Hallo und danke für die schnelle Antwort.
Revo Uninstaller hat nur 3 Programme gefunden und konnte diese nicht Deinstallieren. Ich habe dann Combofix ausgeführt.
Code:
Alles auswählen Aufklappen ATTFilter
ComboFix 14-07-03.01 - Computer 04.07.2014 11:19:34.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.8134.6840 [GMT 2:00]
ausgeführt von:: c:\users\Computer\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LIL7639.tmp
C:\LIL7648.tmp
C:\LIL7677.tmp
C:\LIL7696.tmp
C:\LIL76C5.tmp
c:\users\Computer\AppData\Local\nsd3B9A.tmp
c:\users\Computer\AppData\Local\nsl5C18.tmp
c:\users\Computer\AppData\Local\nsq9933.tmp
c:\users\Computer\AppData\Local\nsrA8C.tmp
c:\users\Public\AlexaNSISPlugin.5488.dll
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-04 bis 2014-07-04 ))))))))))))))))))))))))))))))
.
.
2014-07-04 09:23 . 2014-07-04 09:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-04 08:34 . 2014-07-04 08:34 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-07-04 07:24 . 2014-07-04 07:25 -------- d-----w- C:\FRST
2014-07-03 06:30 . 2014-07-04 07:29 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-03 06:29 . 2014-07-03 06:29 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-07-03 06:29 . 2014-07-03 06:29 -------- d-----w- c:\programdata\Malwarebytes
2014-07-03 06:29 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-03 06:29 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-03 06:29 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-03 06:16 . 2014-06-05 01:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7F61AC4-0148-4E98-A4BB-3E78548652D2}\mpengine.dll
2014-07-02 09:08 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-02 09:06 . 2014-07-02 09:12 -------- d-----w- C:\AdwCleaner
2014-06-29 21:30 . 2014-06-29 21:30 -------- d-----w- c:\program files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-06-26 19:30 . 2014-06-26 19:30 -------- d-----w- c:\program files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191
2014-06-15 16:24 . 2014-06-15 16:24 -------- d-----w- c:\programdata\BlueStacks
2014-06-09 10:04 . 2014-06-09 10:04 -------- d-----w- c:\users\Computer\AppData\Roaming\DriverFinder
2014-06-09 09:54 . 2014-06-23 21:57 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-06-09 09:54 . 2014-06-09 09:54 -------- d-----w- c:\users\Computer\AppData\Local\SlimWare Utilities Inc
2014-06-09 09:54 . 2014-06-09 09:54 -------- d-----w- c:\program files (x86)\DriverUpdate
2014-06-06 10:56 . 2014-06-06 11:00 -------- d-----w- c:\users\Computer\AppData\Local\Adobe
2014-06-06 10:43 . 2014-06-06 10:43 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-03 13:11 . 2014-04-02 17:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-07-03 07:31 . 2013-02-02 13:14 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-02 20:25 . 2014-06-02 20:25 46376 ----a-w- c:\windows\system32\drivers\netfilter64.sys
2014-05-30 16:31 . 2014-05-30 16:31 12219608 ----a-w- C:\TRANSLATE
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-10-03 1193176]
"Steam"="c:\steam\Steam.exe" [2014-05-29 1754816]
"AcerCloud"="c:\program files (x86)\Acer\Acer Portal\acpanel_win.exe" [2014-02-13 18247424]
"Google+ Auto Backup"="c:\users\Computer\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-01-06 3619096]
"GoogleChromeAutoLaunch_99AE18632314C5772DDF1A65D9BFB3A0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-24 841032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2012-07-26 62976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Erinnerungen für Microsoft Works-Kalender.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-8-6 53317]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 SPDRIVER_1.0.0.21;SPDRIVER_1.0.0.21;c:\program files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.SYS;c:\program files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.SYS [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys;c:\windows\SYSNATIVE\DRIVERS\cjusb.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Portal\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Portal\CCDMonitorService.exe [x]
R4 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe;c:\windows\SysWOW64\cjpcsc.exe [x]
R4 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R4 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
R4 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
R4 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [x]
R4 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;c:\program files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-12 12:08 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf500a5f10f8ca.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29 17:27]
.
2014-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29 17:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-02 12921488]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.3.0.12
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_99f740896c4e4f5db538310a9845c664_39_1006_20130731_DE_ff_sp_
FF - ExtSQL: !HIDDEN! 2013-07-10 21:28; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\program files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - ExtSQL: !HIDDEN! 2014-02-26 18:37; quick_start@gmail.com; c:\users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default\extensions\quick_start@gmail.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - c:\programdata\easYtosHop\gOT8meg.dll
BHO-{E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - c:\programdata\CoonverrtMe\aKj_.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-SPDriver - c:\program files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.EXE
Wow6432Node-HKLM-Run-SPDriver - c:\program files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.EXE
BHO-{E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - c:\programdata\easYtosHop\gOT8meg.x64.dll
BHO-{E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - c:\programdata\CoonverrtMe\aKj_.x64.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Save Sense - c:\users\Computer\AppData\Local\SaveSense\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\WksCal.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-04 11:29:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-07-04 09:29
.
Vor Suchlauf: 14 Verzeichnis(se), 269.624.549.376 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 270.206.504.960 Bytes frei
.
- - End Of File - - D688D48513656355BFB910035F76DE7E
5FB38429D5D77768867C76DCBDB35194
04.07.2014, 10:33
Baum-Darstellung