Datei xyz.exe enthielt einen Virus und wurde gelöscht

schrauber · 04.01.2015, 11:50

jop

RoBa · 04.01.2015, 14:24

Hallo,

AdwCleaner hat funktioniert:

Code:

ATTFilter

# AdwCleaner v4.106 - Bericht erstellt am 04/01/2015 um 13:44:20
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Benutzer - TM92D2000
# Gestartet von : C:\Users\Benutzer\Desktop\AdwCleaner_4.106.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Windows\system32\conduitEngine.tmp
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\Benutzer\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Benutzer\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Benutzer\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Benutzer\AppData\LocalLow\iac
Ordner Gefunden : C:\Users\Benutzer\AppData\Roaming\Babylon

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\dfa6abb465881f0c
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{76C3C547-AC64-4B72-BD0A-1B570F0F0B54}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2529008
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16502


*************************

AdwCleaner[R0].txt - [3529 octets] - [04/01/2015 13:44:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3589 octets] ##########

Code:

ATTFilter

# AdwCleaner v4.106 - Bericht erstellt am 04/01/2015 um 13:49:07
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Benutzer - TM92D2000
# Gestartet von : C:\Users\Benutzer\Desktop\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Benutzer\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Benutzer\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Benutzer\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Benutzer\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\Benutzer\AppData\Roaming\Babylon
Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\dfa6abb465881f0c
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2529008
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{76C3C547-AC64-4B72-BD0A-1B570F0F0B54}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16502


*************************

AdwCleaner[R0].txt - [3669 octets] - [04/01/2015 13:44:20]
AdwCleaner[S0].txt - [3501 octets] - [04/01/2015 13:49:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3561 octets] ##########

JRT hat funktioniert

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Benutzer on 04.01.2015 at 13:55:53,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\syshost32



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.01.2015 at 13:57:58,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

frisches FRST logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2015
Ran by Benutzer (administrator) on TM92D2000 on 04-01-2015 14:12:49
Running from C:\Users\Benutzer\Desktop
Loaded Profile: Benutzer (Available profiles: Benutzer & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
(Realtek Semiconductor Corp.) C:\Users\Benutzer\AppData\Local\temp\RtkBtMnt.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4472832 2007-05-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2007-10-17] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3684640303-488887037-2534449567-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {017A9D0A-E989-4F86-A351-9D010F72B83B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {E339BBA1-DCF4-4B00-92ED-F309B7D55AA1} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {F1F2E24C-BC10-4493-9EFA-859AEEBF07FB} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll (HiTRUST)
BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-09]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BFE; . [0 2015-01-04] () [File not signed]
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
S3 MpsSvc; . [0 2015-01-04] () [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-04-03] ()
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) [File not signed]
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [974248 2007-07-27] (Bison Electronics. Inc. )
R1 FNETDEVI; C:\Windows\system32\drivers\FNETDEVI.SYS [19572 2011-08-12] (FNet Co., Ltd.) [File not signed]
R2 int15; C:\Windows\system32\drivers\int15.sys [76584 2007-03-02] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-04] (Malwarebytes Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-04] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [80744 2006-09-19] (Wasay)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 14:08 - 2015-01-04 14:08 - 00000000 ____D () C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-01-04 13:57 - 2015-01-04 13:57 - 00000901 _____ () C:\Users\Benutzer\Desktop\JRT.txt
2015-01-04 13:55 - 2015-01-04 13:55 - 00000000 ____D () C:\Windows\ERUNT
2015-01-04 13:53 - 2015-01-04 08:33 - 01707939 _____ (Thisisu) C:\Users\Benutzer\Desktop\JRT.exe
2015-01-04 13:44 - 2015-01-04 13:49 - 00000000 ____D () C:\AdwCleaner
2015-01-04 13:43 - 2015-01-04 08:33 - 02173952 _____ () C:\Users\Benutzer\Desktop\AdwCleaner_4.106.exe
2015-01-04 08:37 - 2015-01-04 08:37 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-04 08:37 - 2015-01-04 08:31 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\Benutzer\Desktop\mbam-rules.exe
2015-01-04 08:09 - 2015-01-04 08:59 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-04 08:09 - 2015-01-04 08:09 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-04 08:09 - 2015-01-04 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-04 08:09 - 2015-01-04 08:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-04 08:09 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-04 08:09 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-04 08:09 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-04 08:08 - 2015-01-03 23:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Benutzer\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-04 00:21 - 2015-01-04 08:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-04 00:18 - 2015-01-04 00:18 - 00008832 _____ () C:\Users\Benutzer\Desktop\Combofix.txt
2015-01-04 00:10 - 2015-01-04 00:10 - 00008832 _____ () C:\ComboFix.txt
2015-01-03 23:39 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-03 23:39 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-03 23:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-03 23:37 - 2015-01-04 00:14 - 00000000 ____D () C:\Qoobox
2015-01-03 23:37 - 2015-01-04 00:07 - 00000000 ____D () C:\Windows\erdnt
2015-01-03 23:35 - 2015-01-03 23:14 - 05609858 ____R (Swearware) C:\Users\Benutzer\Desktop\ComboFix.exe
2015-01-03 16:47 - 2015-01-03 16:48 - 00139104 _____ () C:\Windows\Minidump\Mini010315-01.dmp
2015-01-03 14:30 - 2015-01-03 14:31 - 00025174 _____ () C:\Users\Benutzer\Desktop\Addition.txt
2015-01-03 14:28 - 2015-01-04 14:12 - 00014116 _____ () C:\Users\Benutzer\Desktop\FRST.txt
2015-01-03 14:28 - 2015-01-04 14:12 - 00000000 ____D () C:\FRST
2015-01-03 14:27 - 2015-01-03 14:25 - 01115136 _____ (Farbar) C:\Users\Benutzer\Desktop\FRST.exe
2015-01-03 14:00 - 2015-01-03 14:00 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-01-03 14:00 - 2015-01-03 14:00 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Macromedia
2015-01-03 13:59 - 2015-01-03 13:59 - 00000953 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-03 13:59 - 2015-01-03 13:59 - 00000948 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-03 13:59 - 2015-01-03 13:59 - 00000919 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-01-03 13:59 - 2015-01-03 13:59 - 00000020 ___SH () C:\Users\Gast\ntuser.ini
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 ____D () C:\Users\Gast
2015-01-03 13:59 - 2011-02-09 19:02 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Help
2015-01-03 13:59 - 2008-06-21 13:03 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-03 13:59 - 2008-06-21 13:03 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-03 13:37 - 2015-01-03 13:40 - 00015730 _____ () C:\Users\Benutzer\Desktop\Rkill.txt
2014-12-23 13:58 - 2015-01-03 08:00 - 00000000 ____D () C:\Windows\pss
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\ProgramData\UUdb
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\ProgramData\1&1 Mail & Media GmbH
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 14:12 - 2006-11-02 11:33 - 01592792 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 14:08 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 14:08 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 14:08 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 14:00 - 2007-12-20 12:25 - 01941177 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 14:00 - 2006-11-02 14:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 13:50 - 2007-07-04 17:22 - 00070436 _____ () C:\Windows\PFRO.log
2015-01-04 00:14 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-04 00:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-04 00:01 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-03 17:15 - 2013-06-24 19:41 - 00001356 _____ () C:\Users\Benutzer\AppData\Local\d3d9caps.dat
2015-01-03 16:47 - 2013-03-01 23:42 - 111980373 _____ () C:\Windows\MEMORY.DMP
2015-01-03 16:47 - 2013-03-01 23:42 - 00000000 ____D () C:\Windows\Minidump
2014-12-22 11:35 - 2012-10-16 21:20 - 00000000 ____D () C:\Program Files\Google
2014-12-22 11:01 - 2008-06-21 10:56 - 00000000 ____D () C:\Program Files\Yahoo!
2014-12-22 10:56 - 2012-10-16 21:21 - 00000000 ____D () C:\Users\Benutzer\AppData\Local\Google
2014-12-22 10:56 - 2012-10-16 21:20 - 00000000 ____D () C:\ProgramData\Google
2014-12-21 19:27 - 2011-05-14 17:27 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung
2014-12-21 19:26 - 2011-05-14 17:27 - 00000000 ____D () C:\ProgramData\1und1InternetExplorerAddon

Some content of TEMP:
====================
C:\Users\Benutzer\AppData\Local\temp\Quarantine.exe
C:\Users\Benutzer\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Benutzer\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 13:58

==================== End Of Log ============================

--- --- ---

--- --- ---

MfG

schrauber · 04.01.2015, 15:37

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-3684640303-488887037-2534449567-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 BFE; . [0 2015-01-04] () [File not signed]
S3 MpsSvc; . [0 2015-01-04] () [File not signed]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

RoBa · 04.01.2015, 19:11

Hallo,

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-01-2015
Ran by Benutzer at 2015-01-04 16:07:38 Run:1
Running from C:\Users\Benutzer\Desktop
Loaded Profile: Benutzer (Available profiles: Benutzer & Gast)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 BFE; . [0 2015-01-04] () [File not signed]
S3 MpsSvc; . [0 2015-01-04] () [File not signed]
Emptytemp:
         
*****************

"HKU\S-1-5-21-3684640303-488887037-2534449567-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
BFE => Service deleted successfully.
MpsSvc => Service deleted successfully.
EmptyTemp: => Removed 196.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 16:12:10 ====

ESET Logfile:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9a79f910896eb24891eff82504effa4b
# engine=21812
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-04 05:45:58
# local_time=2015-01-04 06:45:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 49701912 257926285 0 0
# scanned=124456
# found=6
# cleaned=0
# scan_time=6997
sh=DC8478550F7C5C97C9F876EE79445F7F87443EAF ft=1 fh=83c87fcb60e730df vn="Variante von Win32/Sirefef.FY Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-3684640303-488887037-2534449567-1003\$5c005ed74ef856e5efe49827a7adedcc\o.vir"
sh=2A8F1C0293C79E577E75FF4E18F3642230CB4CF5 ft=1 fh=8f7e632f975a6212 vn="Win32/TrojanDownloader.Necurs.B Trojaner" ac=I fn="C:\Users\Benutzer\AppData\Local\{08810227-15DA-9138-D30D-8C18B2C18310}\syshost.exe"
sh=3D35B4F70235998F575A0396C6EC728EE8235488 ft=1 fh=200b15abf432b069 vn="Win32/Conficker.AA Wurm" ac=I fn="C:\Users\Benutzer\Pictures\SD Card\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq (2).vmx"
sh=3D35B4F70235998F575A0396C6EC728EE8235488 ft=1 fh=200b15abf432b069 vn="Win32/Conficker.AA Wurm" ac=I fn="C:\Users\Benutzer\Pictures\SD Card\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx"
sh=48FD60E5A677BD39B13E0188075E83137005259E ft=1 fh=ff79543ffacc5f95 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="F:\Computer_Ronny\Desktop_01\Eigene Dateien\Downloads\PDFCreator-1_2_1_setup(2).exe"
sh=48FD60E5A677BD39B13E0188075E83137005259E ft=1 fh=ff79543ffacc5f95 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="F:\Computer_Ronny\Desktop_01\Eigene Dateien\Downloads\PDFCreator-1_2_1_setup.exe"

SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.93  
 Windows Vista Service Pack 2 x86   
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 8 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Empowering Technology eSettings Service capuserv.exe 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2015
Ran by Benutzer (administrator) on TM92D2000 on 04-01-2015 19:00:26
Running from C:\Users\Benutzer\Desktop
Loaded Profile: Benutzer (Available profiles: Benutzer & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Realtek Semiconductor Corp.) C:\Users\Benutzer\AppData\Local\temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4472832 2007-05-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2007-10-17] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {017A9D0A-E989-4F86-A351-9D010F72B83B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {E339BBA1-DCF4-4B00-92ED-F309B7D55AA1} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {F1F2E24C-BC10-4493-9EFA-859AEEBF07FB} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll (HiTRUST)
BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-09]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-04-03] ()
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) [File not signed]
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [974248 2007-07-27] (Bison Electronics. Inc. )
R1 FNETDEVI; C:\Windows\system32\drivers\FNETDEVI.SYS [19572 2011-08-12] (FNet Co., Ltd.) [File not signed]
R2 int15; C:\Windows\system32\drivers\int15.sys [76584 2007-03-02] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-04] (Malwarebytes Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-04] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [80744 2006-09-19] (Wasay)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 19:00 - 2015-01-04 19:00 - 00000983 _____ () C:\Users\Benutzer\Desktop\checkup.txt
2015-01-04 16:34 - 2015-01-04 16:29 - 00852505 _____ () C:\Users\Benutzer\Desktop\SecurityCheck.exe
2015-01-04 16:34 - 2015-01-04 16:19 - 02347384 _____ (ESET) C:\Users\Benutzer\Desktop\esetsmartinstaller_deu.exe
2015-01-04 16:18 - 2015-01-04 16:18 - 00000000 ____D () C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-01-04 13:57 - 2015-01-04 13:57 - 00000901 _____ () C:\Users\Benutzer\Desktop\JRT.txt
2015-01-04 13:55 - 2015-01-04 13:55 - 00000000 ____D () C:\Windows\ERUNT
2015-01-04 13:53 - 2015-01-04 08:33 - 01707939 _____ (Thisisu) C:\Users\Benutzer\Desktop\JRT.exe
2015-01-04 13:44 - 2015-01-04 13:49 - 00000000 ____D () C:\AdwCleaner
2015-01-04 13:43 - 2015-01-04 08:33 - 02173952 _____ () C:\Users\Benutzer\Desktop\AdwCleaner_4.106.exe
2015-01-04 08:37 - 2015-01-04 08:37 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-04 08:37 - 2015-01-04 08:31 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\Benutzer\Desktop\mbam-rules.exe
2015-01-04 08:09 - 2015-01-04 08:59 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-04 08:09 - 2015-01-04 08:09 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-04 08:09 - 2015-01-04 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-04 08:09 - 2015-01-04 08:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-04 08:09 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-04 08:09 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-04 08:09 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-04 08:08 - 2015-01-03 23:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Benutzer\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-04 00:21 - 2015-01-04 08:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-04 00:18 - 2015-01-04 00:18 - 00008832 _____ () C:\Users\Benutzer\Desktop\Combofix.txt
2015-01-04 00:10 - 2015-01-04 00:10 - 00008832 _____ () C:\ComboFix.txt
2015-01-03 23:39 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-03 23:39 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-03 23:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-03 23:37 - 2015-01-04 00:14 - 00000000 ____D () C:\Qoobox
2015-01-03 23:37 - 2015-01-04 00:07 - 00000000 ____D () C:\Windows\erdnt
2015-01-03 23:35 - 2015-01-03 23:14 - 05609858 ____R (Swearware) C:\Users\Benutzer\Desktop\ComboFix.exe
2015-01-03 16:47 - 2015-01-03 16:48 - 00139104 _____ () C:\Windows\Minidump\Mini010315-01.dmp
2015-01-03 14:30 - 2015-01-03 14:31 - 00025174 _____ () C:\Users\Benutzer\Desktop\Addition.txt
2015-01-03 14:28 - 2015-01-04 19:00 - 00013685 _____ () C:\Users\Benutzer\Desktop\FRST.txt
2015-01-03 14:28 - 2015-01-04 19:00 - 00000000 ____D () C:\FRST
2015-01-03 14:27 - 2015-01-03 14:25 - 01115136 _____ (Farbar) C:\Users\Benutzer\Desktop\FRST.exe
2015-01-03 14:00 - 2015-01-03 14:00 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-01-03 14:00 - 2015-01-03 14:00 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Macromedia
2015-01-03 13:59 - 2015-01-03 13:59 - 00000953 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-03 13:59 - 2015-01-03 13:59 - 00000948 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-03 13:59 - 2015-01-03 13:59 - 00000919 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-01-03 13:59 - 2015-01-03 13:59 - 00000020 ___SH () C:\Users\Gast\ntuser.ini
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 ____D () C:\Users\Gast
2015-01-03 13:59 - 2011-02-09 19:02 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Help
2015-01-03 13:59 - 2008-06-21 13:03 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-03 13:59 - 2008-06-21 13:03 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-03 13:37 - 2015-01-03 13:40 - 00015730 _____ () C:\Users\Benutzer\Desktop\Rkill.txt
2014-12-23 13:58 - 2015-01-03 08:00 - 00000000 ____D () C:\Windows\pss
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\ProgramData\UUdb
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\ProgramData\1&1 Mail & Media GmbH
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 18:53 - 2013-02-11 23:15 - 00000000 ____D () C:\ProgramData\Avira
2015-01-04 18:49 - 2007-12-20 12:25 - 02000135 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 18:14 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 18:14 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 16:37 - 2006-11-02 11:33 - 01592792 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 16:14 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 16:13 - 2006-11-02 14:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 13:50 - 2007-07-04 17:22 - 00070436 _____ () C:\Windows\PFRO.log
2015-01-04 00:14 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-04 00:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-04 00:01 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-03 17:15 - 2013-06-24 19:41 - 00001356 _____ () C:\Users\Benutzer\AppData\Local\d3d9caps.dat
2015-01-03 16:47 - 2013-03-01 23:42 - 111980373 _____ () C:\Windows\MEMORY.DMP
2015-01-03 16:47 - 2013-03-01 23:42 - 00000000 ____D () C:\Windows\Minidump
2014-12-22 11:35 - 2012-10-16 21:20 - 00000000 ____D () C:\Program Files\Google
2014-12-22 11:01 - 2008-06-21 10:56 - 00000000 ____D () C:\Program Files\Yahoo!
2014-12-22 10:56 - 2012-10-16 21:21 - 00000000 ____D () C:\Users\Benutzer\AppData\Local\Google
2014-12-22 10:56 - 2012-10-16 21:20 - 00000000 ____D () C:\ProgramData\Google
2014-12-21 19:27 - 2011-05-14 17:27 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung
2014-12-21 19:26 - 2011-05-14 17:27 - 00000000 ____D () C:\ProgramData\1und1InternetExplorerAddon

Some content of TEMP:
====================
C:\Users\Benutzer\AppData\Local\temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 16:23

==================== End Of Log ============================

--- --- ---

--- --- ---

Muss ich mir da große Sorgen machen?

MfG

schrauber · 04.01.2015, 20:11

Java, Flash und Adobe updaten. Definier mal Sorgen machen? Paswörter musste alle ändern, das ist bei Befall Standard.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Benutzer\AppData\Local\{08810227-15DA-9138-D30D-8C18B2C18310}

C:\Users\Benutzer\Pictures\SD Card\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq (2).vmx

C:\Users\Benutzer\Pictures\SD Card\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

F:\Computer_Ronny\Desktop_01\Eigene Dateien\Downloads\PDFCreator-1_2_1_setup(2).exe

F:\Computer_Ronny\Desktop_01\Eigene Dateien\Downloads\PDFCreator-1_2_1_setup.exe

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

FRST öffnen, Haken setzen bei Additon und scannen, poste bitte beide Logfiles.

RoBa · 04.01.2015, 20:48

Hallo,

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-01-2015
Ran by Benutzer at 2015-01-04 20:33:03 Run:2
Running from C:\Users\Benutzer\Desktop
Loaded Profile: Benutzer (Available profiles: Benutzer & Gast)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Benutzer\AppData\Local\{08810227-15DA-9138-D30D-8C18B2C18310}

C:\Users\Benutzer\Pictures\SD Card\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq (2).vmx

C:\Users\Benutzer\Pictures\SD Card\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

F:\Computer_Ronny\Desktop_01\Eigene Dateien\Downloads\PDFCreator-1_2_1_setup(2).exe

F:\Computer_Ronny\Desktop_01\Eigene Dateien\Downloads\PDFCreator-1_2_1_setup.exe

Emptytemp:
         
*****************

C:\Users\Benutzer\AppData\Local\{08810227-15DA-9138-D30D-8C18B2C18310} => Moved successfully.
C:\Users\Benutzer\Pictures\SD Card\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq (2).vmx => Moved successfully.
C:\Users\Benutzer\Pictures\SD Card\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
F:\Computer_Ronny\Desktop_01\Eigene Dateien\Downloads\PDFCreator-1_2_1_setup(2).exe => Moved successfully.
F:\Computer_Ronny\Desktop_01\Eigene Dateien\Downloads\PDFCreator-1_2_1_setup.exe => Moved successfully.
EmptyTemp: => Removed 3.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 20:33:09 ====

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2015
Ran by Benutzer (administrator) on TM92D2000 on 04-01-2015 20:39:40
Running from C:\Users\Benutzer\Desktop
Loaded Profile: Benutzer (Available profiles: Benutzer & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
(Realtek Semiconductor Corp.) C:\Users\Benutzer\AppData\Local\temp\RtkBtMnt.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4472832 2007-05-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2007-10-17] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-05-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH)
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKU\S-1-5-21-3684640303-488887037-2534449567-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {017A9D0A-E989-4F86-A351-9D010F72B83B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {E339BBA1-DCF4-4B00-92ED-F309B7D55AA1} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3684640303-488887037-2534449567-1003 -> {F1F2E24C-BC10-4493-9EFA-859AEEBF07FB} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll (HiTRUST)
BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-09]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-04-03] ()
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer) [File not signed]
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [974248 2007-07-27] (Bison Electronics. Inc. )
R1 FNETDEVI; C:\Windows\system32\drivers\FNETDEVI.SYS [19572 2011-08-12] (FNet Co., Ltd.) [File not signed]
R2 int15; C:\Windows\system32\drivers\int15.sys [76584 2007-03-02] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-04] (Malwarebytes Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-07-04] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [80744 2006-09-19] (Wasay)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 20:35 - 2015-01-04 20:36 - 00000000 ____D () C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-01-04 19:00 - 2015-01-04 19:00 - 00000983 _____ () C:\Users\Benutzer\Desktop\checkup.txt
2015-01-04 16:34 - 2015-01-04 16:29 - 00852505 _____ () C:\Users\Benutzer\Desktop\SecurityCheck.exe
2015-01-04 16:34 - 2015-01-04 16:19 - 02347384 _____ (ESET) C:\Users\Benutzer\Desktop\esetsmartinstaller_deu.exe
2015-01-04 13:57 - 2015-01-04 13:57 - 00000901 _____ () C:\Users\Benutzer\Desktop\JRT.txt
2015-01-04 13:55 - 2015-01-04 13:55 - 00000000 ____D () C:\Windows\ERUNT
2015-01-04 13:53 - 2015-01-04 08:33 - 01707939 _____ (Thisisu) C:\Users\Benutzer\Desktop\JRT.exe
2015-01-04 13:44 - 2015-01-04 13:49 - 00000000 ____D () C:\AdwCleaner
2015-01-04 13:43 - 2015-01-04 08:33 - 02173952 _____ () C:\Users\Benutzer\Desktop\AdwCleaner_4.106.exe
2015-01-04 08:37 - 2015-01-04 08:37 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-04 08:37 - 2015-01-04 08:31 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\Benutzer\Desktop\mbam-rules.exe
2015-01-04 08:09 - 2015-01-04 08:59 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-04 08:09 - 2015-01-04 08:09 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-04 08:09 - 2015-01-04 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-04 08:09 - 2015-01-04 08:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-04 08:09 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-04 08:09 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-04 08:09 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-04 08:08 - 2015-01-03 23:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Benutzer\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-04 00:21 - 2015-01-04 08:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-04 00:18 - 2015-01-04 00:18 - 00008832 _____ () C:\Users\Benutzer\Desktop\Combofix.txt
2015-01-04 00:10 - 2015-01-04 00:10 - 00008832 _____ () C:\ComboFix.txt
2015-01-03 23:39 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-03 23:39 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-03 23:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-03 23:39 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-03 23:37 - 2015-01-04 00:14 - 00000000 ____D () C:\Qoobox
2015-01-03 23:37 - 2015-01-04 00:07 - 00000000 ____D () C:\Windows\erdnt
2015-01-03 23:35 - 2015-01-03 23:14 - 05609858 ____R (Swearware) C:\Users\Benutzer\Desktop\ComboFix.exe
2015-01-03 16:47 - 2015-01-03 16:48 - 00139104 _____ () C:\Windows\Minidump\Mini010315-01.dmp
2015-01-03 14:30 - 2015-01-03 14:31 - 00025174 _____ () C:\Users\Benutzer\Desktop\Addition.txt
2015-01-03 14:28 - 2015-01-04 20:40 - 00013714 _____ () C:\Users\Benutzer\Desktop\FRST.txt
2015-01-03 14:28 - 2015-01-04 20:39 - 00000000 ____D () C:\FRST
2015-01-03 14:27 - 2015-01-03 14:25 - 01115136 _____ (Farbar) C:\Users\Benutzer\Desktop\FRST.exe
2015-01-03 14:00 - 2015-01-03 14:00 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-01-03 14:00 - 2015-01-03 14:00 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Macromedia
2015-01-03 13:59 - 2015-01-03 13:59 - 00000953 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-03 13:59 - 2015-01-03 13:59 - 00000948 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-03 13:59 - 2015-01-03 13:59 - 00000919 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-01-03 13:59 - 2015-01-03 13:59 - 00000020 ___SH () C:\Users\Gast\ntuser.ini
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 ____D () C:\Users\Gast
2015-01-03 13:59 - 2011-02-09 19:02 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Help
2015-01-03 13:59 - 2008-06-21 13:03 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-03 13:59 - 2008-06-21 13:03 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-03 13:37 - 2015-01-03 13:40 - 00015730 _____ () C:\Users\Benutzer\Desktop\Rkill.txt
2014-12-23 13:58 - 2015-01-03 08:00 - 00000000 ____D () C:\Windows\pss
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\ProgramData\UUdb
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\ProgramData\1&1 Mail & Media GmbH
2014-12-21 19:27 - 2014-12-21 19:27 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 20:36 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 20:36 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 20:35 - 2007-07-04 17:22 - 00071228 _____ () C:\Windows\PFRO.log
2015-01-04 20:35 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 20:34 - 2006-11-02 14:01 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 20:33 - 2007-12-20 12:25 - 02017327 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 18:53 - 2013-02-11 23:15 - 00000000 ____D () C:\ProgramData\Avira
2015-01-04 16:37 - 2006-11-02 11:33 - 01592792 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 00:14 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-04 00:14 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-04 00:01 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-03 17:15 - 2013-06-24 19:41 - 00001356 _____ () C:\Users\Benutzer\AppData\Local\d3d9caps.dat
2015-01-03 16:47 - 2013-03-01 23:42 - 111980373 _____ () C:\Windows\MEMORY.DMP
2015-01-03 16:47 - 2013-03-01 23:42 - 00000000 ____D () C:\Windows\Minidump
2014-12-22 11:35 - 2012-10-16 21:20 - 00000000 ____D () C:\Program Files\Google
2014-12-22 11:01 - 2008-06-21 10:56 - 00000000 ____D () C:\Program Files\Yahoo!
2014-12-22 10:56 - 2012-10-16 21:21 - 00000000 ____D () C:\Users\Benutzer\AppData\Local\Google
2014-12-22 10:56 - 2012-10-16 21:20 - 00000000 ____D () C:\ProgramData\Google
2014-12-21 19:27 - 2011-05-14 17:27 - 00000000 ____D () C:\Program Files\1und1Softwareaktualisierung
2014-12-21 19:26 - 2011-05-14 17:27 - 00000000 ____D () C:\ProgramData\1und1InternetExplorerAddon

Some content of TEMP:
====================
C:\Users\Benutzer\AppData\Local\temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 16:23

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-01-2015
Ran by Benutzer at 2015-01-04 20:41:35
Running from C:\Users\Benutzer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye webcam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.12 - Acer Crystal Eye webcam)
Acer Crystal Eye webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.9 - Acer Crystal Eye webcam)
Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4008 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4010 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4008 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4018 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4011 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 2.12.20070515 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1003 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Broadcom Gigabit Integrated Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.10 - Broadcom Corporation)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java(TM) 6 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NTI Shadow (HKLM\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.31 - NewTech Infosystems)
NTI Shadow (Version: 3.7.6.31 - NewTech Infosystems) Hidden
PCCloneEX (HKLM\...\PCCloneEX) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.32.2811h.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5423 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.3.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Ihr Firmenname)
TIPCI (Version: 2.00.0001 - Ihr Firmenname) Hidden
TIPCI (Version: 2.00.0002 - Texas Instruments Inc.) Hidden
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

03-01-2015 23:39:55 ComboFix created restore point
04-01-2015 20:08:51 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2015-01-04 00:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3E7C2435-A097-4446-A7AF-99135CC90248} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-04-19] (1und1 Mail und Media GmbH)
Task: {BD828290-C11E-4949-B82A-0263516EB6B2} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2011-05-11] (1&1 Mail & Media GmbH)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2007-12-20 12:55 - 2006-11-24 12:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe
2007-12-20 12:55 - 2006-10-24 10:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2007-12-20 12:46 - 2007-04-03 07:07 - 00272024 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2007-12-20 12:54 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2007-12-20 12:54 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2007-12-20 12:55 - 2007-06-28 18:50 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2007-12-20 12:55 - 2007-06-28 18:50 - 00114688 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2007-12-20 12:55 - 2007-06-28 18:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2007-12-20 12:55 - 2007-06-28 18:50 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
2007-12-20 12:54 - 2007-06-28 18:50 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
2007-04-25 16:30 - 2007-04-25 16:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll
2007-04-25 16:31 - 2007-04-25 16:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll
2007-12-20 22:12 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2007-12-20 12:44 - 2007-07-24 10:39 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2007-07-04 17:20 - 2007-08-29 10:35 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2007-07-04 17:20 - 2007-08-29 10:34 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2007-12-20 12:45 - 2007-04-11 16:42 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2007-12-20 12:45 - 2007-04-11 15:07 - 00077824 _____ () C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
2007-12-20 12:53 - 2007-05-24 09:53 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2007-12-20 12:53 - 2007-05-24 09:53 - 00106496 _____ () C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
2007-12-20 12:55 - 2007-06-28 18:50 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2007-12-20 12:55 - 2007-06-28 18:50 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2007-12-20 12:55 - 2007-06-28 18:50 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2007-12-20 12:55 - 2007-06-28 18:50 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2008-06-24 10:15 - 2007-06-13 16:56 - 00249856 ____R () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
2007-12-20 12:55 - 2007-06-28 18:50 - 00003584 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
2007-12-20 12:55 - 2007-06-28 18:50 - 00010752 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3684640303-488887037-2534449567-500 - Administrator - Disabled)
Benutzer (S-1-5-21-3684640303-488887037-2534449567-1003 - Administrator - Enabled) => C:\Users\Benutzer
Gast (S-1-5-21-3684640303-488887037-2534449567-501 - Limited - Enabled) => C:\Users\Gast

==================== Faulty Device Manager Devices =============

Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 04:06:07 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BENUTZER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/04/2015 04:06:07 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BENUTZER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/04/2015 04:06:07 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BENUTZER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/04/2015 04:06:07 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BENUTZER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/04/2015 04:06:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BENUTZER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/04/2015 04:06:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BENUTZER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/04/2015 04:06:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BENUTZER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/04/2015 04:06:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BENUTZER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/04/2015 04:06:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BENUTZER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\CYBERLINK POWERDVD.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/04/2015 04:06:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\BENUTZER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\CYBERLINK POWERDVD.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (01/04/2015 08:37:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: SharedAccess

Error: (01/04/2015 08:35:49 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (01/04/2015 08:35:49 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (01/04/2015 08:35:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Computerbrowser%%1060

Error: (01/04/2015 08:35:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (01/04/2015 04:16:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: SharedAccess

Error: (01/04/2015 04:14:30 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (01/04/2015 04:14:30 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (01/04/2015 04:14:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Computerbrowser%%1060

Error: (01/04/2015 04:14:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (04/16/2012 07:26:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1365 seconds with 900 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-01-04 20:41:24.332
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:41:23.818
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:41:23.287
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:41:22.772
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:41:21.946
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:41:21.415
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:41:20.885
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:41:20.354
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 19:02:07.216
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 19:02:06.670
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU 540 @ 1.86GHz
Percentage of memory in use: 75%
Total physical RAM: 1013.68 MB
Available physical RAM: 250.41 MB
Total Pagefile: 2293.7 MB
Available Pagefile: 1204.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.06 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:51.01 GB) (Free:13.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:51.01 GB) (Free:49.65 GB) NTFS
Drive e: () (CDROM) (Total:4.38 GB) (Free:4.05 GB) UDF
Drive f: () (Fixed) (Total:596.17 GB) (Free:472.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: B02CE921)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=51 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: EB752285)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

MfG

schrauber · 05.01.2015, 12:59

BEstehen aktuell noch Probleme mit dem System?

RoBa · 12.01.2015, 18:47

Hallo,

es scheint, dass es keine Probleme mehr gibt. Programme lassen sich wieder normal installieren und downloaden.

Ich werde für die nächsten zwei Wochen kein Zugriff auf den Rechner haben. Bei der nächsten Inbetriebnahme werde ich das nochmals kontrollieren.
Gibt es dann noch weitere Schritte?

MfG Ronny

schrauber · 12.01.2015, 20:39

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

04.01.2015, 11:50	#16
schrauber /// the machine /// TB-Ausbilder	Datei xyz.exe enthielt einen Virus und wurde gelöscht jop __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

05.01.2015, 12:59	#22
schrauber /// the machine /// TB-Ausbilder	Datei xyz.exe enthielt einen Virus und wurde gelöscht BEstehen aktuell noch Probleme mit dem System? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Datei xyz.exe enthielt einen Virus und wurde gelöscht

Plagegeister aller Art und deren Bekämpfung: Datei xyz.exe enthielt einen Virus und wurde gelöscht