Users\Max\Documents\BIMx
2013-12-28 12:08 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Local\Graphisoft
2013-12-28 11:53 - 2013-12-28 11:30 - 00007861 _____ C:\Windows\vpd.properties
2013-12-28 11:51 - 2013-12-28 11:22 - 00000000 ____D C:\Users\Max\AppData\Roaming\Install.GS
2013-12-28 11:49 - 2013-12-28 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 11:49 - 2013-12-28 11:43 - 233384784 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-4005-HOTFIX2-WIN64.exe
2013-12-28 11:39 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Roaming\Graphisoft
2013-12-28 11:39 - 2011-12-03 20:45 - 00000000 ____D C:\Users\Max
2013-12-28 11:37 - 2013-12-28 11:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Apple Computer
2013-12-28 11:33 - 2013-12-28 11:33 - 00001241 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2013-12-28 11:33 - 2013-12-28 11:33 - 00001066 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00001853 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-28 11:27 - 2013-12-28 11:27 - 00000000 ____D C:\Program Files\GRAPHISOFT
2013-12-28 11:21 - 2013-12-28 11:22 - 00866720 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-12-28 11:21 - 2013-12-28 11:22 - 00263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 11:21 - 2013-12-28 11:21 - 00095648 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 11:21 - 2012-01-10 15:15 - 00788896 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-12-28 11:21 - 2012-01-10 15:15 - 00174496 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-28 11:21 - 2012-01-10 15:15 - 00174496 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-28 11:21 - 2012-01-10 15:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-28 11:11 - 2013-12-28 10:50 - 890298112 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-AUT64.exe
2013-12-28 10:45 - 2012-05-16 13:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-28 10:44 - 2012-05-16 13:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-28 10:44 - 2011-12-05 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-28 10:43 - 2013-05-08 06:22 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-28 10:43 - 2013-04-06 11:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-28 10:43 - 2013-04-06 11:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Files to move or delete:
====================
C:\Users\Max\SimCity 4 Extra Cheats Plugin.dll


Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-13 18:21

==================== End Of Log ============================

--- --- ---

--- --- ---

Nein Probleme mit dem PC hab ich schon nicht mehr, aber das schon seitdem der Malwarebyte scanner gelaufen ist.

schrauber · 22.01.2014, 12:03

Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKCU\...\Policies\Explorer: []

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

maxlh · 23.01.2014, 08:33

Hier das FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014
Ran by Max (administrator) on MAX-PC on 23-01-2014 07:26:08
Running from C:\Users\Max\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Robert McNeel & Associates) C:\Program Files (x86)\Rhinoceros 5.0\System\Rhino4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Max\AppData\Local\Akamai\netsession_win.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Max\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-28] (Adobe Systems Incorporated)
HKCU\...\Policies\Explorer: [] 
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk
ShortcutTarget: OMSI Addon Manager.lnk -> C:\Program Files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?l=dis&o=15838
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5004357C08B2CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oikfjd5j.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-11-02]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-04]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896056 2013-12-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-28] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192 2013-10-28] (Robert McNeel & Associates)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-11] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [226592 2008-07-11] (SafeNet, Inc)

==================== Drivers (Whitelisted) ====================

R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-03-25] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-03-25] (Apple Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-12] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-23 07:25 - 2014-01-23 07:25 - 00000000 ____D C:\Users\Max\Desktop\FRST-OlderVersion
2014-01-23 07:24 - 2014-01-23 07:24 - 00000030 _____ C:\Users\Max\Desktop\fixlist.txt
2014-01-21 17:52 - 2014-01-21 17:51 - 00987425 _____ C:\Users\Max\Desktop\SecurityCheck.exe
2014-01-21 17:51 - 2014-01-21 17:51 - 00987425 _____ C:\Users\Max\Downloads\SecurityCheck.exe
2014-01-21 12:17 - 2014-01-16 16:35 - 00004854 _____ C:\Users\Max\Desktop\13_Bauaufnahmen.ctb
2014-01-21 09:56 - 2014-01-21 09:57 - 02347384 _____ (ESET) C:\Users\Max\Downloads\esetsmartinstaller_enu.exe
2014-01-20 15:28 - 2014-01-20 17:23 - 00000170 _____ C:\Neon_console.log
2014-01-19 14:23 - 2014-01-23 07:25 - 00000000 ____D C:\Users\Max\Downloads\FRST-OlderVersion
2014-01-19 14:12 - 2014-01-19 14:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 14:10 - 2014-01-19 14:11 - 01037068 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe
2014-01-19 13:56 - 2014-01-19 14:00 - 00000000 ____D C:\AdwCleaner
2014-01-19 13:55 - 2014-01-19 13:55 - 01236282 _____ C:\Users\Max\Desktop\adwcleaner.exe
2014-01-19 12:49 - 2014-01-22 14:14 - 00034810 _____ C:\Windows\PFRO.log
2014-01-19 12:37 - 2014-01-19 12:37 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 12:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-19 12:36 - 2014-01-19 12:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Max\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 10:44 - 2014-01-19 10:44 - 00026615 _____ C:\ComboFix.txt
2014-01-19 10:34 - 2014-01-19 10:44 - 00000000 ____D C:\Qoobox
2014-01-19 10:34 - 2014-01-19 10:44 - 00000000 ____D C:\ComboFix
2014-01-19 10:34 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-19 10:34 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-19 10:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-19 10:34 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-19 10:33 - 2014-01-19 10:43 - 00000000 ____D C:\Windows\erdnt
2014-01-19 10:28 - 2014-01-19 10:29 - 05167985 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe
2014-01-19 10:15 - 2014-01-23 07:26 - 00011270 _____ C:\Users\Max\Desktop\FRST.txt
2014-01-19 09:14 - 2014-01-21 17:59 - 00033301 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-19 09:14 - 2014-01-19 10:20 - 00026412 _____ C:\Users\Max\Downloads\Addition.txt
2014-01-19 09:13 - 2014-01-23 07:25 - 00000000 ____D C:\FRST
2014-01-19 09:09 - 2014-01-23 07:25 - 02077184 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe
2014-01-19 09:09 - 2014-01-21 17:57 - 02077184 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-16 11:50 - 2014-01-16 11:50 - 00076569 _____ C:\Users\Max\Downloads\HWOOD5E1.pat
2014-01-15 09:17 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 09:17 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 09:17 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 09:17 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 22:29 - 2014-01-14 22:29 - 00000000 _____ C:\Users\Max\Desktop\RhinoCrashDump.dmp
2014-01-14 20:32 - 2014-01-22 22:01 - 00001634 _____ C:\Windows\setupact.log
2014-01-14 20:32 - 2014-01-14 20:32 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 08:16 - 2014-01-13 10:31 - 00000040 ____H C:\Users\Max\Desktop\TG_neu.3dm.rhl
2014-01-07 15:11 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-07 15:11 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-07 15:11 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-07 15:11 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-07 15:09 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-07 15:09 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-07 15:09 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-07 15:09 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-07 15:09 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-07 15:09 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-07 15:09 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-07 15:09 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-07 15:09 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-07 15:09 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-07 15:09 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-07 15:09 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-07 15:09 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-07 15:09 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-07 15:09 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-07 15:09 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-07 15:09 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-07 15:09 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-07 15:09 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-07 15:09 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-07 15:09 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-07 15:09 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-07 15:09 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-07 15:09 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-07 15:09 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-07 15:09 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-07 15:09 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-07 15:09 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-07 15:09 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-07 15:09 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-07 15:09 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-29 21:15 - 2013-12-30 14:56 - 02225904 _____ C:\Users\Max\Desktop\E2.pln
2013-12-29 21:15 - 2013-12-29 21:15 - 01972032 _____ C:\Users\Max\Desktop\E2.bpn
2013-12-29 21:15 - 2013-12-29 21:15 - 00000054 _____ C:\Users\Max\Desktop\E2.pln.lck
2013-12-29 19:17 - 2013-12-29 19:17 - 00000000 ____D C:\Users\Max\AppData\Local\Apple Computer
2013-12-28 12:11 - 2012-02-17 17:05 - 00000000 ____D C:\Users\Max\Desktop\ArchiCAD Grundlagen ITL
2013-12-28 11:47 - 2013-12-28 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 11:43 - 2013-12-28 11:49 - 233384784 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-4005-HOTFIX2-WIN64.exe
2013-12-28 11:40 - 2013-12-28 12:11 - 00000000 ____D C:\Users\Max\Documents\BIMx
2013-12-28 11:39 - 2013-12-29 19:20 - 00000000 ____D C:\Users\Max\Graphisoft
2013-12-28 11:39 - 2013-12-28 12:08 - 00000000 ____D C:\Users\Max\AppData\Local\Graphisoft
2013-12-28 11:39 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Roaming\Graphisoft
2013-12-28 11:37 - 2013-12-28 11:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Apple Computer
2013-12-28 11:33 - 2013-12-28 11:33 - 00001241 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2013-12-28 11:33 - 2013-12-28 11:33 - 00001066 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00001853 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-28 11:30 - 2013-12-28 11:53 - 00007861 _____ C:\Windows\vpd.properties
2013-12-28 11:27 - 2013-12-28 11:27 - 00000000 ____D C:\Program Files\GRAPHISOFT
2013-12-28 11:22 - 2013-12-28 11:51 - 00000000 ____D C:\Users\Max\AppData\Roaming\Install.GS
2013-12-28 11:22 - 2013-12-28 11:21 - 00866720 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-12-28 11:22 - 2013-12-28 11:21 - 00263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 11:21 - 2013-12-28 11:21 - 00095648 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 11:12 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-28 11:12 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-28 11:10 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-28 11:10 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-28 10:58 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-28 10:58 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-28 10:57 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-28 10:57 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-28 10:56 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-28 10:56 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-28 10:50 - 2013-12-28 11:11 - 890298112 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-AUT64.exe
2013-12-28 10:50 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-28 10:50 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-28 10:50 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-28 10:50 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-28 10:50 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-28 10:50 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-28 10:50 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-28 10:50 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

==================== One Month Modified Files and Folders =======

2014-01-23 07:27 - 2014-01-19 10:15 - 00011270 _____ C:\Users\Max\Desktop\FRST.txt
2014-01-23 07:25 - 2014-01-23 07:25 - 00000000 ____D C:\Users\Max\Desktop\FRST-OlderVersion
2014-01-23 07:25 - 2014-01-19 14:23 - 00000000 ____D C:\Users\Max\Downloads\FRST-OlderVersion
2014-01-23 07:25 - 2014-01-19 09:13 - 00000000 ____D C:\FRST
2014-01-23 07:25 - 2014-01-19 09:09 - 02077184 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe
2014-01-23 07:24 - 2014-01-23 07:24 - 00000030 _____ C:\Users\Max\Desktop\fixlist.txt
2014-01-23 07:10 - 2013-04-06 16:40 - 00000000 ____D C:\Users\Max\AppData\Local\Akamai
2014-01-23 07:09 - 2012-05-16 13:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-22 22:07 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 22:07 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 22:04 - 2009-07-14 06:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-22 22:03 - 2011-12-04 01:20 - 01537012 _____ C:\Windows\WindowsUpdate.log
2014-01-22 22:01 - 2014-01-14 20:32 - 00001634 _____ C:\Windows\setupact.log
2014-01-22 21:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-22 16:30 - 2012-06-11 07:47 - 00001498 _____ C:\Users\Max\Documents\plot.log
2014-01-22 15:51 - 2012-05-12 17:03 - 00000000 ____D C:\Users\Max\AppData\Local\cache
2014-01-22 14:14 - 2014-01-19 12:49 - 00034810 _____ C:\Windows\PFRO.log
2014-01-21 17:59 - 2014-01-19 09:14 - 00033301 _____ C:\Users\Max\Downloads\FRST.txt
2014-01-21 17:57 - 2014-01-19 09:09 - 02077184 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2014-01-21 17:51 - 2014-01-21 17:52 - 00987425 _____ C:\Users\Max\Desktop\SecurityCheck.exe
2014-01-21 17:51 - 2014-01-21 17:51 - 00987425 _____ C:\Users\Max\Downloads\SecurityCheck.exe
2014-01-21 12:21 - 2013-10-23 10:08 - 00000000 ____D C:\Users\Max\Documents\E2
2014-01-21 09:57 - 2014-01-21 09:56 - 02347384 _____ (ESET) C:\Users\Max\Downloads\esetsmartinstaller_enu.exe
2014-01-20 17:23 - 2014-01-20 15:28 - 00000170 _____ C:\Neon_console.log
2014-01-19 14:12 - 2014-01-19 14:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 14:11 - 2014-01-19 14:10 - 01037068 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe
2014-01-19 14:00 - 2014-01-19 13:56 - 00000000 ____D C:\AdwCleaner
2014-01-19 13:55 - 2014-01-19 13:55 - 01236282 _____ C:\Users\Max\Desktop\adwcleaner.exe
2014-01-19 12:37 - 2014-01-19 12:37 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 12:37 - 2014-01-19 12:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 12:36 - 2014-01-19 12:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Max\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 10:44 - 2014-01-19 10:44 - 00026615 _____ C:\ComboFix.txt
2014-01-19 10:44 - 2014-01-19 10:34 - 00000000 ____D C:\Qoobox
2014-01-19 10:44 - 2014-01-19 10:34 - 00000000 ____D C:\ComboFix
2014-01-19 10:44 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-19 10:43 - 2014-01-19 10:33 - 00000000 ____D C:\Windows\erdnt
2014-01-19 10:42 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-19 10:29 - 2014-01-19 10:28 - 05167985 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe
2014-01-19 10:20 - 2014-01-19 09:14 - 00026412 _____ C:\Users\Max\Downloads\Addition.txt
2014-01-19 05:49 - 2013-01-13 19:08 - 00000000 ____D C:\Users\Max\AppData\Roaming\Skype
2014-01-16 16:35 - 2014-01-21 12:17 - 00004854 _____ C:\Users\Max\Desktop\13_Bauaufnahmen.ctb
2014-01-16 11:50 - 2014-01-16 11:50 - 00076569 _____ C:\Users\Max\Downloads\HWOOD5E1.pat
2014-01-16 11:25 - 2009-07-14 05:45 - 00426592 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 11:07 - 2013-02-14 21:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 11:06 - 2013-09-17 10:38 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 11:05 - 2012-05-12 17:01 - 00000000 ____D C:\ProgramData\FLEXnet
2014-01-16 11:02 - 2011-12-03 23:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 19:15 - 2013-02-06 14:31 - 00036352 ___SH C:\Users\Max\Thumbs.db
2014-01-14 22:32 - 2012-12-11 17:09 - 125385161 _____ C:\Users\Max\Desktop\RhinoCrashDump.3dm
2014-01-14 22:29 - 2014-01-14 22:29 - 00000000 _____ C:\Users\Max\Desktop\RhinoCrashDump.dmp
2014-01-14 20:32 - 2014-01-14 20:32 - 00000000 _____ C:\Windows\setuperr.log
2014-01-14 20:13 - 2013-08-18 18:19 - 00000000 ____D C:\Users\Max\Desktop\TG
2014-01-14 10:17 - 2011-12-04 01:16 - 00000000 ____D C:\Windows\Panther
2014-01-13 18:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-13 10:31 - 2014-01-13 08:16 - 00000040 ____H C:\Users\Max\Desktop\TG_neu.3dm.rhl
2014-01-07 22:07 - 2012-06-26 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 14:56 - 2013-12-29 21:15 - 02225904 _____ C:\Users\Max\Desktop\E2.pln
2013-12-30 14:49 - 2013-06-24 16:09 - 00000000 ____D C:\Users\Max\Documents\Material
2013-12-30 14:44 - 2011-12-04 13:44 - 00000600 _____ C:\Users\Max\AppData\Roaming\winscp.rnd
2013-12-29 21:15 - 2013-12-29 21:15 - 01972032 _____ C:\Users\Max\Desktop\E2.bpn
2013-12-29 21:15 - 2013-12-29 21:15 - 00000054 _____ C:\Users\Max\Desktop\E2.pln.lck
2013-12-29 19:20 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\Graphisoft
2013-12-29 19:17 - 2013-12-29 19:17 - 00000000 ____D C:\Users\Max\AppData\Local\Apple Computer
2013-12-28 12:11 - 2013-12-28 11:40 - 00000000 ____D C:\Users\Max\Documents\BIMx
2013-12-28 12:08 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Local\Graphisoft
2013-12-28 11:53 - 2013-12-28 11:30 - 00007861 _____ C:\Windows\vpd.properties
2013-12-28 11:51 - 2013-12-28 11:22 - 00000000 ____D C:\Users\Max\AppData\Roaming\Install.GS
2013-12-28 11:49 - 2013-12-28 11:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 11:49 - 2013-12-28 11:43 - 233384784 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-4005-HOTFIX2-WIN64.exe
2013-12-28 11:39 - 2013-12-28 11:39 - 00000000 ____D C:\Users\Max\AppData\Roaming\Graphisoft
2013-12-28 11:39 - 2011-12-03 20:45 - 00000000 ____D C:\Users\Max
2013-12-28 11:37 - 2013-12-28 11:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\Apple Computer
2013-12-28 11:33 - 2013-12-28 11:33 - 00001241 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2013-12-28 11:33 - 2013-12-28 11:33 - 00001066 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00001853 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 11:32 - 2013-12-28 11:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-12-28 11:27 - 2013-12-28 11:27 - 00000000 ____D C:\Program Files\GRAPHISOFT
2013-12-28 11:21 - 2013-12-28 11:22 - 00866720 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-12-28 11:21 - 2013-12-28 11:22 - 00263584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-28 11:21 - 2013-12-28 11:21 - 00095648 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-28 11:21 - 2012-01-10 15:15 - 00788896 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-12-28 11:21 - 2012-01-10 15:15 - 00174496 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-28 11:21 - 2012-01-10 15:15 - 00174496 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-28 11:21 - 2012-01-10 15:15 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-28 11:11 - 2013-12-28 10:50 - 890298112 _____ (Graphisoft SE) C:\Users\Max\Downloads\AC17-AUT64.exe
2013-12-28 10:45 - 2012-05-16 13:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-28 10:44 - 2012-05-16 13:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-28 10:44 - 2011-12-05 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-28 10:43 - 2013-05-08 06:22 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-28 10:43 - 2013-04-06 11:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-28 10:43 - 2013-04-06 11:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Files to move or delete:
====================
C:\Users\Max\SimCity 4 Extra Cheats Plugin.dll


Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\avgnt.exe
C:\Users\Max\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-22 08:49

==================== End Of Log ============================

--- --- ---

--- --- ---

Wenn du das FRST durchgesehen hast und dort nichts mehr auffälliges ist, dann ist das eigentlich fertig, nehme ich an.

Dir nochmals ganz ganz herzlichen Dank für deine Hilfe, das ist glaub ich nicht selbstverständlich, dass man bei einem Problem so gut unterstützt wird.

schrauber · 23.01.2014, 19:41

fertig

23.01.2014, 19:41	#12
schrauber /// the machine /// TB-Ausbilder	BKA-Trojaner? fertig __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

BKA-Trojaner?

Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner?

BKA-Trojaner?

BKA-Trojaner?

BKA-Trojaner?

BKA-Trojaner?

BKA-Trojaner?

BKA-Trojaner?

BKA-Trojaner?

BKA-Trojaner?

BKA-Trojaner?

BKA-Trojaner?

BKA-Trojaner?

BKA-Trojaner?