GVU Trojaner Windows7

booga · 08.02.2014, 12:05

Hallo,

ich habe mir einen GVU Trojaner eingefangen (windos 7, 64bit), mit den selben Symptomen wie der Leidensgenosse in folgendem Link:

http://www.trojaner-board.de/137374-...kt-runter.html

Ich habe die dort angebotene Hilfestellung bis zum Logfile (mit FRST.exe) befolgt.
Die Editor-Datei liegt im Anhang.
Wie gehe ich nun weiter vor?
Ich möchte möglichst keine Daten verlieren da dies, viele Stunden Neuarbeit bedeuten würde.

Wäre über schnelle Hilfe sehr dankbar!

Liebe Grüße, Martin.

cosinus · 08.02.2014, 12:16

Hi,

Logs bitte nicht in den Anhang stecken

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

booga · 08.02.2014, 12:19

Hi! Enschuldigung. Anbei das Log.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by SYSTEM on MININT-JJ77AVC on 08-02-2014 11:42:12
Running from K:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-17] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-03] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-10-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
HKU\M.Schleusing\...\Run: [Google Update] - C:\Users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-09] (Google Inc.)
HKU\M.Schleusing\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\M.Schleusing\...\Run: [AdobeBridge] - [X]
Startup: C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\17i3hx.lnk
ShortcutTarget: 17i3hx.lnk -> C:\ProgramData\xh3i71.cpp (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} -  No File

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2013-12-19] (Perfect World Entertainment Inc)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192 2013-12-13] (Robert McNeel & Associates)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
S2 Winmgmt; C:\ProgramData\17i3hx.zvv [334076 2014-02-07] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-17] (Google Inc)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-08-14] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-08-14] (DT Soft Ltd)
S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [112896 2011-05-17] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-08-14] ()
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-12] (ZTE Incorporated)
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-08 11:42 - 2014-02-08 11:42 - 00000000 ____D () C:\FRST
2014-02-07 06:50 - 2014-02-07 08:07 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\Mappe
2014-02-07 04:30 - 2014-02-08 02:08 - 95027928 ____T () C:\ProgramData\17i3hx.fee
2014-02-07 04:30 - 2014-02-07 04:30 - 00334076 ____T (Microsoft Corporation) C:\ProgramData\17i3hx.zvv
2014-02-07 04:30 - 2014-02-07 04:30 - 00224145 _____ (Microsoft Corporation) C:\ProgramData\xh3i71.cpp
2014-02-04 11:16 - 2014-02-05 10:46 - 00019237 _____ () C:\Users\M.Schleusing\Desktop\spicker.odt
2014-02-01 04:48 - 2014-02-01 04:49 - 00000000 ____D () C:\Program Files (x86)\Cultures
2014-02-01 04:40 - 2014-02-01 04:40 - 00002920 _____ () C:\Windows\System32\Tasks\{FBBABE86-5183-484A-BDC3-FCDD519E2F66}
2014-02-01 04:40 - 2014-02-01 04:40 - 00002920 _____ () C:\Windows\System32\Tasks\{B5BB1036-B2A5-4C62-8989-2251A48B0FDC}
2014-02-01 04:34 - 2014-02-01 04:34 - 00002940 _____ () C:\Windows\System32\Tasks\{EECF1880-041C-4EF3-8274-BE09C7BC01D9}
2014-02-01 04:33 - 2014-02-01 04:33 - 00002940 _____ () C:\Windows\System32\Tasks\{9C76DAFE-2BF5-4AE5-9945-DE2E0B189A59}
2014-02-01 04:30 - 2014-02-01 04:30 - 00002940 _____ () C:\Windows\System32\Tasks\{D5573631-6F91-4B09-B594-F943C827214E}
2014-02-01 04:30 - 2014-02-01 04:30 - 00002940 _____ () C:\Windows\System32\Tasks\{436F74D0-51EC-4B98-9364-FD71D6EEDFA4}
2014-01-29 12:21 - 2014-01-29 12:34 - 00000132 _____ () C:\Users\M.Schleusing\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-01-25 04:20 - 2014-01-25 04:20 - 00275232 _____ () C:\Windows\Minidump\012514-20732-01.dmp
2014-01-23 09:01 - 2014-01-29 08:56 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\für gang
2014-01-23 06:28 - 2014-01-23 06:28 - 00275232 _____ () C:\Windows\Minidump\012314-20779-01.dmp
2014-01-21 12:47 - 2014-01-25 04:20 - 626339174 _____ () C:\Windows\MEMORY.DMP
2014-01-21 12:47 - 2014-01-21 12:47 - 00275232 _____ () C:\Windows\Minidump\012114-20623-01.dmp
2014-01-14 11:04 - 2014-02-07 12:04 - 00000314 _____ () C:\Windows\Tasks\FoxTab.job
2014-01-14 11:04 - 2014-01-14 11:04 - 00003280 _____ () C:\Windows\System32\Tasks\FoxTab
2014-01-14 11:04 - 2014-01-14 11:04 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\FoxTab
2014-01-11 10:23 - 2014-01-11 10:23 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_androidusb_01005.Wdf

==================== One Month Modified Files and Folders =======

2014-02-08 11:42 - 2014-02-08 11:42 - 00000000 ____D () C:\FRST
2014-02-08 02:08 - 2014-02-07 04:30 - 95027928 ____T () C:\ProgramData\17i3hx.fee
2014-02-08 02:08 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-08 02:08 - 2009-07-13 20:51 - 00205740 _____ () C:\Windows\setupact.log
2014-02-08 00:52 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 00:52 - 2009-07-13 20:45 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 00:52 - 2006-10-10 03:13 - 01235934 _____ () C:\Windows\WindowsUpdate.log
2014-02-08 00:41 - 2013-03-01 05:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 12:08 - 2011-09-18 10:07 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000UA.job
2014-02-07 12:04 - 2014-01-14 11:04 - 00000314 _____ () C:\Windows\Tasks\FoxTab.job
2014-02-07 08:49 - 2013-09-22 07:48 - 00000084 _____ () C:\Users\M.Schleusing\AppData\Roaming\WB.CFG
2014-02-07 08:10 - 2012-03-20 12:13 - 00000000 ____D () C:\Users\M.Schleusing\Graphisoft
2014-02-07 08:09 - 2013-02-18 10:10 - 00000000 ____D () C:\Users\M.Schleusing\Documents\BIMx
2014-02-07 08:07 - 2014-02-07 06:50 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\Mappe
2014-02-07 07:15 - 2011-08-22 00:46 - 00000000 ____D () C:\Users\M.Schleusing\Documents\für Studium
2014-02-07 07:08 - 2011-09-18 10:07 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000Core.job
2014-02-07 04:30 - 2014-02-07 04:30 - 00334076 ____T (Microsoft Corporation) C:\ProgramData\17i3hx.zvv
2014-02-07 04:30 - 2014-02-07 04:30 - 00224145 _____ (Microsoft Corporation) C:\ProgramData\xh3i71.cpp
2014-02-07 00:37 - 2009-07-13 21:13 - 01613412 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-07 00:37 - 2006-10-10 13:05 - 00696848 _____ () C:\Windows\System32\perfh007.dat
2014-02-07 00:37 - 2006-10-10 13:05 - 00148144 _____ () C:\Windows\System32\perfc007.dat
2014-02-05 12:11 - 2013-03-05 02:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-05 10:46 - 2014-02-04 11:16 - 00019237 _____ () C:\Users\M.Schleusing\Desktop\spicker.odt
2014-02-05 09:41 - 2013-03-01 05:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 09:41 - 2013-03-01 05:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 09:41 - 2011-05-17 05:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 13:48 - 2013-09-26 03:22 - 00000220 _____ () C:\Users\M.Schleusing\Desktop\diablo fehler.txt
2014-02-02 11:21 - 2011-05-31 09:17 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Local\CrashDumps
2014-02-01 04:49 - 2014-02-01 04:48 - 00000000 ____D () C:\Program Files (x86)\Cultures
2014-02-01 04:48 - 2006-10-10 03:32 - 00633932 _____ () C:\Windows\DirectX.log
2014-02-01 04:40 - 2014-02-01 04:40 - 00002920 _____ () C:\Windows\System32\Tasks\{FBBABE86-5183-484A-BDC3-FCDD519E2F66}
2014-02-01 04:40 - 2014-02-01 04:40 - 00002920 _____ () C:\Windows\System32\Tasks\{B5BB1036-B2A5-4C62-8989-2251A48B0FDC}
2014-02-01 04:34 - 2014-02-01 04:34 - 00002940 _____ () C:\Windows\System32\Tasks\{EECF1880-041C-4EF3-8274-BE09C7BC01D9}
2014-02-01 04:33 - 2014-02-01 04:33 - 00002940 _____ () C:\Windows\System32\Tasks\{9C76DAFE-2BF5-4AE5-9945-DE2E0B189A59}
2014-02-01 04:30 - 2014-02-01 04:30 - 00002940 _____ () C:\Windows\System32\Tasks\{D5573631-6F91-4B09-B594-F943C827214E}
2014-02-01 04:30 - 2014-02-01 04:30 - 00002940 _____ () C:\Windows\System32\Tasks\{436F74D0-51EC-4B98-9364-FD71D6EEDFA4}
2014-02-01 02:46 - 2013-03-22 10:17 - 00418646 _____ () C:\Windows\DPINST.LOG
2014-01-31 00:47 - 2009-10-16 17:50 - 01552806 _____ () C:\Windows\PFRO.log
2014-01-29 12:34 - 2014-01-29 12:21 - 00000132 _____ () C:\Users\M.Schleusing\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-01-29 08:56 - 2014-01-23 09:01 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\für gang
2014-01-29 02:18 - 2009-07-13 21:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-25 04:20 - 2014-01-25 04:20 - 00275232 _____ () C:\Windows\Minidump\012514-20732-01.dmp
2014-01-25 04:20 - 2014-01-21 12:47 - 626339174 _____ () C:\Windows\MEMORY.DMP
2014-01-25 04:20 - 2010-10-21 03:07 - 00000000 ____D () C:\Windows\Minidump
2014-01-23 10:04 - 2011-08-19 07:01 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Local\Paint.NET
2014-01-23 06:28 - 2014-01-23 06:28 - 00275232 _____ () C:\Windows\Minidump\012314-20779-01.dmp
2014-01-21 12:47 - 2014-01-21 12:47 - 00275232 _____ () C:\Windows\Minidump\012114-20623-01.dmp
2014-01-19 11:28 - 2013-01-01 13:25 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\vlc
2014-01-15 12:54 - 2013-07-21 12:02 - 00000000 ____D () C:\Windows\System32\MRT
2014-01-15 12:54 - 2009-10-16 18:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 12:50 - 2012-08-13 04:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-01-15 02:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-01-15 02:35 - 2011-11-02 08:48 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\ABI
2014-01-15 01:22 - 2013-11-05 04:03 - 00001990 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-01-15 01:22 - 2009-10-16 17:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-14 11:04 - 2014-01-14 11:04 - 00003280 _____ () C:\Windows\System32\Tasks\FoxTab
2014-01-14 11:04 - 2014-01-14 11:04 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\FoxTab
2014-01-11 10:23 - 2014-01-11 10:23 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_androidusb_01005.Wdf
2014-01-09 07:59 - 2010-09-11 02:22 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\Adobe

Files to move or delete:
====================
C:\ProgramData\17i3hx.fee
C:\ProgramData\17i3hx.zvv


Some content of TEMP:
====================
C:\Users\M.Schleusing\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\M.Schleusing\AppData\Local\Temp\AskSLib.dll
C:\Users\M.Schleusing\AppData\Local\Temp\avgnt.exe
C:\Users\M.Schleusing\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\M.Schleusing\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\M.Schleusing\AppData\Local\Temp\DSSW2702.exe
C:\Users\M.Schleusing\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\M.Schleusing\AppData\Local\Temp\hna_demo_setup.exe
C:\Users\M.Schleusing\AppData\Local\Temp\ICReinstall_ffactory3_install.exe
C:\Users\M.Schleusing\AppData\Local\Temp\installerdll14252844.dll
C:\Users\M.Schleusing\AppData\Local\Temp\installerdll14269005.dll
C:\Users\M.Schleusing\AppData\Local\Temp\installerdll15318284.dll
C:\Users\M.Schleusing\AppData\Local\Temp\installerdll15319516.dll
C:\Users\M.Schleusing\AppData\Local\Temp\installerdll15327332.dll
C:\Users\M.Schleusing\AppData\Local\Temp\installerdll4001753.dll
C:\Users\M.Schleusing\AppData\Local\Temp\installerdll4003516.dll
C:\Users\M.Schleusing\AppData\Local\Temp\installerdll4013624.dll
C:\Users\M.Schleusing\AppData\Local\Temp\MassEffect2-1.02.exe
C:\Users\M.Schleusing\AppData\Local\Temp\mfc80.dll
C:\Users\M.Schleusing\AppData\Local\Temp\mfc80u.dll
C:\Users\M.Schleusing\AppData\Local\Temp\mfcm80.dll
C:\Users\M.Schleusing\AppData\Local\Temp\mfcm80u.dll
C:\Users\M.Schleusing\AppData\Local\Temp\msvcm80.dll
C:\Users\M.Schleusing\AppData\Local\Temp\msvcp80.dll
C:\Users\M.Schleusing\AppData\Local\Temp\msvcr80.dll
C:\Users\M.Schleusing\AppData\Local\Temp\OriginLauncher15318284.exe
C:\Users\M.Schleusing\AppData\Local\Temp\OriginLauncher4001753.exe
C:\Users\M.Schleusing\AppData\Local\Temp\OSU.exe
C:\Users\M.Schleusing\AppData\Local\Temp\Paint.NET.3.5.10.Install.exe
C:\Users\M.Schleusing\AppData\Local\Temp\ResetDevice.exe
C:\Users\M.Schleusing\AppData\Local\Temp\rootsupd.exe
C:\Users\M.Schleusing\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\M.Schleusing\AppData\Local\Temp\Setup.exe
C:\Users\M.Schleusing\AppData\Local\Temp\SGS695F.EXE
C:\Users\M.Schleusing\AppData\Local\Temp\tbDVDV.dll
C:\Users\M.Schleusing\AppData\Local\Temp\tbWinl.dll
C:\Users\M.Schleusing\AppData\Local\Temp\UninstallEADM.dll
C:\Users\M.Schleusing\AppData\Local\Temp\Uninstaller.exe
C:\Users\M.Schleusing\AppData\Local\Temp\UninstallerGer.dll
C:\Users\M.Schleusing\AppData\Local\Temp\vcredist_x64.exe
C:\Users\M.Schleusing\AppData\Local\Temp\vcredist_x86.exe
C:\Users\M.Schleusing\AppData\Local\Temp\Verbindungsassistent.exe
C:\Users\M.Schleusing\AppData\Local\Temp\VersionUpdater.exe
C:\Users\M.Schleusing\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\M.Schleusing\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\M.Schleusing\AppData\Local\Temp\WTGXMLUtil.dll
C:\Users\M.Schleusing\AppData\Local\Temp\WtgZip.dll
C:\Users\M.Schleusing\AppData\Local\Temp\xjc.dll
C:\Users\M.Schleusing\AppData\Local\Temp\_isBE73.exe
C:\Users\M.Schleusing\AppData\Local\Temp\{C39CA855-1645-4DA8-868F-748782BFDA1E}-25.0.1364.97_24.0.1312.57_chrome_updater.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-01-12 13:42:10
Restore point made on: 2014-01-15 01:25:15
Restore point made on: 2014-01-15 12:50:09
Restore point made on: 2014-01-25 02:36:58
Restore point made on: 2014-02-01 02:46:09

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 4094.55 MB
Available physical RAM: 3353.02 MB
Total Pagefile: 4092.7 MB
Available Pagefile: 3345.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:458.87 GB) (Free:179.86 GB) NTFS
Drive e: (DATA) (Fixed) (Total:458.87 GB) (Free:70.51 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:13.67 GB) (Free:4.14 GB) NTFS
Drive g: (Cultures) (CDROM) (Total:0.19 GB) (Free:0 GB) CDFS
Drive k: () (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 8406D83F)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2014-01-29 08:09

==================== End Of Log ============================

--- --- ---

cosinus · 08.02.2014, 13:15

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\17i3hx.lnk
C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\17i3hx.lnk
ShortcutTarget: 17i3hx.lnk -> C:\ProgramData\xh3i71.cpp (Microsoft Corporation)
C:\ProgramData\17i3hx.fee
C:\ProgramData\xh3i71.cpp

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

booga · 08.02.2014, 13:31

Hier das Fixlog.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2014
Ran by SYSTEM at 2014-02-08 13:29:35 Run:1
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\17i3hx.lnk
C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\17i3hx.lnk
ShortcutTarget: 17i3hx.lnk -> C:\ProgramData\xh3i71.cpp (Microsoft Corporation)
C:\ProgramData\17i3hx.fee
C:\ProgramData\xh3i71.cpp
         
*****************

C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\17i3hx.lnk => Moved successfully.
"C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\17i3hx.lnk" => File/Directory not found.
C:\ProgramData\xh3i71.cpp => Moved successfully.
C:\ProgramData\17i3hx.fee => Moved successfully.
"C:\ProgramData\xh3i71.cpp" => File/Directory not found.

==== End of Fixlog ====

cosinus · 08.02.2014, 13:44

Startet Windows wieder normal?

booga · 08.02.2014, 13:50

Soweit ja, es kommt eine Fehlermeldung:

RundDLL
Problem beim Starten von xh3i71.cpp
das angegebene Modul wurde nicht gefunden.

,und eine Wahrnung: Server ist ausgelastet.
Die wiederum lässt sich nicht schließen.

cosinus · 08.02.2014, 13:55

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

booga · 08.02.2014, 14:50

Hier das Log

Code:

ATTFilter

ComboFix 14-02-05.02 - M.Schleusing 08.02.2014  14:09:02.1.2 - x64
ausgeführt von:: c:\users\M.Schleusing\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\prefs.js
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\program files (x86)\facemoods.com\sqlite3.dll
c:\programdata\17i3hx.zvv
c:\users\M.Schleusing\AppData\Local\Microsoft\Windows\Temporary Internet Files\Whilokii_iels
c:\users\M.Schleusing\AppData\Roaming\.#
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-01-08 bis 2014-02-08  ))))))))))))))))))))))))))))))
.
.
2014-02-08 19:42 . 2014-02-08 21:29	--------	d-----w-	C:\FRST
2014-02-08 13:23 . 2014-02-08 13:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-01 12:48 . 2014-02-01 12:49	--------	d-----w-	c:\program files (x86)\Cultures
2014-01-14 19:04 . 2014-01-14 19:04	--------	d-----w-	c:\users\M.Schleusing\AppData\Roaming\FoxTab
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 17:41 . 2013-03-01 13:45	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 17:41 . 2011-05-17 13:40	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 20:50 . 2012-08-13 12:01	86054176	----a-w-	c:\windows\system32\MRT.exe
2014-01-06 19:23 . 2014-01-06 19:23	4558848	----a-w-	c:\windows\SysWow64\GPhotos.scr
2014-01-03 13:01 . 2014-01-03 13:02	866720	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2014-01-03 13:01 . 2014-01-03 13:01	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-03 13:01 . 2011-08-24 14:40	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-12-18 18:55 . 2013-08-06 07:51	84720	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-12-18 18:55 . 2013-08-06 07:36	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-12-18 18:55 . 2013-08-06 07:36	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" [2013-12-20 74704]
.
[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]
[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-12-20 19:17	12240	----a-w-	c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{430E8868-67B9-4EA9-8D2E-1CAF7BCBD1BA}"
[HKEY_CLASSES_ROOT\CLSID\{430E8868-67B9-4EA9-8D2E-1CAF7BCBD1BA}]
2012-04-09 14:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-10-31 449760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-19 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-18 684600]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys;c:\windows\SYSNATIVE\DRIVERS\ewsercd.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 SipIMNDI;T-Home Dialerschutz VoIP Service;c:\windows\system32\DRIVERS\SipIMNDI64.sys;c:\windows\SYSNATIVE\DRIVERS\SipIMNDI64.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 17:41]
.
2014-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000Core.job
- c:\users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 09:10]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000UA.job
- c:\users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 09:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-12-20 19:17	13776	----a-w-	c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2013-12-20 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{430E8868-67B9-4EA9-8D2E-1CAF7BCBD1BA}"
[HKEY_CLASSES_ROOT\CLSID\{430E8868-67B9-4EA9-8D2E-1CAF7BCBD1BA}]
2012-04-09 14:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=395049983_1052514_7CD22FDF&ts=1380313102
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=395049983_1052514_7CD22FDF&ts=1380313102
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{43AF8AD8-8451-43AC-82C2-12BF479B49C2}: NameServer = 212.23.115.148 212.23.115.132
TCP: Interfaces\{4DB558CD-8FE3-4960-9244-5BCFFD5F89DE}: NameServer = 212.23.115.148 212.23.115.132
TCP: Interfaces\{54126AAF-3ECA-4062-8DFA-CBB371FA71A5}: NameServer = 212.23.115.148 212.23.97.2
TCP: Interfaces\{7489ABAC-82E0-4061-90D1-83615B41A690}: NameServer = 212.23.115.148 212.23.115.132
TCP: Interfaces\{A3E241D2-280E-4239-85E4-FB70AC001AD3}: NameServer = 212.23.115.148 212.23.115.132
TCP: Interfaces\{CE80EEA8-5776-416C-BC8F-D6286D5E47B9}: NameServer = 212.23.115.150 212.23.115.132
TCP: Interfaces\{DA000208-B9E1-45CC-A63C-54F2214F1BB3}: NameServer = 212.23.115.148 212.23.115.132
TCP: Interfaces\{FEA10D0C-9F03-4FD7-B774-E10F50C7063C}: NameServer = 212.23.115.150 212.23.115.132
FF - ProfilePath - c:\users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\124vuhh6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: !HIDDEN! 2010-12-08 17:13; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
Toolbar-Locked - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk - c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
AddRemove-Cultures - Die Entdeckung Vinlands - c:\windows\IsUn0407.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-Floyd - c:\windows\IsUn0407.exe
AddRemove-{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1Sec}_is1 - d:\gothic 4\ArcaniA - Gothic 4\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1377681411-3994106491-3036228621-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,76,c9,e8,ca,14,34,1e,9e,3c,d7,fc,94,86,09,02,f8,ae,01,12,3d,
   14,b5,d1,18,3c,43,c2,09,ca,ae,9b,02,ba,21,19,4b,77,2d,9f,3c,a6,4e,fa,31,01,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-02-08  14:41:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-02-08 13:41
.
Vor Suchlauf: 17 Verzeichnis(se), 199.318.941.696 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 205.959.503.872 Bytes frei
.
- - End Of File - - 15FBBAEBBE3908319819819C3439421C
70E629B51C16B3C007730C6AE57144C9

cosinus · 08.02.2014, 14:53

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

booga · 08.02.2014, 15:19

Das adwCleaner Log:

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 08/02/2014 um 14:59:38
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : M.Schleusing - MSCHLEUSING-PC
# Gestartet von : C:\Users\M.Schleusing\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\M.Schleusing\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\M.Schleusing\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
[!] Ordner Gelöscht : C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml
Datei Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\124vuhh6.default\user.js
Datei Gelöscht : C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Funmoods

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\Funmoods
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-2.1

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\124vuhh6.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "qvo6");

[ Datei : C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17010 octets] - [08/02/2014 14:58:04]
AdwCleaner[S0].txt - [14566 octets] - [08/02/2014 14:59:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14627 octets] ##########

Das JRT Log:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by M.Schleusing on 08.02.2014 at 15:02:53,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\M.Schleusing\appdata\local\cre"



~~~ FireFox

Emptied folder: C:\Users\M.Schleusing\AppData\Roaming\mozilla\firefox\profiles\124vuhh6.default\minidumps [131 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\M.Schleusing\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Folder] C:\Users\M.Schleusing\appdata\local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Successfully deleted: [Folder] C:\Users\M.Schleusing\appdata\local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2014 at 15:09:45,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Das FRST Log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by M.Schleusing (administrator) on MSCHLEUSING-PC on 08-02-2014 15:10:35
Running from C:\Users\M.Schleusing\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-10-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\S-1-5-21-1377681411-3994106491-3036228621-1000\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE402
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{43AF8AD8-8451-43AC-82C2-12BF479B49C2}: [NameServer]212.23.115.148 212.23.115.132
Tcpip\..\Interfaces\{4DB558CD-8FE3-4960-9244-5BCFFD5F89DE}: [NameServer]212.23.115.148 212.23.115.132
Tcpip\..\Interfaces\{54126AAF-3ECA-4062-8DFA-CBB371FA71A5}: [NameServer]212.23.115.148 212.23.97.2
Tcpip\..\Interfaces\{7489ABAC-82E0-4061-90D1-83615B41A690}: [NameServer]212.23.115.148 212.23.115.132
Tcpip\..\Interfaces\{A3E241D2-280E-4239-85E4-FB70AC001AD3}: [NameServer]212.23.115.148 212.23.115.132
Tcpip\..\Interfaces\{CE80EEA8-5776-416C-BC8F-D6286D5E47B9}: [NameServer]212.23.115.150 212.23.115.132
Tcpip\..\Interfaces\{DA000208-B9E1-45CC-A63C-54F2214F1BB3}: [NameServer]212.23.115.148 212.23.115.132
Tcpip\..\Interfaces\{FEA10D0C-9F03-4FD7-B774-E10F50C7063C}: [NameServer]212.23.115.150 212.23.115.132

FireFox:
========
FF ProfilePath: C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\124vuhh6.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in - C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\M.Schleusing\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\M.Schleusing\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Edge - C:\Users\M.Schleusing\AppData\Roaming\Mozilla\Firefox\Profiles\124vuhh6.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-09]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-08]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-02-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-11]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-08]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29]
CHR Extension: (Google Drive) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29]
CHR Extension: (YouTube) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google-Suche) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Google Wallet) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Google Mail) - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\M.Schleusing\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2011-12-16]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2011-12-16]
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\M.Schleusing\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2011-12-16]
CHR StartMenuInternet: Google Chrome - C:\Users\M.Schleusing\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2013-12-19] (Perfect World Entertainment Inc)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192 2013-12-13] (Robert McNeel & Associates)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-08-14] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-08-14] (DT Soft Ltd)
S3 ewsercd; C:\Windows\System32\DRIVERS\ewsercd.sys [112896 2011-05-17] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-08-14] ()
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI64.sys [28192 2009-10-15] (T-Systems International GmbH)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-08 20:42 - 2014-02-08 15:10 - 00000000 ____D () C:\FRST
2014-02-08 15:10 - 2014-02-08 15:11 - 00019150 _____ () C:\Users\M.Schleusing\Desktop\FRST.txt
2014-02-08 15:10 - 2014-02-08 11:38 - 02079744 _____ (Farbar) C:\Users\M.Schleusing\Desktop\FRST64.exe
2014-02-08 15:09 - 2014-02-08 15:09 - 00001913 _____ () C:\Users\M.Schleusing\Desktop\JRT.txt
2014-02-08 15:02 - 2014-02-08 15:02 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 14:57 - 2014-02-08 15:00 - 00000000 ____D () C:\AdwCleaner
2014-02-08 14:57 - 2014-02-08 14:55 - 01166132 _____ () C:\Users\M.Schleusing\Desktop\adwcleaner.exe
2014-02-08 14:57 - 2014-02-08 14:55 - 01037530 _____ (Thisisu) C:\Users\M.Schleusing\Desktop\JRT.exe
2014-02-08 14:42 - 2014-02-08 14:42 - 00024910 _____ () C:\ComboFix.txt
2014-02-08 14:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-08 14:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-08 14:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-08 14:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-08 14:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-08 14:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-08 14:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-08 14:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-08 14:01 - 2014-02-08 14:42 - 00000000 ____D () C:\Qoobox
2014-02-08 14:01 - 2014-02-08 14:37 - 00000000 ____D () C:\Windows\erdnt
2014-02-08 13:57 - 2014-02-08 13:55 - 05180173 ____R (Swearware) C:\Users\M.Schleusing\Desktop\ComboFix.exe
2014-02-07 15:50 - 2014-02-07 17:07 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\Mappe
2014-02-04 20:16 - 2014-02-05 19:46 - 00019237 _____ () C:\Users\M.Schleusing\Desktop\spicker.odt
2014-02-01 13:48 - 2014-02-01 13:49 - 00000000 ____D () C:\Program Files (x86)\Cultures
2014-02-01 13:40 - 2014-02-01 13:40 - 00002920 _____ () C:\Windows\System32\Tasks\{FBBABE86-5183-484A-BDC3-FCDD519E2F66}
2014-02-01 13:40 - 2014-02-01 13:40 - 00002920 _____ () C:\Windows\System32\Tasks\{B5BB1036-B2A5-4C62-8989-2251A48B0FDC}
2014-02-01 13:34 - 2014-02-01 13:34 - 00002940 _____ () C:\Windows\System32\Tasks\{EECF1880-041C-4EF3-8274-BE09C7BC01D9}
2014-02-01 13:33 - 2014-02-01 13:33 - 00002940 _____ () C:\Windows\System32\Tasks\{9C76DAFE-2BF5-4AE5-9945-DE2E0B189A59}
2014-02-01 13:30 - 2014-02-01 13:30 - 00002940 _____ () C:\Windows\System32\Tasks\{D5573631-6F91-4B09-B594-F943C827214E}
2014-02-01 13:30 - 2014-02-01 13:30 - 00002940 _____ () C:\Windows\System32\Tasks\{436F74D0-51EC-4B98-9364-FD71D6EEDFA4}
2014-01-29 21:21 - 2014-01-29 21:34 - 00000132 _____ () C:\Users\M.Schleusing\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-01-25 13:20 - 2014-01-25 13:20 - 00275232 _____ () C:\Windows\Minidump\012514-20732-01.dmp
2014-01-23 19:09 - 2014-01-23 19:09 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-23 18:01 - 2014-01-29 17:56 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\für gang
2014-01-23 15:28 - 2014-01-23 15:28 - 00275232 _____ () C:\Windows\Minidump\012314-20779-01.dmp
2014-01-21 21:47 - 2014-01-25 13:20 - 626339174 _____ () C:\Windows\MEMORY.DMP
2014-01-21 21:47 - 2014-01-21 21:47 - 00275232 _____ () C:\Windows\Minidump\012114-20623-01.dmp
2014-01-14 20:04 - 2014-01-14 20:04 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\FoxTab
2014-01-11 19:23 - 2014-01-11 19:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_androidusb_01005.Wdf

==================== One Month Modified Files and Folders =======

2014-02-08 22:29 - 2010-09-08 16:56 - 00000000 ___RD () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-08 15:11 - 2014-02-08 15:10 - 00019150 _____ () C:\Users\M.Schleusing\Desktop\FRST.txt
2014-02-08 15:10 - 2014-02-08 20:42 - 00000000 ____D () C:\FRST
2014-02-08 15:09 - 2014-02-08 15:09 - 00001913 _____ () C:\Users\M.Schleusing\Desktop\JRT.txt
2014-02-08 15:09 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 15:09 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 15:08 - 2011-09-18 19:07 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000UA.job
2014-02-08 15:05 - 2006-10-10 12:13 - 01257528 _____ () C:\Windows\WindowsUpdate.log
2014-02-08 15:02 - 2014-02-08 15:02 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 15:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-08 15:01 - 2009-07-14 05:51 - 00205964 _____ () C:\Windows\setupact.log
2014-02-08 15:00 - 2014-02-08 14:57 - 00000000 ____D () C:\AdwCleaner
2014-02-08 14:59 - 2011-09-18 19:13 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-02-08 14:59 - 2010-09-08 16:56 - 00001148 _____ () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-08 14:59 - 2010-09-08 16:56 - 00001001 _____ () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-08 14:55 - 2014-02-08 14:57 - 01166132 _____ () C:\Users\M.Schleusing\Desktop\adwcleaner.exe
2014-02-08 14:55 - 2014-02-08 14:57 - 01037530 _____ (Thisisu) C:\Users\M.Schleusing\Desktop\JRT.exe
2014-02-08 14:42 - 2014-02-08 14:42 - 00024910 _____ () C:\ComboFix.txt
2014-02-08 14:42 - 2014-02-08 14:01 - 00000000 ____D () C:\Qoobox
2014-02-08 14:42 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-08 14:41 - 2013-03-01 14:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-08 14:37 - 2014-02-08 14:01 - 00000000 ____D () C:\Windows\erdnt
2014-02-08 14:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-08 14:24 - 2009-10-17 02:50 - 01553352 _____ () C:\Windows\PFRO.log
2014-02-08 13:55 - 2014-02-08 13:57 - 05180173 ____R (Swearware) C:\Users\M.Schleusing\Desktop\ComboFix.exe
2014-02-08 11:38 - 2014-02-08 15:10 - 02079744 _____ (Farbar) C:\Users\M.Schleusing\Desktop\FRST64.exe
2014-02-07 17:49 - 2013-09-22 16:48 - 00000084 _____ () C:\Users\M.Schleusing\AppData\Roaming\WB.CFG
2014-02-07 17:10 - 2012-03-20 21:13 - 00000000 ____D () C:\Users\M.Schleusing\Graphisoft
2014-02-07 17:09 - 2013-02-18 19:10 - 00000000 ____D () C:\Users\M.Schleusing\Documents\BIMx
2014-02-07 17:07 - 2014-02-07 15:50 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\Mappe
2014-02-07 16:15 - 2011-08-22 09:46 - 00000000 ____D () C:\Users\M.Schleusing\Documents\für Studium
2014-02-07 16:08 - 2011-09-18 19:07 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000Core.job
2014-02-07 09:37 - 2009-07-14 06:13 - 01613412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-07 09:37 - 2006-10-10 22:05 - 00696848 _____ () C:\Windows\system32\perfh007.dat
2014-02-07 09:37 - 2006-10-10 22:05 - 00148144 _____ () C:\Windows\system32\perfc007.dat
2014-02-05 21:11 - 2013-03-05 11:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-05 19:46 - 2014-02-04 20:16 - 00019237 _____ () C:\Users\M.Schleusing\Desktop\spicker.odt
2014-02-05 18:41 - 2013-03-01 14:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 18:41 - 2013-03-01 14:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 18:41 - 2011-05-17 14:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 22:48 - 2013-09-26 12:22 - 00000220 _____ () C:\Users\M.Schleusing\Desktop\diablo fehler.txt
2014-02-02 20:21 - 2011-05-31 18:17 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Local\CrashDumps
2014-02-01 13:49 - 2014-02-01 13:48 - 00000000 ____D () C:\Program Files (x86)\Cultures
2014-02-01 13:48 - 2006-10-10 12:32 - 00633932 _____ () C:\Windows\DirectX.log
2014-02-01 13:40 - 2014-02-01 13:40 - 00002920 _____ () C:\Windows\System32\Tasks\{FBBABE86-5183-484A-BDC3-FCDD519E2F66}
2014-02-01 13:40 - 2014-02-01 13:40 - 00002920 _____ () C:\Windows\System32\Tasks\{B5BB1036-B2A5-4C62-8989-2251A48B0FDC}
2014-02-01 13:34 - 2014-02-01 13:34 - 00002940 _____ () C:\Windows\System32\Tasks\{EECF1880-041C-4EF3-8274-BE09C7BC01D9}
2014-02-01 13:33 - 2014-02-01 13:33 - 00002940 _____ () C:\Windows\System32\Tasks\{9C76DAFE-2BF5-4AE5-9945-DE2E0B189A59}
2014-02-01 13:30 - 2014-02-01 13:30 - 00002940 _____ () C:\Windows\System32\Tasks\{D5573631-6F91-4B09-B594-F943C827214E}
2014-02-01 13:30 - 2014-02-01 13:30 - 00002940 _____ () C:\Windows\System32\Tasks\{436F74D0-51EC-4B98-9364-FD71D6EEDFA4}
2014-02-01 11:46 - 2013-03-22 19:17 - 00418646 _____ () C:\Windows\DPINST.LOG
2014-01-29 21:34 - 2014-01-29 21:21 - 00000132 _____ () C:\Users\M.Schleusing\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-01-29 17:56 - 2014-01-23 18:01 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\für gang
2014-01-29 11:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-25 13:20 - 2014-01-25 13:20 - 00275232 _____ () C:\Windows\Minidump\012514-20732-01.dmp
2014-01-25 13:20 - 2014-01-21 21:47 - 626339174 _____ () C:\Windows\MEMORY.DMP
2014-01-25 13:20 - 2010-10-21 12:07 - 00000000 ____D () C:\Windows\Minidump
2014-01-23 19:09 - 2014-01-23 19:09 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-23 19:04 - 2011-08-19 16:01 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Local\Paint.NET
2014-01-23 15:28 - 2014-01-23 15:28 - 00275232 _____ () C:\Windows\Minidump\012314-20779-01.dmp
2014-01-21 21:47 - 2014-01-21 21:47 - 00275232 _____ () C:\Windows\Minidump\012114-20623-01.dmp
2014-01-19 20:28 - 2013-01-01 22:25 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\vlc
2014-01-15 21:54 - 2013-07-21 21:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 21:54 - 2009-10-17 03:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 21:50 - 2012-08-13 13:01 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 11:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-15 11:35 - 2011-11-02 17:48 - 00000000 ____D () C:\Users\M.Schleusing\Desktop\ABI
2014-01-15 10:22 - 2013-11-05 13:03 - 00001990 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-01-15 10:22 - 2009-10-17 02:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-14 20:04 - 2014-01-14 20:04 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\FoxTab
2014-01-11 19:23 - 2014-01-11 19:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_androidusb_01005.Wdf
2014-01-09 16:59 - 2010-09-11 11:22 - 00000000 ____D () C:\Users\M.Schleusing\AppData\Roaming\Adobe

Some content of TEMP:
====================
C:\Users\M.Schleusing\AppData\Local\Temp\avgnt.exe
C:\Users\M.Schleusing\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 17:09

==================== End Of Log ============================

--- --- ---

Das Addition Log:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2014
Ran by M.Schleusing at 2014-02-08 15:12:00
Running from C:\Users\M.Schleusing\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acer Backup Manager (x32 Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (x32 Version: 4.05.3005 - Acer Incorporated)
Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.2.0812 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.6 - Adobe Systems)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Master Collection (x32 Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (x32 Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (x32 Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Catalyst Install Manager (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD DnD V1.0.19 (x32 Version: 1.0.19 - AMD) Hidden
Anno 1701 - Der Fluch des Drachen (x32 Version: 2.03 - Sunflowers)
Anno 1701 (x32 Version: 1.00 - Sunflowers)
Apple Application Support (x32 Version: 1.4.1 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.1.116 - Apple Inc.)
Arc (x32 Version: 1.0.0.5510 - Perfect World Entertainment)
ArcaniA - Gothic 4 Patch (x32 Version:  - JoWooD Entertainment AG)
ArchiCAD 16 GER (Version: 16.0 - GRAPHISOFT)
ArchiCAD 17 GER (Version: 17.0 - GRAPHISOFT)
ATI AVIVO64 Codecs (Version: 10.11.0.41019 - ATI Technologies Inc.) Hidden
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (x32 Version: 12.10.0.2948 - APN, LLC)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Black & White® 2 (x32 Version: 1.00.0000 - Lionhead Studios)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.1019.2131.36819 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1019.2131.36819 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.1019.2131.36819 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.1019.2131.36819 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1019.2131.36819 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.1019.2131.36819 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0320.2223.38347 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.1019.2131.36819 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help English (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help French (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help German (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.1019.2130.36819 - ATI) Hidden
ccc-core-static (x32 Version: 2009.1019.2131.36819 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.1019.2131.36819 - ATI) Hidden
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Cossacks - Back To War (x32 Version:  - )
Cultures - Die Entdeckung Vinlands (x32 Version:  - )
DAEMON Tools Lite (x32 Version: 4.40.2.0131 - DT Soft Ltd)
Dawn of War - Dark Crusade (x32 Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
Demigod (x32 Version:  - Stardock Entertainment, Inc.)
Demigod (x32 Version: 1.00 - Stardock Entertainment, Inc.) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Diablo III (x32 Version:  - Blizzard Entertainment)
Die Sims™ 3 (x32 Version: 1.29.55 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (x32 Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (x32 Version: 4.0.87 - Electronic Arts)
Empire Earth Ultimate Edition (x32 Version: 1.0 - The Games Company)
Empire: Total War (x32 Version:  - The Creative Assembly)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
Floyd - Es gibt noch Helden (x32 Version:  - )
From Dust (x32 Version: 1.00.003 - Ubisoft)
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hotkey Utility (x32 Version: 1.00.3004 - Acer Incorporated)
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0 - HP)
HP Print Projects 1.0 (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (Version: 4.5 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Identity Card (x32 Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Impossible Creatures (x32 Version:  - )
Impulse (x32 Version:  - Stardock)
Impulse (x32 Version: 1.0 - Stardock Corporation) Hidden
Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (x32 Version: 6.0.220 - Oracle)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mass Effect (x32 Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (x32 Version: 1.02 - Electronic Arts, Inc.)
Mass Effect™ 3 (x32 Version: 1.05.0.0 - Electronic Arts)
Memoria (x32 Version: 1.00 - Deep Silver)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (x32 Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (x32 Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (x32 Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (x32 Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Might & Magic Heroes VI (x32 Version: 1.5.2 - Ubisoft)
Mobile Partner (x32 Version: 16.001.06.03.52 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.76.0 - Egis Technology Inc.)
Nero 9 Essentials (x32 Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (Version: 1.7 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7305 - NVIDIA Corporation) Hidden
NVIDIA ForceWare Network Access Manager (x32 Version:  - )
NVIDIA PhysX (x32 Version: 9.11.1107 - NVIDIA Corporation)
OpenOffice.org 3.3 (x32 Version: 3.3.9567 - OpenOffice.org)
Origin (x32 Version: 8.6.0.357 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (Version: 3.60.0 - dotPDN LLC)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 5.4.0 (x32 Version:  - PDF24.org)
PDFCreator (x32 Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
PS_AIO_06_C4700_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
RAD Video Tools (x32 Version:  - )
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Rhinoceros 5 (64-bit) (Version: 5.1.30129.1756 - Robert McNeel & Associates)
Rhinoceros 5 (x32 Version: 5.7.31213.18395 - Robert McNeel & Associates)
Rhinoceros 5.0 Help Media (x32 Version: 5.1.20828.1435 - Robert McNeel & Associates)
Rhinoceros 5.0 Language Pack Installer (de-DE) (x32 Version: 5.1.20905.0935 - Robert McNeel & Associates)
RIFT (HKCU Version:  - Trion Worlds, Inc.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScummVM 1.6.0 (x32 Version:  - The ScummVM Team)
Shop for HP Supplies (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Engine (x32 Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.188 (x32 Version: 2.10.188 - Sony)
SPORE™ (x32 Version: 1.00.0000 - Electronic Arts)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (x32 Version:  - Valve)
The Elder Scrolls V: Skyrim (x32 Version:  - Bethesda Game Studios)
The Movies(TM) (x32 Version: 1.0 - Activision)
The Movies(TM) (x32 Version: 1.0 - Activision) Hidden
The Next BIG Thing (Deutsch) (x32 Version: 1.00 - CRIMSON COW)
The Witcher 2 (x32 Version: 1.00.0000 - CD Projekt Red)
The Witcher Enhanced Edition (x32 Version: 1.00.0000 - CD Projekt Red)
Tomb Raider (x32 Version:  - Crystal Dynamics)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Trine (x32 Version:  - Frozenbyte)
Trine 2 (x32 Version:  - Frozenbyte)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Foxtab (HKCU Version:  - Update for Foxtab) <==== ATTENTION
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Viva Piñata (x32 Version: 1.00.0000 - Microsoft Game Studios)
Viva Pinata (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN)
Warhammer 40,000: Dawn Of War - Gold Edition (x32 Version: 1.51 - THQ)
Warlords Battlecry III (x32 Version: W4PCA0.8 - )
Warsow 1.0 (x32 Version: 1.0 - Chasseur de bots)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (x32 Version: 1.00.3008 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR 4.01 (32-Bit) (x32 Version: 4.01.0 - win.rar GmbH)
Wuala (HKCU Version: 1.0.444.0 - LaCie)
Wuala CBFS (x32 Version: 3.2.107.0 - LaCie)
Yahoo! Toolbar (x32 Version:  - )

==================== Restore Points  =========================

12-01-2014 21:41:51 Windows Update
15-01-2014 09:23:48 Sony PC Companion
15-01-2014 20:49:37 Windows Update
25-01-2014 10:36:47 Geplanter Prüfpunkt
01-02-2014 10:45:40 Sony PC Companion

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-08 14:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05B9978B-2118-4430-ABE4-5E82966677A0} - \Funmoods No Task File
Task: {081DA528-25E0-4594-B1E9-3B6D70F47E1F} - System32\Tasks\{43CC6C0D-B818-4F01-BF8C-04E3CB6FD380} => D:\Age of Empires 2\EMPIRES2.EXE [2000-07-29] (Microsoft Corporation)
Task: {0FECA8B4-1491-49C2-80FC-3C0CDF3C1E8E} - System32\Tasks\{EECF1880-041C-4EF3-8274-BE09C7BC01D9} => D:\Cultures\Cultures.exe
Task: {19728C3B-C7BA-4ED0-B828-788655891A6B} - System32\Tasks\{D5573631-6F91-4B09-B594-F943C827214E} => D:\Cultures\Cultures.exe
Task: {2B2AB601-8928-4513-AF70-C134AE1AEEB0} - System32\Tasks\{FBBABE86-5183-484A-BDC3-FCDD519E2F66} => E:\DX7Ager.exe [1999-12-20] (Microsoft Corporation)
Task: {2C1719DA-0E74-4AE7-9F38-8A9E01BA9201} - System32\Tasks\{357EF36A-2051-4253-8254-B7215E398144} => C:\Users\M.Schleusing\Cossacks\Cossacks - Back To War\dmcr.exe [2002-08-22] (-GSC-)
Task: {496AF377-8822-410F-A393-D5E76C893601} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2009-07-14] (Microsoft Corporation)
Task: {4D9DAC98-132E-4114-B1D0-E0592AA367E0} - System32\Tasks\{7F4824AF-855D-4B8C-945B-D2EB79EB644A} => C:\Program Files (x86)\The Witcher 2\launcher.exe
Task: {5F989159-CF0C-424A-B9D0-D60F1B628228} - System32\Tasks\{97013C60-E492-4F8C-9BF4-BF1AC26E29D4} => C:\Users\M.Schleusing\Cossacks\Cossacks - Back To War\dmcr.exe [2002-08-22] (-GSC-)
Task: {707E523E-17D0-4603-AE50-9CE5FD5E2E00} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000UA => C:\Users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09] (Google Inc.)
Task: {934571BC-0C81-49DE-B304-AF2489750FE0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {AB6A7DC3-461B-4FFC-A8E3-E4A4D37F50F9} - System32\Tasks\{79FEA238-AAF9-4713-9B04-58DD0ED6F4C9} => C:\Users\M.Schleusing\Cossacks\Cossacks - Back To War\dmcr.exe [2002-08-22] (-GSC-)
Task: {BE0165E8-BB3B-4DD4-863E-B758B5591805} - System32\Tasks\{B5BB1036-B2A5-4C62-8989-2251A48B0FDC} => E:\DX7Ager.exe [1999-12-20] (Microsoft Corporation)
Task: {C490A810-55F1-4F29-8384-92D1124B8B35} - System32\Tasks\{9C76DAFE-2BF5-4AE5-9945-DE2E0B189A59} => D:\Cultures\Cultures.exe
Task: {CE75826A-9026-431A-8433-3C90E229EDE9} - System32\Tasks\{436F74D0-51EC-4B98-9364-FD71D6EEDFA4} => D:\Cultures\Cultures.exe
Task: {D7D7F078-B076-4721-9754-D7B90948248D} - System32\Tasks\AdobeAAMUpdater-1.0-MSchleusing-PC-M.Schleusing => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {EF7839C0-BC03-409F-9806-AC3B08E05344} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000Core => C:\Users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09] (Google Inc.)
Task: {F069E0B5-2C18-43DA-AF0A-64C68C0518F5} - System32\Tasks\{27ADA48D-B0F0-41EC-947B-6EB0EDCA2C69} => C:\Program Files (x86)\The Witcher 2\launcher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000Core.job => C:\Users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1377681411-3994106491-3036228621-1000UA.job => C:\Users\M.Schleusing\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-08-14 09:55 - 2009-08-14 09:55 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2006-10-10 12:21 - 2006-10-10 12:21 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-08-11 22:21 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-08-06 08:36 - 2013-08-05 13:26 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2009-02-03 01:33 - 2009-02-03 01:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 01:55 - 2008-09-29 01:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-03-22 19:16 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-03-22 19:16 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-04-19 08:22 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2013-11-20 15:56 - 2013-11-20 15:56 - 00668672 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2009-08-18 08:31 - 2009-08-18 08:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:444C53BA
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE
AlternateDataStreams: C:\ProgramData\TEMP:B606BA34
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-08 14:18:50.707
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-08 14:18:50.488
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 4094.55 MB
Available physical RAM: 2783.87 MB
Total Pagefile: 8187.24 MB
Available Pagefile: 6509.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:458.87 GB) (Free:191.85 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.87 GB) (Free:70.51 GB) NTFS
Drive e: (Cultures) (CDROM) (Total:0.19 GB) (Free:0 GB) CDFS
Drive k: () (Removable) (Total:7.53 GB) (Free:7.52 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 8406D83F)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================

cosinus · 09.02.2014, 15:29

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

booga · 10.02.2014, 10:28

Malwarebytes Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.09.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
M.Schleusing :: MSCHLEUSING-PC [Administrator]

09.02.2014 19:15:22
mbam-log-2014-02-09 (19-15-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218419
Laufzeit: 8 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\M.Schleusing\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx (PUP.Optional.NewTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Eset Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b5f3fcbe99a8f343b3bec2e3331b9818
# engine=17003
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-10 07:24:04
# local_time=2014-02-10 08:24:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 94 50655 162688349 43414 0
# compatibility_mode=5893 16776574 100 94 86380409 231502716 0 0
# scanned=452148
# found=2
# cleaned=0
# scan_time=46317
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Virut.NBP virus" ac=I fn="D:\Fallout 3\Fallout 3.iso"
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP virus" ac=I fn="D:\Fallout 3\Crack\FalloutLauncher.exe"

cosinus · 10.02.2014, 10:34

Zitat:

"Win32/Virut.NBP virus" ac=I fn="D:\Fallout 3\Fallout 3.iso"
"Win32/Virut.NBP virus" ac=I fn="D:\Fallout 3\Crack\FalloutLauncher.exe"

booga · 10.02.2014, 17:47

Zu meiner Verteidigung, ich habe auch das Original wo sich ein Mod aber nicht umsetzen ließ, weshalb ich diesen blöden Weg wählte.

08.02.2014, 13:44	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU Trojaner Windows7 Startet Windows wieder normal? __________________ --> GVU Trojaner Windows7

GVU Trojaner Windows7

Log-Analyse und Auswertung: GVU Trojaner Windows7