Vista 32-bit: Trojaner mit Sperrschirm

papous06 · 09.06.2014, 08:05

beim Start kommt immer der BKA-Sperrbildschirm - außer dem Startfenster lässt sich kein anderes geöffnetes Programm als Fenster sichtbar machen/ der Start im abgesicherten Modus bricht immer ab

M-K-D-B · 09.06.2014, 09:41

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

papous06 · 09.06.2014, 11:47

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014
Ran by SYSTEM on MINWINPC on 09-06-2014 11:57:50
Running from G:\
Platform: Windows Vista (TM) Home Basic Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-07] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [81920 2008-01-22] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-02] (Egis Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-07] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-28] (Acer Incorporated)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [VideoDownloadConverter Search Scope Monitor] => C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe [44784 2013-09-25] (MindSpark)
HKLM\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] => C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [30096 2013-09-25] (VER_COMPANY_NAME)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner] => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTuner.exe [2883456 2012-05-14] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Gunter\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\Gunter\...\Run: [ctfmon.exe] => C:\PROGRA~2\rundll32.exe C:\PROGRA~2\qeb2a.dat,FG00 <===== ATTENTION
HKU\Gunter\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-05-14] (Google Inc.)
HKU\Gunter\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\Gunter\...\Winlogon: [Shell] explorer.exe,C:\Users\Gunter\AppData\Roaming\skype.dat <==== ATTENTION 
Startup: C:\Users\Gunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ebj6eyg.lnk
ShortcutTarget: ebj6eyg.lnk -> C:\ProgramData\gye6jbe.cpp\gye6jbe.cpp (Microsoft Corporation)

========================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany)
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-02] (Egis Incorporated)
S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.)
S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2008-06-10] (Acer Inc.)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()
S2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-13] (SurfRight B.V.)
S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-17] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-04-03] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] ()
S2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 VideoDownloadConverter_4zService; C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [42504 2013-09-25] (COMPANYVERS_NAME)
S2 Winmgmt; C:\ProgramData\gye6jbe.cpp\gye6jbe.cpp [172582 2014-05-08] (Microsoft Corporation)
S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer)
S2 WO_LiveService; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [884608 2012-05-14] ()

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [75640 2014-04-13] ()
S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S2 LiveTunerPM; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor32.sys [12696 2011-03-07] ()
S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [66296 2013-09-09] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-04-03] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-04-03] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-04-03] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-04-03] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-04-03] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-17] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-17] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-04-03] (McAfee, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-09 11:57 - 2014-06-09 11:57 - 00000000 ____D () C:\FRST
2014-06-08 08:28 - 2014-06-09 01:46 - 00006436 _____ () C:\Windows\PFRO.log
2014-06-08 06:52 - 2014-06-08 06:52 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-04 03:54 - 2014-05-05 15:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-06-04 03:54 - 2014-05-05 15:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-06-04 03:54 - 2014-05-05 15:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-30 03:47 - 2014-03-25 05:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll

==================== One Month Modified Files and Folders =======

2014-06-09 11:57 - 2014-06-09 11:57 - 00000000 ____D () C:\FRST
2014-06-09 01:46 - 2014-06-08 08:28 - 00006436 _____ () C:\Windows\PFRO.log
2014-06-09 01:43 - 2006-11-02 04:45 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 01:43 - 2006-11-02 04:45 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 23:27 - 2012-03-02 04:36 - 00000000 ____D () C:\Users\Gunter\AppData\Roaming\Skype
2014-06-08 23:15 - 2013-12-15 07:30 - 00001755 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-06-08 23:08 - 2009-03-07 06:48 - 01378937 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 22:56 - 2009-05-14 06:05 - 00000000 ____D () C:\Users\Gunter\AppData\Local\Temp
2014-06-08 09:11 - 2009-03-07 06:50 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-08 08:21 - 2013-12-15 06:41 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-06-08 08:08 - 2014-04-13 08:05 - 00000000 ____D () C:\Windows\CryptoGuard
2014-06-08 07:32 - 2006-11-02 04:44 - 00082944 _____ () C:\Windows\System32\umstartup.etl
2014-06-08 06:52 - 2014-06-08 06:52 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-08 06:52 - 2014-03-26 10:20 - 00000000 ___RD () C:\Program Files\Skype
2014-06-08 06:51 - 2013-05-19 06:00 - 00000000 ____D () C:\ProgramData\Skype
2014-06-04 04:09 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-04 04:06 - 2013-08-16 01:53 - 00000000 ____D () C:\Windows\System32\MRT
2014-06-04 03:59 - 2006-11-02 02:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-05-30 02:40 - 2013-12-15 07:26 - 00000000 ____D () C:\Program Files\McAfee

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2331331185-1874896325-974521786-1003\$b03e2bf8bf7b7498d7b8d09e9756319c

Files to move or delete:
====================
C:\Users\Gunter\AppData\Roaming\skype.ini
C:\ProgramData\0fri.pad
C:\ProgramData\amqj6hmq9.fvv
C:\ProgramData\diborw.fvv
C:\ProgramData\rundll32.exe


Some content of TEMP:
====================
C:\Users\Gunter\AppData\Local\Temp\RtkBtMnt.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-02-14 05:00:51
Restore point made on: 2014-02-15 08:28:14
Restore point made on: 2014-03-14 05:00:39
Restore point made on: 2014-03-16 08:08:58
Restore point made on: 2014-03-21 10:27:29
Restore point made on: 2014-03-26 03:22:00
Restore point made on: 2014-04-01 01:55:35
Restore point made on: 2014-04-05 01:37:45
Restore point made on: 2014-04-08 02:39:44
Restore point made on: 2014-04-11 06:29:11
Restore point made on: 2014-04-17 08:09:38
Restore point made on: 2014-04-25 11:10:49
Restore point made on: 2014-04-29 01:30:08
Restore point made on: 2014-05-02 02:16:19
Restore point made on: 2014-05-04 21:35:48
Restore point made on: 2014-05-09 03:30:08
Restore point made on: 2014-05-30 03:42:01
Restore point made on: 2014-06-04 03:54:49

==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 2045.37 MB
Available physical RAM: 1571.96 MB
Total Pagefile: 1802.96 MB
Available Pagefile: 1644.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.49 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:111.57 GB) (Free:64.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:111.55 GB) (Free:104.88 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.41 GB) FAT32
Drive g: (USB DISK) (Removable) (Total:0.12 GB) (Free:0.1 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 5D9D4081)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 124 MB) (Disk ID: A1CA593A)
Partition 1: (Active) - (Size=124 MB) - (Type=07 NTFS)


LastRegBack: 2014-06-08 23:00

==================== End Of Log ============================

--- --- ---

M-K-D-B · 09.06.2014, 13:53

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
HKU\Gunter\...\Run: [ctfmon.exe] => C:\PROGRA~2\rundll32.exe C:\PROGRA~2\qeb2a.dat,FG00 <===== ATTENTION
HKU\Gunter\...\Winlogon: [Shell] explorer.exe,C:\Users\Gunter\AppData\Roaming\skype.dat <==== ATTENTION
C:\Users\Gunter\AppData\Roaming\skype.dat 
Startup: C:\Users\Gunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ebj6eyg.lnk
ShortcutTarget: ebj6eyg.lnk -> C:\ProgramData\gye6jbe.cpp\gye6jbe.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\gye6jbe.cpp\gye6jbe.cpp [172582 2014-05-08] (Microsoft Corporation)
C:\ProgramData\gye6jbe.cpp
C:\PROGRA~2\qeb2a.dat
C:\$Recycle.Bin\S-1-5-21-2331331185-1874896325-974521786-1003\$b03e2bf8bf7b7498d7b8d09e9756319c
C:\Users\Gunter\AppData\Roaming\skype.ini
C:\ProgramData\0fri.pad
C:\ProgramData\amqj6hmq9.fvv
C:\ProgramData\diborw.fvv
C:\ProgramData\rundll32.exe
end

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Berichte mir, ob der Rechner anschließend wieder normal startet.

Wir sind dann aber noch nicht fertig.

papous06 · 09.06.2014, 14:09

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:09-06-2014
Ran by SYSTEM at 2014-06-09 15:04:30 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
start
HKU\Gunter\...\Run: [ctfmon.exe] => C:\PROGRA~2\rundll32.exe C:\PROGRA~2\qeb2a.dat,FG00 <===== ATTENTION
HKU\Gunter\...\Winlogon: [Shell] explorer.exe,C:\Users\Gunter\AppData\Roaming\skype.dat <==== ATTENTION
C:\Users\Gunter\AppData\Roaming\skype.dat 
Startup: C:\Users\Gunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ebj6eyg.lnk
ShortcutTarget: ebj6eyg.lnk -> C:\ProgramData\gye6jbe.cpp\gye6jbe.cpp (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\gye6jbe.cpp\gye6jbe.cpp [172582 2014-05-08] (Microsoft Corporation)
C:\ProgramData\gye6jbe.cpp
C:\PROGRA~2\qeb2a.dat
C:\$Recycle.Bin\S-1-5-21-2331331185-1874896325-974521786-1003\$b03e2bf8bf7b7498d7b8d09e9756319c
C:\Users\Gunter\AppData\Roaming\skype.ini
C:\ProgramData\0fri.pad
C:\ProgramData\amqj6hmq9.fvv
C:\ProgramData\diborw.fvv
C:\ProgramData\rundll32.exe
end

*****************

HKU\Gunter\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe => value deleted successfully.
HKU\Gunter\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"C:\Users\Gunter\AppData\Roaming\skype.dat" => File/Directory not found.
C:\Users\Gunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ebj6eyg.lnk => Moved successfully.
C:\ProgramData\gye6jbe.cpp\gye6jbe.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\gye6jbe.cpp => Moved successfully.
"C:\PROGRA~2\qeb2a.dat" => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-2331331185-1874896325-974521786-1003\$b03e2bf8bf7b7498d7b8d09e9756319c => Directory moved successfully.
C:\Users\Gunter\AppData\Roaming\skype.ini => Moved successfully.
C:\ProgramData\0fri.pad => Moved successfully.
C:\ProgramData\amqj6hmq9.fvv => Moved successfully.
C:\ProgramData\diborw.fvv => Moved successfully.
C:\ProgramData\rundll32.exe => Moved successfully.

==== End of Fixlog ====

M-K-D-B · 09.06.2014, 14:10

Startet dein Rechner wieder normal?

papous06 · 09.06.2014, 14:22

Ja, er startet wieder normal!

M-K-D-B · 09.06.2014, 14:29

Zitat:

Zitat von papous06

Ja, er startet wieder normal!

Dann alle kommenden Schritte bitte wieder vom normalen Modus durchführen.

Wir beginnen so:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

papous06 · 09.06.2014, 14:45

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014 01
Ran by Gunter (administrator) on GUNTER-PC on 09-06-2014 15:38:37
Running from C:\Users\Gunter\Desktop
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Acer\Mobility Center\MobilityService.exe
(COMPANYVERS_NAME) C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\Users\Gunter\AppData\Local\Temp\RtkBtMnt.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(VER_COMPANY_NAME) C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
(Ashampoo Development GmbH & Co. KG) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTuner.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_182_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-08] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [81920 2008-01-22] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-08] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [VideoDownloadConverter Search Scope Monitor] => C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe [44784 2013-09-25] (MindSpark)
HKLM\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] => C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [30096 2013-09-25] (VER_COMPANY_NAME)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner] => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTuner.exe [2883456 2012-05-14] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2331331185-1874896325-974521786-1003\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-12] (Macrovision Corporation)
HKU\S-1-5-21-2331331185-1874896325-974521786-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-05-14] (Google Inc.)
HKU\S-1-5-21-2331331185-1874896325-974521786-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2331331185-1874896325-974521786-1003\...\MountPoints2: {f06e734b-473c-11df-9953-000000000000} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2331331185-1874896325-974521786-1003\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0309&m=travelmate_5520
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0309&m=travelmate_5520
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0309&m=travelmate_5520
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {6EDCA85B-A6E2-47FD-BF76-6A48C0E788E8} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
SearchScopes: HKCU - {6EDCA85B-A6E2-47FD-BF76-6A48C0E788E8} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE105&p={SearchTerms}
SearchScopes: HKCU - {9E575D80-89A0-41E9-900E-65E7DEC64F3F} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949
BHO: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.50.140.248 192.168.0.1

FireFox:
========
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF Plugin: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files\VideoDownloadConverter\npVDCPlugin.dll (Mindspark)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-15]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-15]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (AVG Safe Search) - C:\Users\Gunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-10-01]
CHR Extension: (AVG Do Not Track) - C:\Users\Gunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-10-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-12-15]

========================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2008-06-10] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-13] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 VideoDownloadConverter_4zService; C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [42504 2013-09-25] (COMPANYVERS_NAME)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]
R2 WO_LiveService; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [884608 2012-05-14] ()

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [75640 2014-04-13] ()
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R2 LiveTunerPM; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor32.sys [12696 2011-03-08] ()
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [66296 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-04-03] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-04-03] (McAfee, Inc.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2009-02-17] (NewTech Infosystems, Inc.) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-09 21:57 - 2014-06-09 15:38 - 00000000 ____D () C:\FRST
2014-06-09 15:38 - 2014-06-09 15:39 - 00020444 _____ () C:\Users\Gunter\Desktop\FRST.txt
2014-06-09 15:37 - 2014-06-09 15:38 - 01072128 _____ (Farbar) C:\Users\Gunter\Desktop\FRST.exe
2014-06-09 15:17 - 2014-06-09 15:17 - 00000000 ____D () C:\Users\Gunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-06-08 18:28 - 2014-06-09 15:14 - 00007184 _____ () C:\Windows\PFRO.log
2014-06-08 16:52 - 2014-06-08 16:52 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-04 13:54 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-04 13:54 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-04 13:54 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 13:47 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-30 12:40 - 2014-05-30 12:40 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf7bf388b39bd7.job

==================== One Month Modified Files and Folders =======

2014-06-09 15:39 - 2014-06-09 15:38 - 00020444 _____ () C:\Users\Gunter\Desktop\FRST.txt
2014-06-09 15:39 - 2009-05-14 16:05 - 00000000 ____D () C:\Users\Gunter\AppData\Local\Temp
2014-06-09 15:38 - 2014-06-09 21:57 - 00000000 ____D () C:\FRST
2014-06-09 15:38 - 2014-06-09 15:37 - 01072128 _____ (Farbar) C:\Users\Gunter\Desktop\FRST.exe
2014-06-09 15:38 - 2012-03-02 14:36 - 00000000 ____D () C:\Users\Gunter\AppData\Roaming\Skype
2014-06-09 15:34 - 2009-03-07 16:48 - 01400029 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 15:24 - 2006-11-02 12:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 15:22 - 2013-12-15 17:30 - 00001755 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-06-09 15:22 - 2013-12-15 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-09 15:17 - 2014-06-09 15:17 - 00000000 ____D () C:\Users\Gunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-06-09 15:15 - 2006-11-02 14:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 15:15 - 2006-11-02 14:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 15:14 - 2014-06-08 18:28 - 00007184 _____ () C:\Windows\PFRO.log
2014-06-08 19:11 - 2009-03-07 16:50 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-08 18:21 - 2013-12-15 16:41 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-06-08 18:08 - 2014-04-13 18:05 - 00000000 ____D () C:\Windows\CryptoGuard
2014-06-08 17:32 - 2006-11-02 14:44 - 00082944 _____ () C:\Windows\system32\umstartup.etl
2014-06-08 16:52 - 2014-06-08 16:52 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-08 16:52 - 2014-03-26 20:20 - 00000000 ___RD () C:\Program Files\Skype
2014-06-08 16:51 - 2013-05-19 16:00 - 00000000 ____D () C:\ProgramData\Skype
2014-06-04 14:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-04 14:06 - 2013-08-16 11:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-04 13:59 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-30 12:40 - 2014-05-30 12:40 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf7bf388b39bd7.job
2014-05-30 12:40 - 2013-12-15 17:26 - 00000000 ____D () C:\Program Files\McAfee

Some content of TEMP:
====================
C:\Users\Gunter\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 15:22

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-06-2014 01
Ran by Gunter at 2014-06-09 15:40:05
Running from C:\Users\Gunter\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Acer Crystal Eye Webcam 2.0.9.2 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.9.2 - SuYin)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4304 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4309 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 2.11.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{251629BE-4EC9-DA91-E793-20AF9C28E63C}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.3.0.14 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.1.0.27 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)
Catalyst Control Center - Branding (HKLM\...\{3594EE90-B157-4519-9E82-8B6F4711A0A1}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0309.2141.36947 - ATI) Hidden
ccc-core-static (Version: 2008.0309.2141.36947 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.0309.2141.36947 - ATI) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
McAfee Total Protection (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.37 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.37 - NewTech Infosystems) Hidden
OpenOffice.org 3.0 (HKLM\...\{7EC19307-7C22-47A8-922B-3FA965291260}) (Version: 3.0.9379 - OpenOffice.org)
PDF24 Creator 5.4.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3704d.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoDownloadConverter Internet Explorer Toolbar (HKLM\...\VideoDownloadConverter_4zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
VideoLAN VLC media player 0.8.4a (HKLM\...\VLC media player) (Version: 0.8.4a - VideoLAN Team)
WIDCOMM Bluetooth Software 6.1.0.2000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.2000 - Broadcom Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

14-02-2014 13:00:24 Windows Update
15-02-2014 16:27:13 Windows Update
14-03-2014 13:00:17 Windows Update
16-03-2014 16:08:38 Windows Update
21-03-2014 18:26:40 Windows Update
26-03-2014 11:20:52 Windows Update
01-04-2014 09:54:32 Windows Update
05-04-2014 09:37:01 Windows Update
08-04-2014 10:38:11 Windows Update
11-04-2014 14:28:10 Windows Update
17-04-2014 16:08:46 Windows Update
25-04-2014 19:09:19 Windows Update
29-04-2014 09:29:17 Windows Update
02-05-2014 10:15:33 Windows Update
05-05-2014 05:34:50 Windows Update
09-05-2014 11:29:41 Windows Update
30-05-2014 11:40:33 Windows Update
04-06-2014 11:54:01 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {15AEA3AA-9604-44FB-B95F-3A8441649A59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {433D0A5F-DB36-4273-9B53-1E8DDFB72520} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29] (Sun Microsystems, Inc.)
Task: {4A96AC0F-352D-4A1C-87BA-E18EEF7C77C2} - System32\Tasks\One-Click Optimizer => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2012-05-14] (Ashampoo Development GmbH & Co. KG)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {87B233FB-6E2F-4D2A-975F-C9ABF467C7F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {B10F081C-B276-48A4-B4E9-321F380D87F0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {CA632061-3AE1-45E6-BB99-D1C148A9968F} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-12] (Macrovision Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf7bf388b39bd7.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe

==================== Loaded Modules (whitelisted) =============

2009-03-07 17:13 - 2007-11-27 19:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2009-03-07 17:13 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2012-12-15 20:48 - 2012-05-14 13:20 - 00884608 _____ () C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe
2009-03-07 17:12 - 2007-02-13 07:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2009-03-07 17:12 - 2007-02-13 07:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2009-03-07 17:12 - 2007-12-19 19:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2009-03-07 17:12 - 2007-12-19 19:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2009-03-07 17:12 - 2007-12-19 19:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2009-03-07 17:05 - 2008-07-29 20:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2008-01-03 03:00 - 2008-01-03 03:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2009-03-08 01:21 - 2003-06-07 23:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2013-12-15 17:29 - 2014-04-22 12:55 - 00170776 _____ () C:\Program Files\McAfee\MSK\mskoeplg.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2014 03:15:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 08:20:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/09/2014 08:20:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\CYBERLINK POWERDVD.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (06/09/2014 03:19:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (06/09/2014 03:16:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/09/2014 03:14:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 09.06.2014 um 11:46:34 unerwartet heruntergefahren.

Error: (06/09/2014 09:09:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (06/09/2014 08:59:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (06/09/2014 08:59:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/09/2014 08:55:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/09/2014 08:53:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 09.06.2014 um 08:41:49 unerwartet heruntergefahren.

Error: (06/09/2014 08:39:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/09/2014 08:35:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 09.06.2014 um 08:20:58 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (06/09/2014 03:15:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 08:20:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK

Error: (06/09/2014 08:20:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE-REGISTRIERUNG.LNK

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE-REGISTRIERUNG.LNK

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD-HILFE.LNK

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD-HILFE.LNK

Error: (06/09/2014 08:20:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\CYBERLINK POWERDVD.LNK


==================== Memory info =========================== 

Percentage of memory in use: 69%
Total physical RAM: 2045.37 MB
Available physical RAM: 618.66 MB
Total Pagefile: 4329.22 MB
Available Pagefile: 2600.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.94 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:111.57 GB) (Free:64.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:111.55 GB) (Free:104.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 5D9D4081)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 10.06.2014, 08:12

Servus,

es geht erst mal so weiter:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

papous06 · 10.06.2014, 16:44

Combofix brachte die Meldung, dass die Antivir- und Spy-SW von AMAfee noch aktiv wäre, sie waren aber deaktiviert.

Code:

ATTFilter

ComboFix 14-06-10.01 - Gunter 10.06.2014  16:25:55.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2045.692 [GMT 2:00]
ausgeführt von:: c:\users\Gunter\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\spsys.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-10 bis 2014-06-10  ))))))))))))))))))))))))))))))
.
.
2014-06-10 14:38 . 2014-06-10 14:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-09 19:57 . 2014-06-09 13:41	--------	d-----w-	C:\FRST
2014-06-09 14:35 . 2014-06-09 14:35	--------	d-----w-	c:\users\Gunter\AppData\Roaming\Nico Mak Computing
2014-06-09 14:35 . 2014-06-09 14:35	--------	d-----w-	c:\programdata\Nico Mak Computing
2014-06-09 14:35 . 2014-06-09 16:59	--------	d-----w-	c:\program files\WinZip Malware Protector
2014-06-09 14:35 . 2013-03-15 15:01	16384	----a-w-	c:\windows\system32\wsusnative32.exe
2014-06-09 13:55 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{41A7E1DB-886C-4814-BD9B-0C2076C262DA}\mpengine.dll
2014-06-08 14:52 . 2014-06-08 14:52	--------	d-----w-	c:\program files\Common Files\Skype
2014-06-04 11:54 . 2014-05-05 23:14	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-13 16:30 . 2012-10-01 08:05	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-13 16:30 . 2012-10-01 08:05	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-04-13 16:26 . 2014-04-13 16:05	477008	----a-w-	c:\windows\system32\hmpalert.dll
2014-04-13 16:26 . 2014-04-13 16:05	75640	----a-w-	c:\windows\system32\drivers\hmpalert.sys
2014-04-03 16:07 . 2013-11-04 16:22	61400	----a-w-	c:\windows\system32\drivers\cfwids.sys
2014-04-03 15:59 . 2013-11-04 16:17	215624	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2014-04-03 15:59 . 2013-12-15 14:41	179600	----a-w-	c:\windows\system32\mfevtps.exe
2014-04-03 15:52 . 2013-09-24 19:45	574576	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2014-04-03 15:50 . 2013-11-04 16:10	367776	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2014-04-03 15:49 . 2013-11-04 16:10	66408	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2014-04-03 15:48 . 2013-11-04 16:09	236672	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2014-04-03 15:47 . 2013-09-24 19:42	134600	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2014-03-31 07:35 . 2009-10-04 08:02	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-03-18 05:08 . 2014-03-18 05:08	10600	----a-w-	c:\windows\system32\drivers\mfeclnrk.sys
2014-03-18 05:07 . 2014-03-18 05:07	81264	----a-w-	c:\windows\system32\drivers\mfencrk.sys
2014-03-18 05:07 . 2014-03-18 05:07	345584	----a-w-	c:\windows\system32\drivers\mfencbdc.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-05-14 14:06	157168	----a-w-	c:\programdata\Partner\partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-12 249856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-14 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-03-20 162856]
"VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~1\VIDEOD~2\bar\1.bin\4zbrmon.exe" [2013-09-25 30096]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]
"Ashampoo WinOptimizer Live-Tuner"="c:\program files\Ashampoo\Ashampoo WinOptimizer 9\LiveTuner.exe" [2012-05-14 2883456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"WinZip Malware Protector_startup"="c:\program files\WinZip Malware Protector\WinZipMalwareProtector.exe" [2013-03-26 6390136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	wsusnative32\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"eRecoveryService"=
"Acer Tour Reminder"=c:\acer\AcerTour\Reminder.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 16:30]
.
2014-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf7bf388b39bd7.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:43]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:43]
.
2013-03-22 c:\windows\Tasks\One-Click Optimizer.job
- c:\program files\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2012-12-15 11:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0309&m=travelmate_5520
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 195.50.140.248 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
HKLM-Run-VideoDownloadConverter Search Scope Monitor - c:\progra~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-06-10 16:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-06-10  16:42:25
ComboFix-quarantined-files.txt  2014-06-10 14:42
.
Vor Suchlauf: 10 Verzeichnis(se), 70.415.572.992 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 70.497.779.712 Bytes frei
.
- - End Of File - - A888FB19C9ED4BB6F0EF6092A5E5B3EB
6FC6F9186C07BCA94E140F63BFE6E9B4

ComboFix gemeldet, dass das Antiviren-und Anti-Spyware SW noch aktiv wäre. Sie war aber deaktiviert.

Code:

ATTFilter

ComboFix 14-06-10.01 - Gunter 10.06.2014  16:25:55.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2045.692 [GMT 2:00]
ausgeführt von:: c:\users\Gunter\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\spsys.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-10 bis 2014-06-10  ))))))))))))))))))))))))))))))
.
.
2014-06-10 14:38 . 2014-06-10 14:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-09 19:57 . 2014-06-09 13:41	--------	d-----w-	C:\FRST
2014-06-09 14:35 . 2014-06-09 14:35	--------	d-----w-	c:\users\Gunter\AppData\Roaming\Nico Mak Computing
2014-06-09 14:35 . 2014-06-09 14:35	--------	d-----w-	c:\programdata\Nico Mak Computing
2014-06-09 14:35 . 2014-06-09 16:59	--------	d-----w-	c:\program files\WinZip Malware Protector
2014-06-09 14:35 . 2013-03-15 15:01	16384	----a-w-	c:\windows\system32\wsusnative32.exe
2014-06-09 13:55 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{41A7E1DB-886C-4814-BD9B-0C2076C262DA}\mpengine.dll
2014-06-08 14:52 . 2014-06-08 14:52	--------	d-----w-	c:\program files\Common Files\Skype
2014-06-04 11:54 . 2014-05-05 23:14	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-13 16:30 . 2012-10-01 08:05	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-13 16:30 . 2012-10-01 08:05	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-04-13 16:26 . 2014-04-13 16:05	477008	----a-w-	c:\windows\system32\hmpalert.dll
2014-04-13 16:26 . 2014-04-13 16:05	75640	----a-w-	c:\windows\system32\drivers\hmpalert.sys
2014-04-03 16:07 . 2013-11-04 16:22	61400	----a-w-	c:\windows\system32\drivers\cfwids.sys
2014-04-03 15:59 . 2013-11-04 16:17	215624	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2014-04-03 15:59 . 2013-12-15 14:41	179600	----a-w-	c:\windows\system32\mfevtps.exe
2014-04-03 15:52 . 2013-09-24 19:45	574576	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2014-04-03 15:50 . 2013-11-04 16:10	367776	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2014-04-03 15:49 . 2013-11-04 16:10	66408	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2014-04-03 15:48 . 2013-11-04 16:09	236672	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2014-04-03 15:47 . 2013-09-24 19:42	134600	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2014-03-31 07:35 . 2009-10-04 08:02	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-03-18 05:08 . 2014-03-18 05:08	10600	----a-w-	c:\windows\system32\drivers\mfeclnrk.sys
2014-03-18 05:07 . 2014-03-18 05:07	81264	----a-w-	c:\windows\system32\drivers\mfencrk.sys
2014-03-18 05:07 . 2014-03-18 05:07	345584	----a-w-	c:\windows\system32\drivers\mfencbdc.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-05-14 14:06	157168	----a-w-	c:\programdata\Partner\partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-12 249856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-14 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-03-20 162856]
"VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~1\VIDEOD~2\bar\1.bin\4zbrmon.exe" [2013-09-25 30096]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]
"Ashampoo WinOptimizer Live-Tuner"="c:\program files\Ashampoo\Ashampoo WinOptimizer 9\LiveTuner.exe" [2012-05-14 2883456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"WinZip Malware Protector_startup"="c:\program files\WinZip Malware Protector\WinZipMalwareProtector.exe" [2013-03-26 6390136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	wsusnative32\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"eRecoveryService"=
"Acer Tour Reminder"=c:\acer\AcerTour\Reminder.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 16:30]
.
2014-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf7bf388b39bd7.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:43]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:43]
.
2013-03-22 c:\windows\Tasks\One-Click Optimizer.job
- c:\program files\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2012-12-15 11:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0309&m=travelmate_5520
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 195.50.140.248 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
HKLM-Run-VideoDownloadConverter Search Scope Monitor - c:\progra~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-06-10 16:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-06-10  16:42:25
ComboFix-quarantined-files.txt  2014-06-10 14:42
.
Vor Suchlauf: 10 Verzeichnis(se), 70.415.572.992 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 70.497.779.712 Bytes frei
.
- - End Of File - - A888FB19C9ED4BB6F0EF6092A5E5B3EB
6FC6F9186C07BCA94E140F63BFE6E9B4

M-K-D-B · 11.06.2014, 10:42

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.

Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
iedefaults;
resetIEproxy;
FFdefaults;
CHRdefaults;
emptyclsid;
autoclean;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von Zoek,
die beiden neuen Logdateien von FRST.

papous06 · 11.06.2014, 17:35

aus Schritt 1

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 11/06/2014 um 15:45:17
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzername : Gunter - GUNTER-PC
# Gestartet von : C:\Users\Gunter\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : VideoDownloadConverter_4zService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\VideoDownloadConverter
Ordner Gelöscht : C:\Program Files\VideoDownloadConverter_4z
Ordner Gelöscht : C:\Users\Gunter\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Gunter\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Gunter\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gunter\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Gunter\AppData\LocalLow\VideoDownloadConverter_4z
Ordner Gelöscht : C:\Users\Gunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Ordner Gelöscht : C:\Users\Gunter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncherSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncherSettings.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin
Schlüssel Gelöscht : HKCU\Software\1f8a2c72b5fd8a12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3241949
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{385F1935-3784-48D0-A61F-6385493DED3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A86782D8-7B41-452F-A217-1854F72DBA54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKCU\Software\VideoDownloadConverter_4z
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\VideoDownloadConverter
Schlüssel Gelöscht : HKLM\Software\VideoDownloadConverter_4z
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Google Chrome v

[ Datei : C:\Users\Gunter\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={ABE4EA31-3ECD-464B-A65A-51A16A7A4932}&mid=a3a027705bfc47d6ba4ad14946e4e9f3-8d450d5a908c024a783f03e76cafc18ca312075b&lang=de&ds=AVG&pr=fr&d=2012-12-15 18:54:27&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
Gelöscht [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla
Gelöscht [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [14571 octets] - [11/06/2014 15:42:13]
AdwCleaner[S0].txt - [14377 octets] - [11/06/2014 15:45:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14438 octets] ##########

aus Schritt 2

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 11.06.2014
Scan Time: 16:15:54
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.11.04
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Gunter

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 262266
Time Elapsed: 12 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

zu Schritt 3

Code:

ATTFilter

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Gunter on 11.06.2014 at 16:47:21,19.
Microsoft® Windows Vista™ Home Basic  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gunter\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

11.06.2014 16:49:10 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2331331185-1874896325-974521786-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6EDCA85B-A6E2-47FD-BF76-6A48C0E788E8} deleted successfully
HKEY_USERS\S-1-5-21-2331331185-1874896325-974521786-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9E575D80-89A0-41E9-900E-65E7DEC64F3F} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} deleted
C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted
C:\Program Files\WinZip Malware Protector deleted
C:\Users\Public\Desktop\WinZip Malware Protector.lnk deleted
C:\Users\Gunter\AppData\Roaming\ZoomBrowser EX deleted
C:\PROGRA~2\as98213.txt deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
"C:\ProgramData\iamdixqneidxygt" deleted
"C:\ProgramData\ifmgixmnvizxpgt" deleted
"C:\Users\Gunter\AppData\Roaming\Guuh\xyvuo.die" deleted
"C:\Users\Gunter\AppData\Roaming\Ozat\urat.syd" deleted
"C:\Users\Gunter\AppData\Roaming\Navial\agoms.xey" deleted
"C:\Users\Gunter\AppData\Roaming\Guuh" deleted
"C:\Users\Gunter\AppData\Roaming\Itke" deleted
"C:\Users\Gunter\AppData\Roaming\Ozat" deleted
"C:\Users\Gunter\AppData\Roaming\Iwocon" deleted
"C:\Users\Gunter\AppData\Roaming\Navial" deleted
"C:\Users\Gunter\AppData\Roaming\Uvilus" deleted
"C:\Users\Gunter\AppData\Roaming\Cscjava" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files\McAfee\SiteAdvisor" [30.05.2014 16:11]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx[23.04.2014 17:50]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=0309&m=travelmate_5520"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6EDCA85B-A6E2-47FD-BF76-6A48C0E788E8}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6EDCA85B-A6E2-47FD-BF76-6A48C0E788E8}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google  Url="hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Gunter\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Gunter\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1 deleted successfully

==== Empty IE Cache ======================

C:\Users\Gunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QEBPQ42 will be deleted at reboot
C:\Users\Gunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2VNQBE6 will be deleted at reboot
C:\Users\Gunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GECLJ4Z0 will be deleted at reboot
C:\Users\Gunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQYDEAK6 will be deleted at reboot
C:\Users\Gunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Gunter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=80 folders=14 20441522 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Gunter\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Gunter\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Gunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Gunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QEBPQ42" not found
"C:\Users\Gunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2VNQBE6" not found
"C:\Users\Gunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GECLJ4Z0" not found
"C:\Users\Gunter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQYDEAK6" not found

==== EOF on 11.06.2014 at 18:12:26,73 ======================

zu Schritt 4

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-06-2014 01
Ran by Gunter (administrator) on GUNTER-PC on 11-06-2014 18:25:35
Running from C:\Users\Gunter\Desktop
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Windows\PLFSetI.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Realtek Semiconductor Corp.) C:\Users\Gunter\AppData\Local\Temp\RtkBtMnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_182_ActiveX.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4853760 2008-01-08] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [81920 2008-01-22] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-01-08] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [WinZip Malware Protector_startup] => "C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe" autolaunch
HKU\S-1-5-21-2331331185-1874896325-974521786-1003\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-12] (Macrovision Corporation)
HKU\S-1-5-21-2331331185-1874896325-974521786-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-05-14] (Google Inc.)
HKU\S-1-5-21-2331331185-1874896325-974521786-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE327
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE327
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.50.140.248 192.168.0.1

FireFox:
========
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-15]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-15]

========================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2008-06-10] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-13] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 Irmon; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer) [File not signed]
S3 WO_LiveService; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [884608 2012-05-14] ()

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [75640 2014-04-13] ()
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R2 LiveTunerPM; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor32.sys [12696 2011-03-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [66296 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-04-03] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-04-03] (McAfee, Inc.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2009-02-17] (NewTech Infosystems, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Gunter\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 18:25 - 2014-06-11 18:26 - 00017438 _____ () C:\Users\Gunter\Desktop\FRST.txt
2014-06-11 18:25 - 2014-06-11 18:25 - 01073152 _____ (Farbar) C:\Users\Gunter\Desktop\FRST.exe
2014-06-11 18:12 - 2014-06-11 18:13 - 00000000 ____D () C:\Users\Gunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-06-11 17:23 - 2014-06-11 18:26 - 00000000 ____D () C:\Users\Gunter\AppData\Local\Temp
2014-06-11 17:23 - 2014-06-11 17:23 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 17:23 - 2014-06-11 17:23 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 17:23 - 2014-06-11 17:23 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 17:23 - 2014-06-11 16:47 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-11 16:48 - 2014-06-11 18:12 - 00008405 _____ () C:\zoek-results.log
2014-06-11 16:47 - 2014-06-11 17:16 - 00000000 ____D () C:\zoek_backup
2014-06-11 16:46 - 2014-06-11 16:46 - 01285120 _____ () C:\Users\Gunter\Desktop\zoek.exe
2014-06-11 16:34 - 2014-06-11 16:34 - 00001059 _____ () C:\Users\Gunter\Desktop\mbam.txt
2014-06-11 16:14 - 2014-06-11 18:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 16:13 - 2014-06-11 16:13 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-11 16:13 - 2014-06-11 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-11 16:13 - 2014-06-11 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-11 16:13 - 2014-06-11 16:13 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-11 16:13 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-11 16:13 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-11 16:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-11 15:42 - 2014-06-11 15:45 - 00000000 ____D () C:\AdwCleaner
2014-06-11 15:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-11 15:37 - 2014-06-11 15:37 - 01333465 _____ () C:\Users\Gunter\Desktop\adwcleaner_3.212.exe
2014-06-10 16:54 - 2014-06-10 16:54 - 00000296 _____ () C:\Windows\system32\spsys.log
2014-06-10 16:42 - 2014-06-10 16:42 - 00010036 _____ () C:\ComboFix.txt
2014-06-10 16:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-10 16:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-10 16:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-10 16:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-10 16:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-10 16:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-10 16:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-10 16:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-10 16:13 - 2014-06-10 16:42 - 00000000 ____D () C:\Qoobox
2014-06-10 16:13 - 2014-06-10 16:40 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 16:00 - 2014-06-10 16:00 - 05205915 ____R (Swearware) C:\Users\Gunter\Desktop\ComboFix.exe
2014-06-09 21:57 - 2014-06-11 18:25 - 00000000 ____D () C:\FRST
2014-06-09 17:12 - 2014-06-11 18:08 - 00016254 _____ () C:\Windows\PFRO.log
2014-06-09 16:35 - 2014-06-09 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-09 16:35 - 2014-06-09 16:35 - 00000000 ____D () C:\Users\Gunter\AppData\Roaming\Nico Mak Computing
2014-06-09 16:35 - 2014-06-09 16:35 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-09 16:35 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-06-08 16:52 - 2014-06-08 16:52 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-04 13:54 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-04 13:54 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-04 13:54 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 13:47 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-30 12:40 - 2014-05-30 12:40 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf7bf388b39bd7.job

==================== One Month Modified Files and Folders =======

2014-06-11 18:26 - 2014-06-11 18:25 - 00017438 _____ () C:\Users\Gunter\Desktop\FRST.txt
2014-06-11 18:26 - 2014-06-11 17:23 - 00000000 ____D () C:\Users\Gunter\AppData\Local\Temp
2014-06-11 18:25 - 2014-06-11 18:25 - 01073152 _____ (Farbar) C:\Users\Gunter\Desktop\FRST.exe
2014-06-11 18:25 - 2014-06-09 21:57 - 00000000 ____D () C:\FRST
2014-06-11 18:17 - 2013-12-15 17:30 - 00001755 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-06-11 18:17 - 2013-12-15 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-11 18:15 - 2009-03-07 16:48 - 01576454 _____ () C:\Windows\WindowsUpdate.log
2014-06-11 18:15 - 2006-11-02 12:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 18:14 - 2012-03-02 14:36 - 00000000 ____D () C:\Users\Gunter\AppData\Roaming\Skype
2014-06-11 18:13 - 2014-06-11 18:12 - 00000000 ____D () C:\Users\Gunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2014-06-11 18:12 - 2014-06-11 16:48 - 00008405 _____ () C:\zoek-results.log
2014-06-11 18:12 - 2014-06-11 16:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 18:09 - 2006-11-02 14:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-11 18:09 - 2006-11-02 14:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 18:08 - 2014-06-09 17:12 - 00016254 _____ () C:\Windows\PFRO.log
2014-06-11 18:06 - 2009-03-07 16:50 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-11 17:23 - 2014-06-11 17:23 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 17:23 - 2014-06-11 17:23 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 17:23 - 2014-06-11 17:23 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 17:16 - 2014-06-11 16:47 - 00000000 ____D () C:\zoek_backup
2014-06-11 16:47 - 2014-06-11 17:23 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-11 16:46 - 2014-06-11 16:46 - 01285120 _____ () C:\Users\Gunter\Desktop\zoek.exe
2014-06-11 16:34 - 2014-06-11 16:34 - 00001059 _____ () C:\Users\Gunter\Desktop\mbam.txt
2014-06-11 16:13 - 2014-06-11 16:13 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-11 16:13 - 2014-06-11 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-11 16:13 - 2014-06-11 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-11 16:13 - 2014-06-11 16:13 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-11 15:45 - 2014-06-11 15:42 - 00000000 ____D () C:\AdwCleaner
2014-06-11 15:41 - 2014-04-13 18:05 - 00000000 ____D () C:\Windows\CryptoGuard
2014-06-11 15:37 - 2014-06-11 15:37 - 01333465 _____ () C:\Users\Gunter\Desktop\adwcleaner_3.212.exe
2014-06-10 16:54 - 2014-06-10 16:54 - 00000296 _____ () C:\Windows\system32\spsys.log
2014-06-10 16:42 - 2014-06-10 16:42 - 00010036 _____ () C:\ComboFix.txt
2014-06-10 16:42 - 2014-06-10 16:13 - 00000000 ____D () C:\Qoobox
2014-06-10 16:42 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-06-10 16:40 - 2014-06-10 16:13 - 00000000 ____D () C:\Windows\erdnt
2014-06-10 16:38 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-06-10 16:00 - 2014-06-10 16:00 - 05205915 ____R (Swearware) C:\Users\Gunter\Desktop\ComboFix.exe
2014-06-09 17:18 - 2014-04-13 21:15 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-09 17:06 - 2014-06-09 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2014-06-09 16:35 - 2014-06-09 16:35 - 00000000 ____D () C:\Users\Gunter\AppData\Roaming\Nico Mak Computing
2014-06-09 16:35 - 2014-06-09 16:35 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-06-08 18:21 - 2013-12-15 16:41 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-06-08 17:32 - 2006-11-02 14:44 - 00082944 _____ () C:\Windows\system32\umstartup.etl
2014-06-08 16:52 - 2014-06-08 16:52 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-08 16:52 - 2014-03-26 20:20 - 00000000 ___RD () C:\Program Files\Skype
2014-06-08 16:51 - 2013-05-19 16:00 - 00000000 ____D () C:\ProgramData\Skype
2014-06-04 14:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-04 14:06 - 2013-08-16 11:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-04 13:59 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-30 12:40 - 2014-05-30 12:40 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf7bf388b39bd7.job
2014-05-30 12:40 - 2013-12-15 17:26 - 00000000 ____D () C:\Program Files\McAfee
2014-05-12 07:26 - 2014-06-11 16:13 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-11 16:13 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-11 16:13 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Gunter\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-11 18:16

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-06-2014 01
Ran by Gunter at 2014-06-11 18:26:39
Running from C:\Users\Gunter\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Acer Crystal Eye Webcam 2.0.9.2 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.9.2 - SuYin)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4304 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4309 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 2.11.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{251629BE-4EC9-DA91-E793-20AF9C28E63C}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.3.0.14 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.1.0.27 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)
Catalyst Control Center - Branding (HKLM\...\{3594EE90-B157-4519-9E82-8B6F4711A0A1}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0309.2141.36947 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0309.2141.36947 - ATI) Hidden
ccc-core-static (Version: 2008.0309.2141.36947 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.0309.2141.36947 - ATI) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Total Protection (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.37 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.37 - NewTech Infosystems) Hidden
OpenOffice.org 3.0 (HKLM\...\{7EC19307-7C22-47A8-922B-3FA965291260}) (Version: 3.0.9379 - OpenOffice.org)
PDF24 Creator 5.4.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.3704d.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5543 - Realtek Semiconductor Corp.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VideoDownloadConverter Internet Explorer Toolbar (HKLM\...\VideoDownloadConverter_4zbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
VideoLAN VLC media player 0.8.4a (HKLM\...\VLC media player) (Version: 0.8.4a - VideoLAN Team)
WIDCOMM Bluetooth Software 6.1.0.2000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.2000 - Broadcom Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

16-03-2014 16:08:38 Windows Update
21-03-2014 18:26:40 Windows Update
26-03-2014 11:20:52 Windows Update
01-04-2014 09:54:32 Windows Update
05-04-2014 09:37:01 Windows Update
08-04-2014 10:38:11 Windows Update
11-04-2014 14:28:10 Windows Update
17-04-2014 16:08:46 Windows Update
25-04-2014 19:09:19 Windows Update
29-04-2014 09:29:17 Windows Update
02-05-2014 10:15:33 Windows Update
05-05-2014 05:34:50 Windows Update
09-05-2014 11:29:41 Windows Update
30-05-2014 11:40:33 Windows Update
04-06-2014 11:54:01 Windows Update
09-06-2014 13:54:25 Windows Update
09-06-2014 15:06:22 WinZip Malware Protector
11-06-2014 14:48:38 zoek.exe restore point

==================== Hosts content: ==========================

2006-11-02 12:23 - 2014-06-10 16:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {15AEA3AA-9604-44FB-B95F-3A8441649A59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {433D0A5F-DB36-4273-9B53-1E8DDFB72520} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29] (Sun Microsystems, Inc.)
Task: {4A96AC0F-352D-4A1C-87BA-E18EEF7C77C2} - System32\Tasks\One-Click Optimizer => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2012-05-14] (Ashampoo Development GmbH & Co. KG)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {87B233FB-6E2F-4D2A-975F-C9ABF467C7F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {B10F081C-B276-48A4-B4E9-321F380D87F0} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {CA632061-3AE1-45E6-BB99-D1C148A9968F} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-12] (Macrovision Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf7bf388b39bd7.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe

==================== Loaded Modules (whitelisted) =============

2009-03-07 17:13 - 2007-11-27 19:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2009-03-07 17:13 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2009-03-07 17:12 - 2007-02-13 07:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2009-03-07 17:12 - 2007-02-13 07:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2009-03-07 17:12 - 2007-12-19 19:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2009-03-07 17:12 - 2007-12-19 19:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2009-03-07 17:12 - 2007-12-19 19:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2009-03-07 17:05 - 2008-07-29 20:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2008-01-03 03:00 - 2008-01-03 03:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2009-03-08 01:21 - 2003-06-07 23:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2014 06:09:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 03:50:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 03:41:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung McSvHost.exe, Version 3.8.703.0, Zeitstempel 0x51f7de31, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0067006f,
Prozess-ID 0x308, Anwendungsstartzeit McSvHost.exe0.

Error: (06/11/2014 03:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 04:54:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 03:55:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/10/2014 03:55:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/10/2014 03:55:34 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/10/2014 03:55:34 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/10/2014 03:55:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (06/11/2014 06:15:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (06/11/2014 06:09:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/11/2014 06:09:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Infrarotüberwachungsdienst%%2

Error: (06/11/2014 05:16:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (06/11/2014 05:16:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (06/11/2014 05:16:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (06/11/2014 05:16:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (06/11/2014 05:16:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (06/11/2014 04:04:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Platform Services%%1053

Error: (06/11/2014 04:04:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000McAfee Platform Services


Microsoft Office Sessions:
=========================
Error: (06/11/2014 06:09:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 03:50:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 03:41:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7de31unknown0.0.0.000000000c00000050067006f30801cf85797de03473

Error: (06/11/2014 03:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 04:54:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 03:55:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK

Error: (06/10/2014 03:55:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK

Error: (06/10/2014 03:55:34 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK

Error: (06/10/2014 03:55:34 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK

Error: (06/10/2014 03:55:32 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\GUNTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE-REGISTRIERUNG.LNK


CodeIntegrity Errors:
===================================
  Date: 2014-06-11 18:26:33.787
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-11 18:26:33.150
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-11 18:26:32.513
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-11 18:26:31.873
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-11 18:26:31.232
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-11 18:26:30.597
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-11 18:26:29.956
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-11 18:26:29.266
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-11 18:26:28.381
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-11 18:26:27.742
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 69%
Total physical RAM: 2045.37 MB
Available physical RAM: 627.8 MB
Total Pagefile: 4331.22 MB
Available Pagefile: 2587.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.86 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:111.57 GB) (Free:67.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:111.55 GB) (Free:104.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 5D9D4081)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 12.06.2014, 09:30

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
HKLM\...\Run: [WinZip Malware Protector_startup] => "C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe" autolaunch
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
C:\Program Files\WinZip Malware Protector
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:file 
C:\Windows\system32\wsusnative32.exe

:regfind
WinZip Malware Protector
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von SystemLook,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

papous06 · 12.06.2014, 17:56

FRST

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-06-2014 01
Ran by Gunter at 2014-06-12 16:09:21 Run:2
Running from C:\Users\Gunter\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [WinZip Malware Protector_startup] => "C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe" autolaunch
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
C:\Program Files\WinZip Malware Protector
Reboot:
end

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WinZip Malware Protector_startup => value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector => Moved successfully.
"C:\Program Files\WinZip Malware Protector" => File/Directory not found.


The system needed a reboot. 

==== End of Fixlog ====

Systemlook

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 16:23 on 12/06/2014 by Gunter
Administrator - Elevation successful

========== file ==========

C:\Windows\system32\wsusnative32.exe - File found and opened.
MD5: 6CB684788C8903F75B06BEDD88C00E8B
Created at 14:35 on 09/06/2014
Modified at 15:01 on 15/03/2013
Size: 16384 bytes
Attributes: --a----
No version information available.

========== regfind ==========

Searching for "WinZip Malware Protector"
[HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Malware Protector]
[HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip Malware Protector]
"InstalledPath"="C:\Program Files\WinZip Malware Protector"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe"="WinZip Malware Protector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
"WinZip Malware Protector.bak"="C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg\command]
@="C:\Program Files\WinZip Malware Protector\filetypehelper.exe -scanunknown "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg\command]
"WinZip Malware Protector.bak"="C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Nico Mak Computing\WinZip Malware Protector]
[HKEY_LOCAL_MACHINE\SOFTWARE\Nico Mak Computing\WinZip Malware Protector]
"InstalledPath"="C:\Program Files\WinZip Malware Protector"
[HKEY_LOCAL_MACHINE\SYSTEM\WinZip Malware Protector]
[HKEY_LOCAL_MACHINE\SYSTEM\WinZip Malware Protector]
"InfilePath"="\??\C:\Users\Gunter\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\native\nativeapp.in"
[HKEY_LOCAL_MACHINE\SYSTEM\WinZip Malware Protector]
"BackupPath"="\??\C:\Users\Gunter\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Quarantine"
[HKEY_USERS\S-1-5-21-2331331185-1874896325-974521786-1003\Software\Nico Mak Computing\WinZip Malware Protector]
[HKEY_USERS\S-1-5-21-2331331185-1874896325-974521786-1003\Software\Nico Mak Computing\WinZip Malware Protector]
"InstalledPath"="C:\Program Files\WinZip Malware Protector"
[HKEY_USERS\S-1-5-21-2331331185-1874896325-974521786-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe"="WinZip Malware Protector"
[HKEY_USERS\S-1-5-21-2331331185-1874896325-974521786-1003_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe"="WinZip Malware Protector"

-= EOF =-

ESET

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=3863e551551ff640ae6d197ad610046c
# engine=18687
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-12 03:31:57
# local_time=2014-06-12 05:31:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5125 16777214 100 100 342600 89002133 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 91929 240119889 0 0
# scanned=126010
# found=21
# cleaned=0
# scan_time=3390
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zauxstb.dll.vir"
sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe.vir"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe.vir"
sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll.vir"
sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll.vir"
sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdyn.dll.vir"
sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll.vir"
sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe.vir"
sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll.vir"
sh=AFCAAC5845D81A407C63733E4A7D007167F96BE8 ft=1 fh=02b0c8de8c8e9f1e vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zimpipe.exe.vir"
sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe.vir"
sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll.vir"
sh=DF34CABFDEF48FE1D989F067D363C7BCBB4FC854 ft=1 fh=ff34ff5adb77c554 vn="Win32/Toolbar.MyWebSearch.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll.vir"
sh=0DA4D2400B4BD3E8DE1B2FE0315F010F496717E4 ft=1 fh=051f948bc16518f1 vn="Win32/Reveton.AI Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\gye6jbe.cpp\gye6jbe.cpp.xBAD"
sh=CB34CF79ED8C8C7E58E9E942C4289652011B087F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gunter\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Quarantine\adware.dropper._qt_"
sh=D1C362E3F5075597DB55CE247CD448B011932C81 ft=0 fh=0000000000000000 vn="möglicherweise Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gunter\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Quarantine\adware.mywebsearch._qt_"
sh=C35AA9630EF3C416261D3480A679BC52B678444C ft=0 fh=0000000000000000 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gunter\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Quarantine\pup.mywebsearch._qt_"
sh=F92C8500ACC357FC37042E689DF30C418F9E26F9 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Gunter\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector\Quarantine\pup.optional._qt_"
sh=2885AA8366E6D69928B129AF799E2C45C227F60B ft=1 fh=018a44c6cf6e2c79 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Program Files_WinZip Malware Protector\WinZipMalwareProtector.exe"
sh=7B2E1574C0CDE960B7D614168C951CC2F8B27584 ft=1 fh=e148962e1ed0ec4f vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="D:\eigene Dateien\Downloads\Babylon9_setup.exe"

SecurityCheck ich habe dummerweise den Dateiihalt gelöscht und habe den Check ein zweites mal laufen lassen

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.83  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
McAfee Anti-Virus und Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 24  
 Java(TM) 6 Update 7  
 Java version out of Date! 
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Empowering Technology eSettings Service capuserv.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

09.06.2014, 14:10	#6
M-K-D-B /// TB-Ausbilder	Wo Vista 32-bit: Trojaner mit Sperrschirm Lösung! Startet dein Rechner wieder normal?

Vista 32-bit: Trojaner mit Sperrschirm

Alles rund um Windows: Vista 32-bit: Trojaner mit Sperrschirm

Problem: Vista 32-bit: Trojaner mit Sperrschirm